[OTR-dev] Persisting userstate object across app restarts.

Nathan of Guardian nathan at guardianproject.info
Tue Aug 12 09:43:59 EDT 2014



On 08/11/2014 11:10 PM, Paul Wouters wrote:
> 
> Could a user that goes offline perhaps generate a new session key
> that would be terminated as soon both users are online again?

You could use the shared "extra symmetric key"[0] as your offline
message key, and save that in RAM only. If you use a very simple Service
that uses only a small amount of memory, then it should not be killed or
wiped, unless the user reboots the device.

This isn't 100% the same but, our CacheWord library for Android does
something along these lines - a dedicated service for just holding
sensitive, unencrypted keys in memory:
https://github.com/guardianproject/cacheword

+n

[0] https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html


More information about the OTR-dev mailing list