💾 Archived View for bbs.geminispace.org › u › norayr › 18687 captured on 2024-08-19 at 01:02:16. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-08-31)

-=-=-=-=-=-=-

Comment by 🐙 norayr

Re: "How many of you actively use misfin? I have been tempted..."

In: s/misfin

what i meant is that once you have misfin, and a couple of your friends have misfin, you can tell them they can use it when writing to each other.

🐙 norayr

Jul 19 · 4 weeks ago

28 Later Comments ↓

😺 gemalaya · Jul 20 at 15:34:

@pollux @flipperzero Regarding encrypted gemboxes, here's how it works .. When you activate encryption on your account, the server generates an elliptic curve (curve25519) keypair. The public key is kept on the server, and the private key is communicated to you only, encoded as a base32 string (you'll need to send the key via a gemini input req, that's why base32 is used here). Then, every message you receive is encrypted for that public key. To decrypt the messages, from the inbox you send the base32 privkey. The server keeps the pk in a memory vault for a few mins, and each time you access the inbox it prolongs the pk's lifetime in the vault.

😺 gemalaya · Jul 20 at 15:42:

@pollux An encryption key is automatically generated for all new accounts and shown on the register success page, but since you created your account before the update that introduced encryption, you have no key yet. You just need to go in the settings, and then activate encryption, and after that you'll see a link to change the encryption key. Click that link and store the base32 privkey in a file. After that all incoming messages will be encrypted on the server.

♊️ pollux · Jul 20 at 18:43:

@gemalaya Thanks for the info, much appreciated.

😺 gemalaya · Jul 20 at 19:49:

@pollux I'll send you a message once you've enabled encryption. When an encrypted message is in your inbox and no privkey was set yet, you'll see a "Message with ID ... is encrypted" label for the message.

♊️ pollux · Jul 21 at 13:19:

@gemalaya It says: Message with ID 3 is encrypted or has an invalid status. I had set an decryption key earlier with 'openssl rand 32 | base32' How should I proceed?

😺 gemalaya · Jul 21 at 13:25:

@pollux That's not how it works ^_^, you have to input the private key that was given to you when you enabled encryption (the base32 string). Did you save it ? You don't have to generate anything with openssl.

😺 gemalaya · Jul 21 at 13:32:

@pollux In the settings when you click "Change encryption key", it will say "Your encryption key was changed, here is your private mailbox encryption key" and below that there's the base32-encoded key. THAT is the key you need to input when you click on the "Decrypt messages (set decryption key)" link in the homepage.

♊️ pollux · Jul 21 at 15:49:

@gemalaya I did that a while ago, but now I have new one from the site and saved it. I wanted to reply, via misfin, to you, but it currently times out.

😺 gemalaya · Jul 21 at 16:29:

@pollux Just sent you a message. You can also send a message to yourself to check that decryption works.

♊️ pollux · Jul 21 at 19:01:

@gemalaya I can not open the messages, because they are not clickable and say:

Message with ID 4 is encrypted or has an invalid status.

Message with ID 3 is encrypted or has an invalid status.

♊️ pollux · Jul 21 at 19:06:

@gemalaya Never mind ... Decrypted your message and replied. :-)

😺 gemalaya · Jul 21 at 20:07:

@pollux Got your (correct) reply, proof that you could decrypt the question .. Authentication with x509 certificates, (fast) at rest message encryption, text only (gemtext) payloads, gemini interface. What else does one need for electronic mail ...

♊️ pollux · Jul 22 at 05:57:

@gemalaya Maybe a Cc: Field would be nice, to allow people to send to multiple recipients.

♊️ pollux · Jul 24 at 18:58:

@gemalaya I now have some problems. I regularly receive an encrypted message and when I try to decrypt it it is gone.

😺 gemalaya · Jul 24 at 19:13:

@pollux Not sure what you mean by that. What do you mean by "it is gone" ? What do you see in the messages list before and after you click "decrypt messages" and send the key ?

♊️ pollux · Jul 25 at 08:04:

@gemalaya before I decrypt I always see this:

Message with ID 3 is encrypted or has an invalid status. and when decrypting the message goes away, so that I can't see it's content. Now I disabled encryption and saw your message..

😺 gemalaya · Jul 25 at 09:55:

@pollux Please post a screencast somewhere that shows the problem. If by "goes away" you mean, before sending the key there are 4 messages in the inbox, and after decrypting there are only 2 or 3 messages, that means some messages can't be decrypted with the key you sent. Remember that you've changed your key once and therefore the messages you've received for the first key can't be decrypted now if you didn't store the key, so they won't be in the list once you send a key.

I use encryption on my hashnix account, no issue yet.

♊️ pollux · Jul 25 at 17:36:

@gemalaya I can't get rid of Message with ID 3 is encrypted or has an invalid status.. This message #3 comes again after a while, when decrypting my inbox, but show nothing, when decrypting. Your message #4 is no problem, or other messages that may follow. Sorry for providing no screencast, because I do not have such software.

😺 gemalaya · Jul 25 at 17:58:

@pollux All of this is normal: message #3 was encrypted for another key (the previous key, that you didn't save, right ?). Since you've changed keys now, you can't decrypt msg #3, that message can't be read (unless you recover the prev key). Subsequent messages, starting with message #4, were encoded for the new key, and so once you call "decrypt messages" with that key, you're able to decrypt all messages starting from #4. So you can ignore these "is encrypted or has an invalid status" text messages, they're just there to make it clear that there are encrypted messages in your gembox. I hope i explained it correctly.

♊️ pollux · Jul 25 at 19:07:

@gemalaya Ok, thanks, but it is a bit annoying that I can't get rif of that particular message #3.

😺 gemalaya · Jul 25 at 21:59:

@pollux You should be able to delete it by going to this URL:

— hashnix.club:1958/msg/3/delete

With automatic confirmation:

— hashnix.club:1958/msg/3/delete?YES

♊️ pollux · Jul 26 at 09:26:

@gemalaya It does not work, it says message not found, while it is still there. :-(

♊️ pollux · Jul 26 at 09:29:

@gemalaya when I fetch my inbox messages it says that message #3 is from < invalid@misfin.org

: invalid@misfin.org

@ 2024-07-26T09:27:28Z

😺 gemalaya · Jul 26 at 10:12:

@pollux Ok. Well please ignore it for now, it's really unimportant. Next update will fix this (deletion of messages regardless of status).

😺 gemalaya · Jul 26 at 10:50:

@pollux Yes, when it cannot decrypt a message, the gembox reader yields a message with status 4:

— https://gitlab.com/cipres/misfin/-/blob/master/misfin/letter.py?ref_type=heads#L514

Pushing a change soon that lets you delete those messages from the inbox.

♊️ pollux · Jul 26 at 12:17:

Thanks!

😺 gemalaya · Jul 26 at 12:23:

@pollux Pushed the changes, won't be available until there's an upgrade on hashnix.

♊️ pollux · Jul 26 at 16:38:

@gemalaya No problem.

Original Post

🌒 s/misfin

How many of you actively use misfin? I have been tempted to make a personal misfin server for a while, but keep stopping short of starting because I end up fearing that few enough folks use it. Would be nice to use it to reply to gemlog posts rather than relying on email.

💬 vi · 38 comments · Jul 17 · 5 weeks ago