[OTR-dev] Persisting userstate object across app restarts.
Nathan of Guardian
nathan at guardianproject.info
Tue Aug 12 09:43:59 EDT 2014
On 08/11/2014 11:10 PM, Paul Wouters wrote:
>
> Could a user that goes offline perhaps generate a new session key
> that would be terminated as soon both users are online again?
You could use the shared "extra symmetric key"[0] as your offline
message key, and save that in RAM only. If you use a very simple Service
that uses only a small amount of memory, then it should not be killed or
wiped, unless the user reboots the device.
This isn't 100% the same but, our CacheWord library for Android does
something along these lines - a dedicated service for just holding
sensitive, unencrypted keys in memory:
https://github.com/guardianproject/cacheword
+n
[0] https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
More information about the OTR-dev
mailing list