KeySync: Syncing Trusted Identities

KeySyncPrivacy and security software like OTR encryption for chat and GnuPG for email and files all create digital identities that we can mark as trusted through a verification process. When using this software, each app needs completely new security identities that are separate from any existing identities used by the other apps. Then again, mobile software needs it own versions of these identity files. When setting up ChatSecure on a mobile device, all of the trust information from existing chat apps like Adium or Pidgin also needs to be converted and transferred so that ChatSecure has the same trusted identities. Or when switching from Pidgin to Jitsi for instant messaging, the trust information needs to be converted and synced so the trust information is not lost.

This is where KeySync comes in. KeySync reads and writes many different formats of OTR chat apps and converts between them. It also makes it easy to sync the trust information to your Android device for use with ChatSecure. There is also some exploratory support for syncing identities between OTR and OpenPGP via GnuPG support in KeySync.

How To Sync To ChatSecure

To sync between ChatSecure and your desktop apps, First plug in your phone or device
via USB. Start KeySync and it should automatically detect your device. If KeySync cannot find your device, it will save the file for you to manually copy the otr_keystore.ofcaes file over to your device’s SD Card, where ChatSecure looks for it. Once the file is in place on your device, start ChatSecure. In ChatSecure, go to the Accounts, then select Activate KeySync from the menu. This will guide you to scan the QRCode that KeySync shows you in order to complete the sync.

The otr_keystore.ofcaes file is encrypted to prevent your private information from leaking out. That QRCode is the password to your keystore, so do not share it with anyone. Also, the otr_keystore.ofcaes file is only intended for use in this sync procedure. Do not email it or send it anywhere over the internet!


This is beta software, do not rely on it for strong identity verification. It is unlikely to mess up so bad as to produce compromised private keys, but anything is possible. Also, keep in mind that program is handling your private OTR keys, so make sure that you don’t copy, send or email the `otr_keystore.ofcaes` file somewhere nsafe. All that said, testing and feedback is greatly appreciated, so we can get it to the point where we can trust it.

Reporting Bugs

Please report any bugs or issues that you have with this app! We want to hear from you, no need to worry about technical details or language skills. Help us improve this software by filing bug reports about any problem that you encounter. Feature requests and patches are also welcome!


*Windows Windows executable * Download and install OpenSSL: Win32OpenSSL_Light-1_0_1f.exe * When prompted install into the “Windows system directory” * Note: The prompt asking for a donation will go to the company that produces OpenSSL installers for Windows, not The Guardian Project. * If you get an error when trying to install OpenSSL, you probably need in stall the Visual C++ 2008 Redistributables from Microsoft. * Download KeySync - no installation required: KeySync-0.2.exe * detached gpg signature * MD5: 1fb7a5ec050d03f59104a41494c559fd * SHA256: 422fd0ddb6d85a6f509a1c9a868ce87437af7ac895ba8c4fa7f366d83114be07 *Mac OS X Mac OS X (10.6 or newer, 64-bit only): * detached gpg signature * MD5: f6a1744a783d1cc5dc3070e1a16d79fd * SHA256: 429dc303fb1d2673b953a2543b0e168f0410ce1cd14d4167f0dbf888fdf162d0 *Ubuntu Ubuntu, Linux Mint, etc. Run this in the Terminal to add our PPA to your package sources. You only need to do this once, you’ll get updated versions automatically once this is complete (fingerprint: F50E ADDD 2234 F563):

sudo add-apt-repository ppa:guardianproject/ppa
sudo apt-get update
sudo apt-get install keysync

  *![Fedora]( **Fedora 17, 18, 19**: Run this in your Terminal to add <a href=""  target="_blank">our repository</a> to your package sources. You only need to do this once, you'll get updated versions automatically once this is complete (fingerprint: `AC38 BED1 E879 79EA FD54`): <pre style="font-size: small;">source /etc/os-release

sudo wget${VERSION_ID}/security:guardianproject.repo -O /etc/yum.repos.d/security:guardianproject.repo sudo yum install keysync

  *![Debian]( **Debian**: <a href="" target="_blank">included in the official repos</a>. For wheezy, get it from backports: <pre style="font-size: small;">apt-get -t wheezy-backports install keysync

  *![Arch Linux]( **Arch Linux**: <a href="" target="_blank">included in the AUR</a>. Please vote for it so it can be included in the official community repository. 
  *![Python pypi]( Any Platform with Python, install via <a href="" target="_blank">pypi</a> (see the <a href="" target="_blank" title="Building KeySync on Windows">special instructions for Windows</a>) <pre style="font-size: small;">pip install keysync

<a name="source"></a>

### Source

  * For more info on the code and installation, <a href="" target="_blank">see the README</a>
  * github: <a href="" title="KeySync source repo" target="_blank"></a>
  * <a href="" title="KeySync source tarballs" target="_blank">downloadable tags on github</a>
## Known Issues

See the <a href="" title="KeySync Development Roadmap" target="_blank">KeySync Roadmap</a> for our development plan. Here are some notable known issues:

  * does not handle multiple keys/fingerprints for a given account (<a href="" target="_blank">#1868</a>)
  * GUI only syncs to ChatSecure (full two-way sync is planned) (<a href="" target="_blank">#1968</a>)
  * no way to handle conflicting private keys for an account (<a href="" target="_blank">#1963</a>)
  * no translations, only in English (<a href="" target="_blank">#2170</a>)
  * <a title="existing KeySync issues" href="" target="_blank">View all open issues</a>