Skip to content

OMEMO messages from ChatSecure cannot be decrypted anymore after some time

Versions

  • OS: Debian GNU/Linux Bullseye
  • Gajim version: 1.2.91+efe24013899e (git master)
  • Plugin version: 2.7.5 (git master)
  • GTK version: 3.24.20
  • Python-nbxmpp version: 1.0.0 dd74e6c5 (git master)

Steps to reproduce the problem

<message to='MY_JID@MY_SERVER/gajim.76PS7VQV2T09VTT2' from='OTHER_JID@OTHER_SERVER/chatsecure31249' type='chat' id='0808F7D0-5B82-4752-936E-A1F1941C1441'><archived by='MY_JID@MY_SERVER' id='1122334455667788' xmlns='urn:xmpp:mam:tmp'/><stanza-id by='MY_JID@MY_SERVER' id='1122334455667788' xmlns='urn:xmpp:sid:0'/><store xmlns='urn:xmpp:hints'/><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='1234567890'><key prekey='1' rid='9876543210'></key><iv>........................</iv></header><payload>[...cut...]</payload></encrypted><request xmlns='urn:xmpp:receipts'/><origin-id xmlns='urn:xmpp:sid:0' id='0808F7D0-5B82-4752-936E-A1F1941C1441'/></message>

Starting with such stanza decryption fails.

On 20.02.2020 this issue appeared for the first time. I've posted this anonymized stanza previously 2 times in the MUC (April 2020).

Expected behavior

Since the stanza should be OK, decryption should succeed as before.

Actual behavior

It looks like messages get lost. So I've supposed a server failure and switched to a backup account. After some time the same happened to my backup account. After grepping through the logs, I've find out that messages are actually not lost. Decryption fails silently and they are silently dropped. So something must be wrong either with ChatSecure or Gajim.

A workaround: OMEMO session reset. For now Gajim cannot just reset the session but allows to delete the corresponding OMEMO fingerprint, which forces the implicit session reset. In this case you must validate the fingerprint manually every time.