feat: key-contacts

This change introduces a new type of contacts
identified by their public key fingerprint
rather than an e-mail address.

Encrypted chats now stay encrypted
and unencrypted chats stay unencrypted.
For example, 1:1 chats with key-contacts
are encrypted and 1:1 chats with address-contacts
are unencrypted.
Groups that have a group ID are encrypted
and can only contain key-contacts
while groups that don't have a group ID ("adhoc groups")
are unencrypted and can only contain address-contacts.

JSON-RPC API `reset_contact_encryption` is removed.
Python API `Contact.reset_encryption` is removed.
"Group tracking plugin" in legacy Python API was removed because it
relied on parsing email addresses from system messages with regexps.

Co-authored-by: Hocuri <hocuri@gmx.de>
Co-authored-by: iequidoo <dgreshilov@gmail.com>
Co-authored-by: B. Petersen <r10s@b44t.com>

src/context.rs

@@ -5,35 +5,32 @@ use std::ffi::OsString;
 use std::ops::Deref;
 use std::path::{Path, PathBuf};
 use std::sync::atomic::{AtomicBool, Ordering};
-use std::sync::Arc;
+use std::sync::{Arc, OnceLock};
 use std::time::Duration;
 
 use anyhow::{bail, ensure, Context as _, Result};
 use async_channel::{self as channel, Receiver, Sender};
-use pgp::composed::SignedPublicKey;
 use pgp::types::PublicKeyTrait;
 use ratelimit::Ratelimit;
 use tokio::sync::{Mutex, Notify, RwLock};
 
-use crate::aheader::EncryptPreference;
 use crate::chat::{get_chat_cnt, ChatId, ProtectionStatus};
 use crate::chatlist_events;
 use crate::config::Config;
 use crate::constants::{
     self, DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT, DC_CHAT_ID_TRASH, DC_VERSION_STR,
 };
-use crate::contact::{Contact, ContactId};
+use crate::contact::{import_vcard, mark_contact_id_as_verified, Contact, ContactId};
 use crate::debug_logging::DebugLogging;
 use crate::download::DownloadState;
 use crate::events::{Event, EventEmitter, EventType, Events};
 use crate::imap::{FolderMeaning, Imap, ServerMetadata};
-use crate::key::{load_self_public_key, load_self_secret_key, DcKey as _};
+use crate::key::{load_self_secret_key, self_fingerprint};
 use crate::log::{info, warn};
 use crate::login_param::{ConfiguredLoginParam, EnteredLoginParam};
 use crate::message::{self, Message, MessageState, MsgId};
 use crate::param::{Param, Params};
 use crate::peer_channels::Iroh;
-use crate::peerstate::Peerstate;
 use crate::push::PushSubscriber;
 use crate::quota::QuotaInfo;
 use crate::scheduler::{convert_folder_meaning, SchedulerState};
@@ -279,6 +276,13 @@ pub struct InnerContext {
     /// `last_error` should be used to avoid races with the event thread.
     pub(crate) last_error: parking_lot::RwLock<String>,
 
+    /// It's not possible to emit migration errors as an event,
+    /// because at the time of the migration, there is no event emitter yet.
+    /// So, this holds the error that happened during migration, if any.
+    /// This is necessary for the possibly-failible PGP migration,
+    /// which happened 2025-05, and can be removed a few releases later.
+    pub(crate) migration_error: parking_lot::RwLock<Option<String>>,
+
     /// If debug logging is enabled, this contains all necessary information
     ///
     /// Standard RwLock instead of [`tokio::sync::RwLock`] is used
@@ -294,6 +298,11 @@ pub struct InnerContext {
 
     /// Iroh for realtime peer channels.
     pub(crate) iroh: Arc<RwLock<Option<Iroh>>>,
+
+    /// The own fingerprint, if it was computed already.
+    /// tokio::sync::OnceCell would be possible to use, but overkill for our usecase;
+    /// the standard library's OnceLock is enough, and it's a lot smaller in memory.
+    pub(crate) self_fingerprint: OnceLock<String>,
 }
 
 /// The state of ongoing process.
@@ -448,10 +457,12 @@ impl Context {
             creation_time: tools::Time::now(),
             last_full_folder_scan: Mutex::new(None),
             last_error: parking_lot::RwLock::new("".to_string()),
+            migration_error: parking_lot::RwLock::new(None),
             debug_logging: std::sync::RwLock::new(None),
             push_subscriber,
             push_subscribed: AtomicBool::new(false),
             iroh: Arc::new(RwLock::new(None)),
+            self_fingerprint: OnceLock::new(),
         };
 
         let ctx = Context {
@@ -805,10 +816,10 @@ impl Context {
 
         let pub_key_cnt = self
             .sql
-            .count("SELECT COUNT(*) FROM acpeerstates;", ())
+            .count("SELECT COUNT(*) FROM public_keys;", ())
             .await?;
-        let fingerprint_str = match load_self_public_key(self).await {
-            Ok(key) => key.dc_fingerprint().hex(),
+        let fingerprint_str = match self_fingerprint(self).await {
+            Ok(fp) => fp.to_string(),
             Err(err) => format!("<key failure: {err}>"),
         };
 
@@ -1164,32 +1175,14 @@ impl Context {
     /// On the other end, a bot will receive the message and make it available
     /// to Delta Chat's developers.
     pub async fn draft_self_report(&self) -> Result<ChatId> {
-        const SELF_REPORTING_BOT: &str = "self_reporting@testrun.org";
+        const SELF_REPORTING_BOT_VCARD: &str = include_str!("../assets/self-reporting-bot.vcf");
+        let contact_id: ContactId = *import_vcard(self, SELF_REPORTING_BOT_VCARD)
+            .await?
+            .first()
+            .context("Self reporting bot vCard does not contain a contact")?;
+        mark_contact_id_as_verified(self, contact_id, ContactId::SELF).await?;
 
-        let contact_id = Contact::create(self, "Statistics bot", SELF_REPORTING_BOT).await?;
         let chat_id = ChatId::create_for_contact(self, contact_id).await?;
-
-        // We're including the bot's public key in Delta Chat
-        // so that the first message to the bot can directly be encrypted:
-        let public_key = SignedPublicKey::from_base64(
-            "xjMEZbfBlBYJKwYBBAHaRw8BAQdABpLWS2PUIGGo4pslVt4R8sylP5wZihmhf1DTDr3oCM\
-	        PNHDxzZWxmX3JlcG9ydGluZ0B0ZXN0cnVuLm9yZz7CiwQQFggAMwIZAQUCZbfBlAIbAwQLCQgHBhUI\
-	        CQoLAgMWAgEWIQTS2i16sHeYTckGn284K3M5Z4oohAAKCRA4K3M5Z4oohD8dAQCQV7CoH6UP4PD+Nq\
-	        I4kW5tbbqdh2AnDROg60qotmLExAEAxDfd3QHAK9f8b9qQUbLmHIztCLxhEuVbWPBEYeVW0gvOOARl\
-	        t8GUEgorBgEEAZdVAQUBAQdAMBUhYoAAcI625vGZqnM5maPX4sGJ7qvJxPAFILPy6AcDAQgHwngEGB\
-	        YIACAFAmW3wZQCGwwWIQTS2i16sHeYTckGn284K3M5Z4oohAAKCRA4K3M5Z4oohPwCAQCvzk1ObIkj\
-	        2GqsuIfaULlgdnfdZY8LNary425CEfHZDQD5AblXVrlMO1frdlc/Vo9z3pEeCrfYdD7ITD3/OeVoiQ\
-	        4=",
-        )?;
-        let mut peerstate = Peerstate::from_public_key(
-            SELF_REPORTING_BOT,
-            0,
-            EncryptPreference::Mutual,
-            &public_key,
-        );
-        let fingerprint = public_key.dc_fingerprint();
-        peerstate.set_verified(public_key, fingerprint, "".to_string())?;
-        peerstate.save_to_db(&self.sql).await?;
         chat_id
             .set_protection(self, ProtectionStatus::Protected, time(), Some(contact_id))
             .await?;