Opened 5 years ago

Closed 2 years ago

Last modified 2 years ago

#17457 closed enhancement (wontfix)

Implement OMEMO

Reported by: arlolra Owned by:
Priority: Medium Milestone:
Component: Archived/Tor Messenger Version:
Severity: Normal Keywords:
Cc: sukhbir, boklm, poly@…, platypus@…, cypherpunks Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (13)

comment:1 Changed 5 years ago by sukhbir

Cc: sukhbir added

comment:2 Changed 5 years ago by boklm

Cc: boklm added

comment:3 Changed 5 years ago by poly

Cc: poly@… added

comment:4 Changed 5 years ago by vegansalad

Let's bring the Axolotl ratchet encryption protocal that is used in Signal to Tor Messenger!

The desktop Gajim XMPP client already has an experimental OMEMO plugin here:

Pidgin is working on it here:

Jitsi has a ticket for OMEMO here:

Chatsecure has a blog about implimenting OMEMO here:

Chris from ChatSecure had this to say here:

"This work is semi-permanently on hold because of the license conflict. Moxie said that the public specification for Axolotl is incomplete, so it will be impossible for us to produce an alternative implementation that isn't a derivative work of one of the GPL libraries.

Open Whisper Systems owns the full copyright on AxolotlKit so they can relicense it for distribution on the App Store for their own apps. They are currently licensing libaxolotl-java to WhatsApp for the Android version, but for whatever reason haven't yet done the same for WhatsApp iOS and AxolotlKit. I've been told there are no near-term plans to license AxolotlKit to other apps.

However, there may be a light at the end of the tunnel:

It appears that the Silent Circle team has implemented their own version of Axolotl using only the public specification and (presumably) avoided any reverse engineering of the GPL code. It is licensed Apache 2.0 so it could be used without issue on the App Store. I'm not sure if the key exchange is compatible with libaxolotl-java, among other things, so there is a chance it may not be compatible with Conversations current implementation of OMEMO."

I don't know how best to represent this on TRAC, but this bug has also been filed upstream at InstantBird. You can find the issue here: If anyone has an account at bugzilla, it might be worth it to somehow keep both tickets updated as the other one gets updated.

From what I understand, Tor Messenger would need to impliment these two ProtoXEPs to get OMEMO to work. Should I make a child ticket to add support for them? Are there other XEPs that need to be added? Do other people have other subtasks that they know would need to get done to make this transition?

XEP-xxxx: OMEMO Encrypted Jingle File Transfer
Abstract: This specification defines a Jingle application for transfering encrypted files from one entity to another. The protocol is based on the regular Jingle File Transfer specification and diverges from that only in the description of the file.

XEP-xxxx: OMEMO Encryption
Abstract: This specification defines a protocol for end-to-end encryption in one-on-one chats that may have multiple clients per account.
Author: Andreas Straub

Last edited 5 years ago by vegansalad (previous) (diff)

comment:5 Changed 5 years ago by cypherpunks

Since Tor Messenger doesn't need to submit to Apple's licensing war against GPL, the only 2 bits of signal to extract from your lengthy quote are:

Last edited 5 years ago by cypherpunks (previous) (diff)

comment:6 Changed 5 years ago by vegansalad

The main devs for Chatsecure, Conversations, and Monal are discussing creating a modifying version of OMEMO based on the OLM protocol (which is pretty similar to what the axolotl protocol v2 looked like.).

They want to build a tweaked version of something like OMEMO that would be incompatible with existing OMEMO clients, but that would be able to communicate with XMPP clients in the iOS app store like ChatSecure.

If Tor Messenger is going to impliment an encryption protocol like OMEMO, it might be worth it to use the fork that these people are building instead of OMEMO itself so that Tor Messenger users can communicate with iOS users using a Signal based encryption standard. Also, OMEMO was created by the Conversations App person, so it he is transitioning to something else, it might be good to use that instead of OMEMO.

comment:7 Changed 5 years ago by vegansalad

Seems like they are looking to base it off of the Apache 2.0 licenced OLM ratchet implementation: ​

comment:9 Changed 4 years ago by platypus

Cc: platypus@… added

comment:10 Changed 4 years ago by vegansalad

OMEMO is now based on the OLM Protocol instead of the Signal Protocol (formerly named the Axolotl Protocol).

It now has an official XEP:

Both OMEMO and OLM have been audited by third parties:

Some of this content is outdated, but a lot of documentation was written a few months ago about OMEMO here:

OMEMO is being ported to as well

Usability for the only desktop client that supports OMEMO currently, Gajim, is not perfect.

It'd be great to see Tor Messenger work with InstantBird in order to support OMEMO.

What are some blockers that prevent this from happening?

comment:11 Changed 3 years ago by vegansalad

Any updates on this? I saw that OMEMO integration was being discussed upstream:

The best mobile XMPP client, Conversations, is depreciating OTR support in their 2.0 version and will make OMEMO default:

It's time to play some catch up and get OMEMO to finally work in Tor Messenger! Thoughts?

comment:12 Changed 3 years ago by cypherpunks

Cc: cypherpunks added

ChatSecure has implemented this as well and it works quite nicely, just that mesages are not syncing to Tor Messenger as there's no OMEMO support :/

comment:13 Changed 2 years ago by traumschule

Resolution: wontfix
Status: newclosed

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true:

luckily there are alternatives:

.. and maybe someday

Last edited 2 years ago by traumschule (previous) (diff)
Note: See TracTickets for help on using tickets.