Jabber Account OMEMO Trust Management

2025-04-12T18:57:03+08:00

These days I have learned much more about how end-to-end encryption works, how Trust works and why Trust is so crucial when it comes to ensuring the genuineness of encryption and avoiding MITM attacks. To ensure the security of the communications with my contacts, since today, a strengthened OMEMO Trust policy is applied to my further end-to-end encrypted communications on Jabber.

TL;DR

Please verify the OpenPGP message at the end of this article using my OpenPGP public key, and if the signature is valid, then trust these 8 fingerprints on your Jabber client:

146614A4 A28D568E 2491DBF4 432AF3AD 23B5FB40 7040D732 55031B56 0096B36A
2BCBC6B0 F28E8015 9FFA69CC CFE90042 90285C0A 96605915 4DB56134 6804E451
E551B50A 91A332B2 A967C861 08F70299 C466C798 709997DF 3742BA35 8A5D3036
5D49448C 4C9282DE BABE51C4 CD7C80EB C3D4A231 3F51A98A 8F011C46 0E72685D
853B4672 DF3AA335 2D6819E0 AA7E341B D64BE04D 31620525 FDD3F443 D0FC2929
EBE2B559 46D07ECA 9BF8F18C 5C897CE8 66FD1C18 8B842EB0 6D17A04E BDDD3D42
A95CBAEB 810112B2 FE8F5992 A7DFC5B4 742B376B 15A8F58B B135195E 88E9BB60
A398B7A0 7014A253 7CCE9FEB 007EA82A 1D8CA17A 79C07435 462F78E9 47115B0E

Then, very importantly, please disable blind trust in the conversation with me (if your client support it) and REJECT ALL other OMEMO fingerprints since they are either no longer used or used by an attacker.

How OMEMO works?

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm "to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline". The name "OMEMO" is a recursive acronym for "OMEMO Multi-End Message and Object Encryption". It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol (PEP, XEP-0163). OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

OMEMO employs a combination of asymmetric and symmetric cryptographic techniques to provide secure, end-to-end encrypted messaging. However, it still cannot solve the MITM (man-in-the-middle) Attack issue.

What is MITM Attack? Why MITM Attack Breaks End-to-End Encryption?

A man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, where in actuality the attacker has inserted themselves between the two user parties.

End-to-End Encryption is designed to ensure that only the communicating users can read the messages. However, MITM attacks can undermine E2EE during the initial key exchange phase. If an attacker intercepts and replaces the public keys exchanged between the parties, they can decrypt, read, and re-encrypt messages without detection.

My New Trust Policy Applied to Future Jabber Communications

Since today (April 12, 2025), I will carefully manage my Jabber account's OMEMO keys, and build Trust with my Jabber contacts. For those who already have Trust with me on OpenPGP (have verified and certified the identity/identities of each other's OpenPGP key), I will directly build Trust on Jabber via the Trust on OpenPGP. As of others, if possible, I will verify their OMEMO fingerprints in other reliable ways (e.g. face-to-face), and ask them to verify mine as well.

Do notice that:

These 7 fingerprints are verified by me, and are confirmed to be trusted:

146614A4 A28D568E 2491DBF4 432AF3AD 23B5FB40 7040D732 55031B56 0096B36A
2BCBC6B0 F28E8015 9FFA69CC CFE90042 90285C0A 96605915 4DB56134 6804E451
E551B50A 91A332B2 A967C861 08F70299 C466C798 709997DF 3742BA35 8A5D3036
5D49448C 4C9282DE BABE51C4 CD7C80EB C3D4A231 3F51A98A 8F011C46 0E72685D
853B4672 DF3AA335 2D6819E0 AA7E341B D64BE04D 31620525 FDD3F443 D0FC2929
EBE2B559 46D07ECA 9BF8F18C 5C897CE8 66FD1C18 8B842EB0 6D17A04E BDDD3D42
A398B7A0 7014A253 7CCE9FEB 007EA82A 1D8CA17A 79C07435 462F78E9 47115B0E

This fingerprint is my Pixel 6's, whose OS is GrapheneOS and bootloader is locked. Therefore, you can give it more trust than other 7 because it won't be compromised so easily after I lost my phone:

A95CBAEB 810112B2 FE8F5992 A7DFC5B4 742B376B 15A8F58B B135195E 88E9BB60

If you trust my OpenPGP public key, please verify the OpenPGP message at the end of this article using my OpenPGP public key.

With those who I cannot build Trust with, I will still keep the BTBV (Blind Trust Before Verification) setting enabled for them, but I will no longer trust their identity, in order to avoid MITM attacks.

More Important Things to Notice

There are other things you need to know:

Currently I have no OMEMO fingerprints other than those 8 above. However, if you receive a message whose origin is an OMEMO key other than those 8, or an OMEMO key other than those 8 appeared in my profile's key list, (if you trust my OpenPGP public key,) please make up a piece of a text, send it to me and ask me to sign it with my OpenPGP and send you the signature via the device with that OMEMO key. If I cannot do that for whatever reasons, please DO NOT trust that OMEMO key, and reject it.
The Jabber account czl92783719@vern.cc is also mine, however, I rarely use it, even have not listed it on my website's homepage, and I have no Trust management of that account. Simply DO NOT trust that account. Please, do ONLY trust my main Jabber account czl92783719@autistici.org, and its 8 (currently) OMEMO fingerprints.

What about Matrix?

Matrix is slightly different from Jabber - all the devices of a Matrix account verify each other and share one identity and one key for encrypting, decrypting messages and verification. Therefore, on Matrix building Trust is much simpler than Jabber - you verify "contact," not "device."

OpenPGP Message to Verify