KeySync: Syncing Trusted Identities

KeySyncPrivacy and security software like OTR encryption for chat and GnuPG for email and files all create digital identities that we can mark as trusted through a verification process. When using this software, each app needs completely new security identities that are separate from any existing identities used by the other apps. Then again, mobile software needs it own versions of these identity files. When setting up ChatSecure on a mobile device, all of the trust information from existing chat apps like Adium or Pidgin also needs to be converted and transferred so that ChatSecure has the same trusted identities. Or when switching from Pidgin to Jitsi for instant messaging, the trust information needs to be converted and synced so the trust information is not lost.

This is where KeySync comes in. KeySync reads and writes many different formats of OTR chat apps and converts between them. It also makes it easy to sync the trust information to your Android device for use with ChatSecure. There is also some exploratory support for syncing identities between OTR and OpenPGP via GnuPG support in KeySync.

How To Sync To ChatSecure

To sync between ChatSecure and your desktop apps, First plug in your phone or device
via USB. Start KeySync and it should automatically detect your device. If KeySync cannot find your device, it will save the file for you to manually copy the otr_keystore.ofcaes file over to your device’s SD Card, where ChatSecure looks for it. Once the file is in place on your device, start ChatSecure. In ChatSecure, go to the Accounts, then select Activate KeySync from the menu. This will guide you to scan the QRCode that KeySync shows you in order to complete the sync.

The otr_keystore.ofcaes file is encrypted to prevent your private information from leaking out. That QRCode is the password to your keystore, so do not share it with anyone. Also, the otr_keystore.ofcaes file is only intended for use in this sync procedure. Do not email it or send it anywhere over the internet!


This is beta software, do not rely on it for strong identity verification. It is unlikely to mess up so bad as to produce compromised private keys, but anything is possible. Also, keep in mind that program is handling your private OTR keys, so make sure that you don’t copy, send or email the `otr_keystore.ofcaes` file somewhere nsafe. All that said, testing and feedback is greatly appreciated, so we can get it to the point where we can trust it.

Reporting Bugs

Please report any bugs or issues that you have with this app! We want to hear from you, no need to worry about technical details or language skills. Help us improve this software by filing bug reports about any problem that you encounter. Feature requests and patches are also welcome!


  • WindowsWindows executable
    • Download and install OpenSSL: Win32OpenSSL_Light-1_0_1f.exe
    • When prompted install into the “Windows system directory”
    • Note: The prompt asking for a donation will go to the company that produces OpenSSL installers for Windows, not The Guardian Project.
    • If you get an error when trying to install OpenSSL, you probably need in stall the Visual C++ 2008 Redistributables from Microsoft.
    • Download KeySync – no installation required: KeySync-0.2.exe
      • detached gpg signature
      • MD5: 1fb7a5ec050d03f59104a41494c559fd
      • SHA256: 422fd0ddb6d85a6f509a1c9a868ce87437af7ac895ba8c4fa7f366d83114be07
  • Mac OS XMac OS X (10.6 or newer, 64-bit only):
    • detached gpg signature
    • MD5: f6a1744a783d1cc5dc3070e1a16d79fd
    • SHA256: 429dc303fb1d2673b953a2543b0e168f0410ce1cd14d4167f0dbf888fdf162d0
  • UbuntuUbuntu, Linux Mint, etc. Run this in the Terminal to add our PPA to your package sources. You only need to do this once, you’ll get updated versions automatically once this is complete (fingerprint: F50E ADDD 2234 F563):
    sudo add-apt-repository ppa:guardianproject/ppa
    sudo apt-get update
    sudo apt-get install keysync
  • FedoraFedora 17, 18, 19: Run this in your Terminal to add our repository to your package sources. You only need to do this once, you’ll get updated versions automatically once this is complete (fingerprint: AC38 BED1 E879 79EA FD54):
    source /etc/os-release
    sudo wget${VERSION_ID}/security:guardianproject.repo -O /etc/yum.repos.d/security:guardianproject.repo
    sudo yum install keysync
  • DebianDebian: included in the official repos. For wheezy, get it from backports:
    apt-get -t wheezy-backports install keysync
  • Arch LinuxArch Linux: included in the AUR. Please vote for it so it can be included in the official community repository.
  • Python pypiAny Platform with Python, install via pypi (see the special instructions for Windows)
    pip install keysync


Known Issues

See the KeySync Roadmap for our development plan. Here are some notable known issues:

  • does not handle multiple keys/fingerprints for a given account (#1868)
  • GUI only syncs to ChatSecure (full two-way sync is planned) (#1968)
  • no way to handle conflicting private keys for an account (#1963)
  • no translations, only in English (#2170)
  • View all open issues