Gajim Messenger

Development
75

I want to ask for advice on GPG chats in Gajim on Whonix.

Gajim uses GPG keys. Passwords of these keys can be stored in Gnome-Keyring or GPG-agent. Whonix does not caches passwords. And GPG passwords must be entered many times in Gajim:

  • at every disconnection or status change
  • each log in into account
  • about once in half an hour.

This leads to problems with message delivery and makes GPG chatting difficult or impossible.

I see different solutions:

  1. Settings of GPG agent:
  • add this new line to sudo nano /usr/lib/python3/dist-packages/gajim/application.py Gajim developers do not want or cannot add it in Debian repo.
  • Gajim / Preferences / Use PGP Agent
  • Gajim / Preferences / Advanced / Advanced configuration editor / use_gpg_agent / Activated
  • Enable password caching:
    GPA / Edit / Backend preferences / Level: Expert.
    GPA / Edit / Backend preferences / Private Keys / default-cache-ttl / set 86400 / Apply / Ok.
    GPA / Edit / Backend preferences / Private Keys / max-cache-ttl / set 86400 / Apply / Ok.

This solution increases the time between entering passwords. But the messages may not reach the recipient if you send it during the period when the recipient saw a opened window for entering the GPG-password. No messages and no notification.

  1. Store passwords in Gnome Keyring instead of GPG agent (without save in password manager):

sudo apt-get update
sudo apt-get install gnome-keyring

  • Run Gajim and set up GPG
  • create the main password for Gnome Keyring. This password must be entered each time when Gajim starts.
  • put down the keys in Gnome keyring and do not save GPG-passwords of in password manager. GPG-password must be entered each time when Gajim starts and approximately once a day.

But there is missing message again. The messages may not reach the recipient if you send it during the period when the recipient saw a opened window for entering the GPG-password. No messages and no notification.

3) Store passwords in Gnome Keyring instead of GPG agent and save password in password manager

The same manual as in solution 2 but you save password of GPG keys in password manager. You should enter the main password of Gnome Keyring once after the start og Gajim. But GPG-keys passwords are already saved, you do not need to enter time after time.

I will check further. But I don’t see the issue with missing messages in solution 3. It’s good.

The easiest and most convenient solution is 3. Does it safe? Can other apps get saved GPG-passwords?

I use a separate Whonix Workstation for Gajim only. No surfing or any other activity.