💾 Archived View for bbs.geminispace.org › s › misfin › 18631 captured on 2024-08-19 at 00:53:58. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-08-31)

-=-=-=-=-=-=-

How many of you actively use misfin? I have been tempted to make a personal misfin server for a while, but keep stopping short of starting because I end up fearing that few enough folks use it. Would be nice to use it to reply to gemlog posts rather than relying on email.

Posted in: s/misfin

☀️ vi

Jul 17 · 5 weeks ago

38 Comments ↓

🐐 satch · Jul 17 at 23:09:

I do, although I’m probably one of the few who checks my misfin inbox regularly

mail@satch.xyz

😎 flipperzero · Jul 18 at 01:52:

i'd say go for it! the more active this protocol becomes the better, and the more it -will- become the email equivalent to gemini. I have the host at hashnix.club:1958 and there are about 40+ registers since starting and 5 active users this month so far.

☯️ johano · Jul 18 at 05:04:

I use it and would like to use it more...

♊️ pollux · Jul 18 at 17:00:

@flipperzero How can we use the decryption function added? It says it requires a key, which I do not have nor I can create one in the menus.

😎 flipperzero · Jul 18 at 19:37:

@pollux it gives you instruction as to what type of key is required, there is no specific key, save that the format be in base32. that means you have to generate a key using an encryption method which would be able to provide you with a base32 key file. Once you have that base32 key file, it should stand to reason that if you open the key file in a text editor that from copy/pasting that key's metadata into that field should provide you a way to decrypt.

That key is for your encrypted gembox, it doesn't mean that it's a key a specific message specifically requires similar to that of PGP, although conversely as well as similar to PGP this key secures your mailbox. I hope this helps.

😎 flipperzero · Jul 18 at 19:37:

@gemalaya does that sound about right or n0h hell n0h wtf am i talking about please let me know cipres thank you

♊️ pollux · Jul 19 at 14:58:

@flipperzero. Ah, ok. Now I understand! :-) Thanks for the information.

♊️ pollux · Jul 19 at 15:07:

For key generation I first tried with argon2id and base32 but this was invalid, so I ended up using openssl rand 32 | base32.

🐙 norayr · Jul 19 at 21:52:

i think you need to do what you want the environment to be. so you think misfin is a good idea? have a misfin address.

what i do with xmpp is, i have no other way of communication, so i ask people to have an xmpp address and client. i help them to setup the clients.

then when two of my friends meet and i introduce them to each other, i tell them - you know you can also use xmpp to message each other.

some choose something else they have, like facebook messenger or telegram. but some indeed start to use only xmpp with those contacts.

xmpp also helps because there is also public life. i add people to chats and they don't feel isolated.

🐙 norayr · Jul 19 at 21:52:

what i meant is that once you have misfin, and a couple of your friends have misfin, you can tell them they can use it when writing to each other.

😺 gemalaya · Jul 20 at 15:34:

@pollux @flipperzero Regarding encrypted gemboxes, here's how it works .. When you activate encryption on your account, the server generates an elliptic curve (curve25519) keypair. The public key is kept on the server, and the private key is communicated to you only, encoded as a base32 string (you'll need to send the key via a gemini input req, that's why base32 is used here). Then, every message you receive is encrypted for that public key. To decrypt the messages, from the inbox you send the base32 privkey. The server keeps the pk in a memory vault for a few mins, and each time you access the inbox it prolongs the pk's lifetime in the vault.

😺 gemalaya · Jul 20 at 15:42:

@pollux An encryption key is automatically generated for all new accounts and shown on the register success page, but since you created your account before the update that introduced encryption, you have no key yet. You just need to go in the settings, and then activate encryption, and after that you'll see a link to change the encryption key. Click that link and store the base32 privkey in a file. After that all incoming messages will be encrypted on the server.

♊️ pollux · Jul 20 at 18:43:

@gemalaya Thanks for the info, much appreciated.

😺 gemalaya · Jul 20 at 19:49:

@pollux I'll send you a message once you've enabled encryption. When an encrypted message is in your inbox and no privkey was set yet, you'll see a "Message with ID ... is encrypted" label for the message.

♊️ pollux · Jul 21 at 13:19:

@gemalaya It says: Message with ID 3 is encrypted or has an invalid status. I had set an decryption key earlier with 'openssl rand 32 | base32' How should I proceed?

😺 gemalaya · Jul 21 at 13:25:

@pollux That's not how it works ^_^, you have to input the private key that was given to you when you enabled encryption (the base32 string). Did you save it ? You don't have to generate anything with openssl.

😺 gemalaya · Jul 21 at 13:32:

@pollux In the settings when you click "Change encryption key", it will say "Your encryption key was changed, here is your private mailbox encryption key" and below that there's the base32-encoded key. THAT is the key you need to input when you click on the "Decrypt messages (set decryption key)" link in the homepage.

♊️ pollux · Jul 21 at 15:49:

@gemalaya I did that a while ago, but now I have new one from the site and saved it. I wanted to reply, via misfin, to you, but it currently times out.

😺 gemalaya · Jul 21 at 16:29:

@pollux Just sent you a message. You can also send a message to yourself to check that decryption works.

♊️ pollux · Jul 21 at 19:01:

@gemalaya I can not open the messages, because they are not clickable and say:

Message with ID 4 is encrypted or has an invalid status.

Message with ID 3 is encrypted or has an invalid status.

♊️ pollux · Jul 21 at 19:06:

@gemalaya Never mind ... Decrypted your message and replied. :-)

😺 gemalaya · Jul 21 at 20:07:

@pollux Got your (correct) reply, proof that you could decrypt the question .. Authentication with x509 certificates, (fast) at rest message encryption, text only (gemtext) payloads, gemini interface. What else does one need for electronic mail ...

♊️ pollux · Jul 22 at 05:57:

@gemalaya Maybe a Cc: Field would be nice, to allow people to send to multiple recipients.

♊️ pollux · Jul 24 at 18:58:

@gemalaya I now have some problems. I regularly receive an encrypted message and when I try to decrypt it it is gone.

😺 gemalaya · Jul 24 at 19:13:

@pollux Not sure what you mean by that. What do you mean by "it is gone" ? What do you see in the messages list before and after you click "decrypt messages" and send the key ?

♊️ pollux · Jul 25 at 08:04:

@gemalaya before I decrypt I always see this:

Message with ID 3 is encrypted or has an invalid status. and when decrypting the message goes away, so that I can't see it's content. Now I disabled encryption and saw your message..

😺 gemalaya · Jul 25 at 09:55:

@pollux Please post a screencast somewhere that shows the problem. If by "goes away" you mean, before sending the key there are 4 messages in the inbox, and after decrypting there are only 2 or 3 messages, that means some messages can't be decrypted with the key you sent. Remember that you've changed your key once and therefore the messages you've received for the first key can't be decrypted now if you didn't store the key, so they won't be in the list once you send a key.

I use encryption on my hashnix account, no issue yet.

♊️ pollux · Jul 25 at 17:36:

@gemalaya I can't get rid of Message with ID 3 is encrypted or has an invalid status.. This message #3 comes again after a while, when decrypting my inbox, but show nothing, when decrypting. Your message #4 is no problem, or other messages that may follow. Sorry for providing no screencast, because I do not have such software.

😺 gemalaya · Jul 25 at 17:58:

@pollux All of this is normal: message #3 was encrypted for another key (the previous key, that you didn't save, right ?). Since you've changed keys now, you can't decrypt msg #3, that message can't be read (unless you recover the prev key). Subsequent messages, starting with message #4, were encoded for the new key, and so once you call "decrypt messages" with that key, you're able to decrypt all messages starting from #4. So you can ignore these "is encrypted or has an invalid status" text messages, they're just there to make it clear that there are encrypted messages in your gembox. I hope i explained it correctly.

♊️ pollux · Jul 25 at 19:07:

@gemalaya Ok, thanks, but it is a bit annoying that I can't get rif of that particular message #3.

😺 gemalaya · Jul 25 at 21:59:

@pollux You should be able to delete it by going to this URL:

— hashnix.club:1958/msg/3/delete

With automatic confirmation:

— hashnix.club:1958/msg/3/delete?YES

♊️ pollux · Jul 26 at 09:26:

@gemalaya It does not work, it says message not found, while it is still there. :-(

♊️ pollux · Jul 26 at 09:29:

@gemalaya when I fetch my inbox messages it says that message #3 is from < invalid@misfin.org

: invalid@misfin.org

@ 2024-07-26T09:27:28Z

😺 gemalaya · Jul 26 at 10:12:

@pollux Ok. Well please ignore it for now, it's really unimportant. Next update will fix this (deletion of messages regardless of status).

😺 gemalaya · Jul 26 at 10:50:

@pollux Yes, when it cannot decrypt a message, the gembox reader yields a message with status 4:

— https://gitlab.com/cipres/misfin/-/blob/master/misfin/letter.py?ref_type=heads#L514

Pushing a change soon that lets you delete those messages from the inbox.

♊️ pollux · Jul 26 at 12:17:

Thanks!

😺 gemalaya · Jul 26 at 12:23:

@pollux Pushed the changes, won't be available until there's an upgrade on hashnix.

♊️ pollux · Jul 26 at 16:38:

@gemalaya No problem.