feat: report ready/init_error on startup via JSON-RPC notification

Why: When the deltachat-rpc-server encounters a fatal error during early startup (e.g., when the accounts directory is invalid, a file instead of a dir, or otherwise inaccessible), it exits. The Python RPC client previously lacked a structured way to wait for the server to be fully initialized or to detect early startup failures gracefully. This led to hanging tests or obscure broken pipe errors rather than clear initialization errors. How: - The RPC server now sends a JSON-RPC notification on stdout at startup: - "ready" with core_version, server_path, and accounts_dir on success - "init_error" with error message if accounts directory initialization fails - The Python RPC client reads the first line from stdout to ensure the server is ready. - The Python client raises JsonRpcError on init_error, enabling early failure detection and fast-failing rather than stalling. - Added tests to ensure the client fails immediately on invalid dirs.
2026-04-06 15:42:10 +03:00 · 2026-02-24 17:30:07 +01:00
118 changed files with 3921 additions and 5799 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ permissions: {}

 env:
  RUSTFLAGS: -Dwarnings
-  RUST_VERSION: 1.94.0
+  RUST_VERSION: 1.93.0

  # Minimum Supported Rust Version
  MSRV: 1.88.0
@@ -40,7 +40,7 @@ jobs:
      - run: rustup override set $RUST_VERSION
        shell: bash
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
      - name: Run rustfmt
        run: cargo fmt --all -- --check
      - name: Run clippy
@@ -91,7 +91,7 @@ jobs:
          show-progress: false
          persist-credentials: false
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
      - name: Rustdoc
        run: cargo doc --document-private-items --no-deps

@@ -134,7 +134,7 @@ jobs:
        shell: bash

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5

      - name: Install nextest
        uses: taiki-e/install-action@69e777b377e4ec209ddad9426ae3e0c1008b0ef3
@@ -168,13 +168,13 @@ jobs:
          persist-credentials: false

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5

      - name: Build C library
        run: cargo build -p deltachat_ffi

      - name: Upload C library
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug/libdeltachat.a
@@ -194,13 +194,13 @@ jobs:
          persist-credentials: false

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5

      - name: Build deltachat-rpc-server
        run: cargo build -p deltachat-rpc-server

      - name: Upload deltachat-rpc-server
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: ${{ matrix.os == 'windows-latest' && 'target/debug/deltachat-rpc-server.exe' || 'target/debug/deltachat-rpc-server' }}
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -34,13 +34,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-linux
          path: result/bin/deltachat-rpc-server
@@ -58,13 +58,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel

      - name: Upload wheel
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
          path: result/*.whl
@@ -82,13 +82,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}
          path: result/bin/deltachat-rpc-server.exe
@@ -106,13 +106,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel

      - name: Upload wheel
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-wheel
          path: result/*.whl
@@ -139,7 +139,7 @@ jobs:
        run: cargo build --release --package deltachat-rpc-server --target ${{ matrix.arch }}-apple-darwin --features vendored

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-macos
          path: target/${{ matrix.arch }}-apple-darwin/release/deltachat-rpc-server
@@ -157,13 +157,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-android
          path: result/bin/deltachat-rpc-server
@@ -181,13 +181,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel

      - name: Upload wheel
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-android-wheel
          path: result/*.whl
@@ -208,7 +208,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31

      - name: Download Linux aarch64 binary
        uses: actions/download-artifact@v7
@@ -496,7 +496,7 @@ jobs:
          ls -lah

      - name: Upload to artifacts
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-npm-package
          path: deltachat-rpc-server/npm-package/*.tgz
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -25,7 +25,7 @@ jobs:
        with:
          node-version: 18.x
      - name: Add Rust cache
-        uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
      - name: npm install
        working-directory: deltachat-jsonrpc/typescript
        run: npm install
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -25,7 +25,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
      - run: nix fmt flake.nix -- --check

  build:
@@ -84,7 +84,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
      - run: nix build .#${{ matrix.installable }}

  build-macos:
@@ -105,5 +105,5 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
      - run: nix build .#${{ matrix.installable }}
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -23,7 +23,7 @@ jobs:
        working-directory: deltachat-rpc-client
        run: python3 -m build
      - name: Store the distribution packages
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: python-package-distributions
          path: deltachat-rpc-client/dist/
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -18,11 +18,11 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
      - name: Build
        run: nix build .#deltachat-repl-win64
      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: repl.exe
          path: "result/bin/deltachat-repl.exe"
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -36,7 +36,7 @@ jobs:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
      - name: Build Python documentation
        run: nix build .#python-docs
      - name: Upload to py.delta.chat
@@ -55,7 +55,7 @@ jobs:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
      - name: Build C documentation
        run: nix build .#docs
      - name: Upload to c.delta.chat
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -6,21 +6,26 @@ on:
  pull_request:
    branches: ["**"]

-permissions: {}
-
 jobs:
  zizmor:
-    name: Run zizmor
+    name: zizmor latest via PyPI
    runs-on: ubuntu-latest
    permissions:
-      security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
-      contents: read
-      actions: read
+      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false

+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b
+
      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
+        run: uvx zizmor --format sarif . > results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif
+          category: zizmor
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,6 +0,0 @@
-rules:
-  unpinned-uses:
-    config:
-      policies:
-        actions/*: ref-pin
-        dependabot/*: ref-pin
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,185 +1,5 @@
 # Changelog

-## [2.46.0] - 2026-03-19
-
-### API-Changes
-
- [**breaking**] remove functions for sending and receiving Autocrypt Setup Message.
- Add `list_transports_ex()` and `set_transport_unpublished()` functions.
-
-### Features / Changes
-
- add `IncomingCallAccepted.from_this_device`.
- mark messages as "fresh".
- decode `dcaccount://` URLs and error out on empty URLs early.
- enable anonymous OpenPGP key IDs.
- tls: do not verify TLS certificates for hostnames starting with `_`.
-
-### Fixes
-
- Mark call message as seen when accepting/declining a call ([#7842](https://github.com/chatmail/core/pull/7842)).
- do not send MDNs for hidden messages.
- call sync_all() instead of sync_data() when writing accounts.toml.
- fsync() the rename() of accounts.toml.
- count recipients by Intended Recipient Fingerprints.
-
-### Miscellaneous Tasks
-
- deps: bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2.
- cargo: bump astral-tokio-tar from 0.5.6 to 0.6.0.
- deps: bump actions/upload-artifact from 6 to 7.
- cargo: bump blake3 from 1.8.2 to 1.8.3.
- add constant_time_eq 0.3.1 to deny.toml.
-
-### Refactor
-
- use re-exported rustls::pki_types.
- import tokio_rustls::rustls.
- Move transport_tests to their own file.
-
-### Tests
-
- Shift time even more in flaky test_sync_broadcast_and_send_message.
- test markfresh_chat()
-
-## [2.45.0] - 2026-03-14
-
-### API-Changes
-
- JSON-RPC: add `createQrSvg` ([#7949](https://github.com/chatmail/core/pull/7949)).
-
-### Features / Changes
-
- Do not read own public key from the database.
- Securejoin v3, encrypt all securejoin messages ([#7754](https://github.com/chatmail/core/pull/7754)).
- Domain separation between securejoin auth tokens and broadcast channel secrets ([#7981](https://github.com/chatmail/core/pull/7981)).
- Merge OpenPGP certificates and distribute relays in them.
- Advertise SEIPDv2 feature for new keys.
- Don't depend on cleartext `Chat-Version`, `In-Reply-To`, and `References` headers for `prefetch_should_download` ([#7932](https://github.com/chatmail/core/pull/7932)).
- Don't send unencrypted `In-Reply-To` and `References` headers ([#7935](https://github.com/chatmail/core/pull/7935)).
- Don't send unencrypted `Auto-Submitted` header ([#7938](https://github.com/chatmail/core/pull/7938)).
- Remove QR code tokens sync compatibility code.
- Mutex to prevent fetching from multiple IMAP servers at the same time.
- Add support to gif stickers ([#7941](https://github.com/chatmail/core/pull/7941))
-
-### Fixes
-
- Fix the deadlock by adding a mutex around `wal_checkpoint()`.
- Do not run more than one housekeeping at a time.
- ffi: don't steal Arc in `dc_jsonrpc_init` ([#7962](https://github.com/chatmail/core/pull/7962)).
- Handle the case that the user starts a securejoin, and then deletes the contact ([#7883](https://github.com/chatmail/core/pull/7883)).
- Do not trash pre-message if it is received twice.
- Set `is_chatmail` during initial configuration.
- vCard: Improve property value escaping ([#7931](https://github.com/chatmail/core/pull/7931)).
- Percent-decode the address in `dclogin://` URLs.
- Make broadcast owner and subscriber hidden contacts for each other ([#7856](https://github.com/chatmail/core/pull/7856)).
- Set proper placeholder texts for system messages ([#7953](https://github.com/chatmail/core/pull/7953)).
- Add "member added" messages to `OutBroadcast` when executing `SetPgpContacts` sync message ([#7952](https://github.com/chatmail/core/pull/7952)).
- Correct channel system messages ([#7959](https://github.com/chatmail/core/pull/7959)).
- Drop messages encrypted with the wrong symmetric secret ([#7963](https://github.com/chatmail/core/pull/7963)).
- Fix debug assert message incorrectly talking about past members in the current member branch.
- Update device chats at the end of configuration.
- `deltachat_rpc_client`: make `@futuremethod` decorator keep method metadata.
- Use the correct chat description stock string again ([#7939](https://github.com/chatmail/core/pull/7939)).
- Use correct string for encryption info.
-
-### CI
-
- Update Rust to 1.94.0.
- Allow non-hash references for `actions/*` and `dependabot/*`.
- update zizmor workflow to use zizmorcore/zizmor-action.
-
-### Documentation
-
- update `store_self_keypair()` documentation.
- Fix documentation for membership change stock strings ([#7944](https://github.com/chatmail/core/pull/7944)).
- use correct define for 'description changed' info message.
-
-### Refactor
-
- Un-resultify `KeyPair::new()`.
- Remove `KeyPair` type.
- pgp: do not use legacy key ID except for IssuerKeyId subpacket.
- `use super::*` in qr::dclogin_scheme.
- Move WAL checkpointing into `sql::pool` submodule.
- Order self addresses by addition timestamp.
-
-### Tests
-
- Remove arbitrary timeouts from `test_4_lowlevel.py`.
- Fix flaky `test_qr_securejoin_broadcast` ([#7937](https://github.com/chatmail/core/pull/7937)).
- Work around `test_sync_broadcast_and_send_message` flakiness.
-
-### Miscellaneous Tasks
-
- bump version to 2.44.0-dev.
- cargo: bump futures from 0.3.31 to 0.3.32.
- cargo: bump quick-xml from 0.39.0 to 0.39.2.
- cargo: bump criterion from 0.8.1 to 0.8.2.
- cargo: bump tempfile from 3.24.0 to 3.25.0.
- cargo: bump async-imap from 0.11.1 to 0.11.2.
- cargo: bump regex from 1.12.2 to 1.12.3.
- cargo: bump hyper-util from 0.1.19 to 0.1.20.
- cargo: bump anyhow from 1.0.100 to 1.0.102.
- cargo: bump syn from 2.0.114 to 2.0.117.
- cargo: bump proptest from 1.9.0 to 1.10.0.
- cargo: bump strum from 0.27.2 to 0.28.0.
- cargo: bump strum_macros from 0.27.2 to 0.28.0.
- cargo: bump quinn-proto from 0.11.9 to 0.11.14.
-
-## [2.44.0] - 2026-02-27
-
-### Build system
-
- git-cliff: do not capitalize the first letter of commit message.
-
-### Documentation
-
- RELEASE.md: add section about dealing with antivirus false positives.
-
-### Features / Changes
-
- improve logging of connection failures.
- add backup versions to the importing error message.
- add context to message loading failures.
- Add 📱 to all webxdc summaries ([#7790](https://github.com/chatmail/core/pull/7790)).
- Send webxdc name instead of raw file name in pre-messages. Display it in summary ([#7790](https://github.com/chatmail/core/pull/7790)).
- rpc: add startup health-check and propagate server errors.
-
-### Fixes
-
- imex: do not call `set_config` before running SQL migrations ([#7851](https://github.com/chatmail/core/pull/7851)).
- add missing group description strings to cffi.
- chat-description-changed text in old clients ([#7870](https://github.com/chatmail/core/pull/7870)).
- add cffi type for "Description changed" info message.
- If there was no chat description, and it's set to be an empty string, don't send out a "chat description changed" message ([#7879](https://github.com/chatmail/core/pull/7879)).
- Make clicking on broadcast member-added messages work always ([#7882](https://github.com/chatmail/core/pull/7882)).
- tolerate empty existing directory in Accounts::new() ([#7886](https://github.com/chatmail/core/pull/7886)).
- If importing a backup fails, delete the partially-imported profile ([#7885](https://github.com/chatmail/core/pull/7885)).
- Don't generate new timestamp for re-sent messages ([#7889](https://github.com/chatmail/core/pull/7889)).
-
-### Miscellaneous Tasks
-
- cargo: update async-native-tls from 0.5.0 to 0.6.0.
- add dev-version bump instructions to RELEASE.md (bumping to 2.44.0-dev).
- deps: bump cachix/install-nix-action from 31.9.0 to 31.9.1.
-
-### Performance
-
- batched event reception.
-
-### Refactor
-
- enable clippy::arithmetic_side_effects lint.
- imex: check for overflow when adding blob size.
- http: saturating addition to calculate cache expiration timestamp.
- Move migrations to the end of the file ([#7895](https://github.com/chatmail/core/pull/7895)).
- do not chain Autocrypt key verification to parsing.
-
-### Tests
-
- fail fast when CHATMAIL_DOMAIN is unset.
-
 ## [2.43.0] - 2026-02-17

 ### Features / Changes
@@ -7947,6 +7767,3 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.41.0]: https://github.com/chatmail/core/compare/v2.40.0..v2.41.0
 [2.42.0]: https://github.com/chatmail/core/compare/v2.41.0..v2.42.0
 [2.43.0]: https://github.com/chatmail/core/compare/v2.42.0..v2.43.0
-[2.44.0]: https://github.com/chatmail/core/compare/v2.43.0..v2.44.0
-[2.45.0]: https://github.com/chatmail/core/compare/v2.44.0..v2.45.0
-[2.46.0]: https://github.com/chatmail/core/compare/v2.45.0..v2.46.0
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -124,9 +124,12 @@ checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc"

 [[package]]
 name = "anyhow"
-version = "1.0.102"
+version = "1.0.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
+checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
+dependencies = [
+ "backtrace",
+]

 [[package]]
 name = "argon2"
@@ -177,7 +180,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "synstructure",
 ]

@@ -189,14 +192,14 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
 name = "astral-tokio-tar"
-version = "0.6.0"
+version = "0.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c23f3af104b40a3430ccb90ed5f7bd877a8dc5c26fc92fde51a22b40890dcf9"
+checksum = "ec179a06c1769b1e42e1e2cbe74c7dcdb3d6383c838454d063eaac5bbb7ebbe5"
 dependencies = [
 "filetime",
 "futures-core",
@@ -271,9 +274,9 @@ dependencies = [

 [[package]]
 name = "async-imap"
-version = "0.11.2"
+version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a78dceaba06f029d8f4d7df20addd4b7370a30206e3926267ecda2915b0f3f66"
+checksum = "8da885da5980f3934831e6370445c0e0e44ef251d7792308b39e908915a41d09"
 dependencies = [
 "async-channel 2.5.0",
 "async-compression",
@@ -339,7 +342,7 @@ checksum = "644dd749086bf3771a2fbc5f256fdb982d53f011c7d5d560304eafeecebce79d"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -458,7 +461,7 @@ checksum = "57413e4b276d883b77fb368b7b33ae6a5eb97692852d49a5394d4f72ba961827"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "thiserror 2.0.18",
 ]

@@ -470,9 +473,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"

 [[package]]
 name = "bitflags"
-version = "2.11.0"
+version = "2.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af"
+checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"

 [[package]]
 name = "bitvec"
@@ -497,16 +500,15 @@ dependencies = [

 [[package]]
 name = "blake3"
-version = "1.8.3"
+version = "1.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2468ef7d57b3fb7e16b576e8377cdbde2320c60e1491e961d11da40fc4f02a2d"
+checksum = "3888aaa89e4b2a40fca9848e400f6a658a5a3978de7be858e209cafa8be9a4a0"
 dependencies = [
 "arrayref",
 "arrayvec",
 "cc",
 "cfg-if",
- "constant_time_eq 0.4.2",
- "cpufeatures",
+ "constant_time_eq",
 ]

 [[package]]
@@ -599,7 +601,7 @@ dependencies = [
 "proc-macro-crate 2.0.0",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -964,12 +966,6 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"

-[[package]]
-name = "constant_time_eq"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b"
-
 [[package]]
 name = "convert_case"
 version = "0.5.0"
@@ -1043,9 +1039,9 @@ dependencies = [

 [[package]]
 name = "criterion"
-version = "0.8.2"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "950046b2aa2492f9a536f5f4f9a3de7b9e2476e575e05bd6c333371add4d98f3"
+checksum = "4d883447757bb0ee46f233e9dc22eb84d93a9508c9b868687b274fc431d886bf"
 dependencies = [
 "alloca",
 "anes",
@@ -1069,9 +1065,9 @@ dependencies = [

 [[package]]
 name = "criterion-plot"
-version = "0.8.2"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8d80a2f4f5b554395e47b5d8305bc3d27813bacb73493eb1001e8f76dae29ea"
+checksum = "ed943f81ea2faa8dcecbbfa50164acf95d555afec96a27871663b300e387b2e4"
 dependencies = [
 "cast",
 "itertools",
@@ -1123,7 +1119,7 @@ version = "0.28.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "829d955a0bb380ef178a640b91779e3987da38c9aea133b20614cfed8cdea9c6"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "crossterm_winapi",
 "parking_lot",
 "rustix 0.38.44",
@@ -1235,7 +1231,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1276,7 +1272,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "strsim",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1287,7 +1283,7 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
 "darling_core",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1307,7 +1303,7 @@ dependencies = [

 [[package]]
 name = "deltachat"
-version = "2.47.0-dev"
+version = "2.43.0"
 dependencies = [
 "anyhow",
 "astral-tokio-tar",
@@ -1365,6 +1361,7 @@ dependencies = [
 "ratelimit",
 "regex",
 "rusqlite",
+ "rustls-pki-types",
 "sanitize-filename",
 "sdp",
 "serde",
@@ -1374,8 +1371,8 @@ dependencies = [
 "sha2",
 "shadowsocks",
 "smallvec",
- "strum 0.28.0",
- "strum_macros 0.28.0",
+ "strum 0.27.2",
+ "strum_macros 0.27.2",
 "tagger",
 "tempfile",
 "testdir",
@@ -1416,7 +1413,7 @@ dependencies = [

 [[package]]
 name = "deltachat-jsonrpc"
-version = "2.47.0-dev"
+version = "2.43.0"
 dependencies = [
 "anyhow",
 "async-channel 2.5.0",
@@ -1437,7 +1434,7 @@ dependencies = [

 [[package]]
 name = "deltachat-repl"
-version = "2.47.0-dev"
+version = "2.43.0"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1453,7 +1450,7 @@ dependencies = [

 [[package]]
 name = "deltachat-rpc-server"
-version = "2.47.0-dev"
+version = "2.43.0"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1477,12 +1474,12 @@ name = "deltachat_derive"
 version = "2.0.0"
 dependencies = [
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
 name = "deltachat_ffi"
-version = "2.47.0-dev"
+version = "2.43.0"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1531,7 +1528,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1561,7 +1558,7 @@ dependencies = [
 "darling",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1571,7 +1568,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c"
 dependencies = [
 "derive_builder_core",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1600,7 +1597,7 @@ checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "unicode-xid",
 ]

@@ -1612,7 +1609,7 @@ checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "unicode-xid",
 ]

@@ -1678,7 +1675,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1741,7 +1738,7 @@ checksum = "7a4102713839a8c01c77c165bc38ef2e83948f6397fa1e1dcfacec0f07b149d3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1870,7 +1867,7 @@ dependencies = [
 "heck 0.4.1",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -1890,7 +1887,7 @@ checksum = "fc4caf64a58d7a6d65ab00639b046ff54399a39f5f2554728895ace4b297cd79"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -2000,7 +1997,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ce92ff622d6dadf7349484f42c93271a0d49b7cc4d466a936405bacbe10aa78"
 dependencies = [
 "cfg-if",
- "rustix 1.1.4",
+ "rustix 1.1.3",
 "windows-sys 0.59.0",
 ]

@@ -2107,9 +2104,9 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"

 [[package]]
 name = "futures"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d"
+checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
 dependencies = [
 "futures-channel",
 "futures-core",
@@ -2135,9 +2132,9 @@ dependencies = [

 [[package]]
 name = "futures-channel"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
+checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
 dependencies = [
 "futures-core",
 "futures-sink",
@@ -2160,15 +2157,15 @@ dependencies = [

 [[package]]
 name = "futures-core"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
+checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"

 [[package]]
 name = "futures-executor"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d"
+checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
 dependencies = [
 "futures-core",
 "futures-task",
@@ -2177,9 +2174,9 @@ dependencies = [

 [[package]]
 name = "futures-io"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
+checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"

 [[package]]
 name = "futures-lite"
@@ -2196,32 +2193,32 @@ dependencies = [

 [[package]]
 name = "futures-macro"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
+checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
 name = "futures-sink"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
+checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"

 [[package]]
 name = "futures-task"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
+checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"

 [[package]]
 name = "futures-util"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
+checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
 dependencies = [
 "futures-channel",
 "futures-core",
@@ -2231,6 +2228,7 @@ dependencies = [
 "futures-task",
 "memchr",
 "pin-project-lite",
+ "pin-utils",
 "slab",
 ]

@@ -2642,12 +2640,13 @@ dependencies = [

 [[package]]
 name = "hyper-util"
-version = "0.1.20"
+version = "0.1.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
+checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
 dependencies = [
 "bytes",
 "futures-channel",
+ "futures-core",
 "futures-util",
 "http 1.1.0",
 "http-body",
@@ -2798,7 +2797,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -3032,7 +3031,7 @@ dependencies = [
 "arrayvec",
 "cc",
 "cfg-if",
- "constant_time_eq 0.3.1",
+ "constant_time_eq",
 ]

 [[package]]
@@ -3088,7 +3087,7 @@ dependencies = [
 "heck 0.5.0",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -3260,9 +3259,9 @@ dependencies = [

 [[package]]
 name = "libc"
-version = "0.2.182"
+version = "0.2.180"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112"
+checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc"

 [[package]]
 name = "libm"
@@ -3276,7 +3275,7 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "libc",
 "redox_syscall 0.5.12",
 ]
@@ -3310,9 +3309,9 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"

 [[package]]
 name = "linux-raw-sys"
-version = "0.12.1"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53"
+checksum = "df1d3c3b53da64cf5760482273a98e575c651a67eec7f77df96b5b642de8f039"

 [[package]]
 name = "litemap"
@@ -3369,12 +3368,6 @@ version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "227748d55f2f0ab4735d87fd623798cb6b664512fe979705f829c9f81c934465"

-[[package]]
-name = "lru-slab"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
-
 [[package]]
 name = "lru_time_cache"
 version = "0.11.11"
@@ -3596,7 +3589,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0800eae8638a299eaa67476e1c6b6692922273e0f7939fd188fc861c837b9cd2"
 dependencies = [
 "anyhow",
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "byteorder",
 "libc",
 "log",
@@ -3691,7 +3684,7 @@ version = "0.30.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "cfg-if",
 "cfg_aliases",
 "libc",
@@ -3796,7 +3789,7 @@ checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -3857,7 +3850,7 @@ dependencies = [
 "proc-macro-crate 3.2.0",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -3866,7 +3859,7 @@ version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 ]

 [[package]]
@@ -3937,7 +3930,7 @@ version = "0.10.72"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "cfg-if",
 "foreign-types",
 "libc",
@@ -3954,7 +3947,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -4141,7 +4134,7 @@ dependencies = [
 "pest_meta",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -4250,7 +4243,7 @@ checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -4369,7 +4362,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "regex",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -4399,7 +4392,7 @@ version = "0.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97baced388464909d42d89643fe4361939af9b7ce7a31ee32a168f832a70f2a0"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "crc32fast",
 "fdeflate",
 "flate2",
@@ -4601,7 +4594,7 @@ dependencies = [
 "proc-macro-error-attr2",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -4615,11 +4608,11 @@ dependencies = [

 [[package]]
 name = "proptest"
-version = "1.10.0"
+version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
+checksum = "bee689443a2bd0a16ab0348b52ee43e3b2d1b1f931c8aa5c9f8de4c86fbe8c40"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "num-traits",
 "rand 0.9.2",
 "rand_chacha 0.9.0",
@@ -4667,9 +4660,9 @@ checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"

 [[package]]
 name = "quick-xml"
-version = "0.39.2"
+version = "0.39.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "958f21e8e7ceb5a1aa7fa87fab28e7c75976e0bfe7e23ff069e0a260f894067d"
+checksum = "f2e3bf4aa9d243beeb01a7b3bc30b77cfe2c44e24ec02d751a7104a53c2c49a1"
 dependencies = [
 "memchr",
 ]
@@ -4694,14 +4687,13 @@ dependencies = [

 [[package]]
 name = "quinn-proto"
-version = "0.11.14"
+version = "0.11.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
+checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d"
 dependencies = [
 "bytes",
- "getrandom 0.3.3",
- "lru-slab",
- "rand 0.9.2",
+ "getrandom 0.2.16",
+ "rand 0.8.5",
 "ring",
 "rustc-hash",
 "rustls",
@@ -4903,7 +4895,7 @@ version = "0.5.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "928fca9cf2aa042393a8325b9ead81d2f0df4cb12e1e24cef072922ccd99c5af"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 ]

 [[package]]
@@ -4919,9 +4911,9 @@ dependencies = [

 [[package]]
 name = "regex"
-version = "1.12.3"
+version = "1.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276"
+checksum = "843bc0191f75f3e22651ae5f1e72939ab2f72a4bc30fa80a066bd66edefc24d4"
 dependencies = [
 "aho-corasick",
 "memchr",
@@ -5090,7 +5082,7 @@ version = "0.37.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "165ca6e57b20e1351573e3729b958bc62f0e48025386970b6e4d29e7a7e71f3f"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "fallible-iterator",
 "fallible-streaming-iterator",
 "hashlink",
@@ -5134,7 +5126,7 @@ version = "0.38.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "errno",
 "libc",
 "linux-raw-sys 0.4.14",
@@ -5143,14 +5135,14 @@ dependencies = [

 [[package]]
 name = "rustix"
-version = "1.1.4"
+version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190"
+checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "errno",
 "libc",
- "linux-raw-sys 0.12.1",
+ "linux-raw-sys 0.11.0",
 "windows-sys 0.61.1",
 ]

@@ -5211,7 +5203,7 @@ version = "16.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "62fd9ca5ebc709e8535e8ef7c658eb51457987e48c98ead2be482172accc408d"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "cfg-if",
 "clipboard-win",
 "fd-lock",
@@ -5290,7 +5282,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "serde_derive_internals",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -5307,9 +5299,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

 [[package]]
 name = "sdp"
-version = "0.17.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22c3b0257608d7de4de4c4ea650ccc2e6e3e45e3cd80039fcdee768bcb449253"
+checksum = "32c374dceda16965d541c8800ce9cc4e1c14acfd661ddf7952feeedc3411e5c6"
 dependencies = [
 "rand 0.9.2",
 "substring",
@@ -5338,7 +5330,7 @@ version = "2.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "core-foundation",
 "core-foundation-sys",
 "libc",
@@ -5422,7 +5414,7 @@ checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -5433,7 +5425,7 @@ checksum = "330f01ce65a3a5fe59a60c82f3c9a024b573b8a6e875bd233fe5f934e71d54e3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -5657,7 +5649,7 @@ version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dee851d0e5e7af3721faea1843e8015e820a234f81fda3dea9247e15bac9a86a"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 ]

 [[package]]
@@ -5699,7 +5691,7 @@ dependencies = [
 "heck 0.5.0",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -5782,9 +5774,9 @@ dependencies = [

 [[package]]
 name = "strum"
-version = "0.28.0"
+version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9628de9b8791db39ceda2b119bbe13134770b56c138ec1d3af810d045c04f9bd"
+checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf"

 [[package]]
 name = "strum_macros"
@@ -5796,19 +5788,19 @@ dependencies = [
 "proc-macro2",
 "quote",
 "rustversion",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
 name = "strum_macros"
-version = "0.28.0"
+version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab85eea0270ee17587ed4156089e10b9e6880ee688791d45a905f5b1ca36f664"
+checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7"
 dependencies = [
 "heck 0.5.0",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -5879,9 +5871,9 @@ dependencies = [

 [[package]]
 name = "syn"
-version = "2.0.117"
+version = "2.0.114"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
+checksum = "d4d107df263a3013ef9b1879b0df87d706ff80f65a86ea879bd9c31f9b307c2a"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5905,7 +5897,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -5942,7 +5934,7 @@ version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 "core-foundation",
 "system-configuration-sys",
 ]
@@ -5977,14 +5969,14 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"

 [[package]]
 name = "tempfile"
-version = "3.26.0"
+version = "3.24.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82a72c767771b47409d2345987fda8628641887d5466101319899796367354a0"
+checksum = "655da9c7eb6305c55742045d5a8d2037996d61d8de95806335c7c86ce0f82e9c"
 dependencies = [
 "fastrand",
 "getrandom 0.3.3",
 "once_cell",
- "rustix 1.1.4",
+ "rustix 1.1.3",
 "windows-sys 0.61.1",
 ]

@@ -6040,7 +6032,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6051,7 +6043,7 @@ checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6166,7 +6158,7 @@ checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6366,7 +6358,7 @@ checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6416,7 +6408,7 @@ checksum = "70977707304198400eb4835a78f6a9f928bf41bba420deb8fdb175cd965d77a7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6461,7 +6453,7 @@ dependencies = [
 "proc-macro-error2",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6662,7 +6654,7 @@ dependencies = [
 "log",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "wasm-bindgen-shared",
 ]

@@ -6697,7 +6689,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
@@ -6880,7 +6872,7 @@ checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6891,7 +6883,7 @@ checksum = "83577b051e2f49a058c308f17f273b570a6a758386fc291b5f6a934dd84e48c1"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6902,7 +6894,7 @@ checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -6913,7 +6905,7 @@ checksum = "cb26fd936d991781ea39e87c3a27285081e3c0da5ca0fcbc02d368cc6f52ff01"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -7225,7 +7217,7 @@ version = "0.39.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
 dependencies = [
- "bitflags 2.11.0",
+ "bitflags 2.9.1",
 ]

 [[package]]
@@ -7372,7 +7364,7 @@ dependencies = [
 "darling",
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -7395,7 +7387,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "synstructure",
 ]

@@ -7423,7 +7415,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -7443,7 +7435,7 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 "synstructure",
 ]

@@ -7464,7 +7456,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
@@ -7486,7 +7478,7 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.117",
+ "syn 2.0.114",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "2.47.0-dev"
+version = "2.43.0"
 edition = "2024"
 license = "MPL-2.0"
 rust-version = "1.88"
@@ -86,8 +86,9 @@ rand-old = { package = "rand", version = "0.8" }
 rand = { workspace = true }
 regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
+rustls-pki-types = "1.12.0"
 sanitize-filename = { workspace = true }
-sdp = "0.17.1"
+sdp = "0.10.0"
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
@@ -95,15 +96,15 @@ sha-1 = "0.10"
 sha2 = "0.10"
 shadowsocks = { version = "1.23.1", default-features = false, features = ["aead-cipher", "aead-cipher-2022"] }
 smallvec = "1.15.1"
-strum = "0.28"
-strum_macros = "0.28"
+strum = "0.27"
+strum_macros = "0.27"
 tagger = "4.3.4"
 textwrap = "0.16.2"
 thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
-astral-tokio-tar = { version = "0.6", default-features = false }
+astral-tokio-tar = { version = "0.5.6", default-features = false }
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.9"
@@ -185,7 +186,7 @@ chrono = { version = "0.4.43", default-features = false }
 deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
-futures = "0.3.32"
+futures = "0.3.31"
 futures-lite = "2.6.1"
 libc = "0.2"
 log = "0.4"
@@ -193,12 +194,12 @@ mailparse = "0.16.1"
 nu-ansi-term = "0.50"
 num-traits = "0.2"
 rand = "0.9"
-regex = "1.12"
+regex = "1.10"
 rusqlite = "0.37"
 sanitize-filename = "0.6"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.25.0"
+tempfile = "3.24.0"
 thiserror = "2"
 tokio = "1"
 tokio-util = "0.7.18"
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -22,44 +22,6 @@ For example, to release version 1.116.0 of the core, do the following steps.

 9. Create a GitHub release: `gh release create v1.116.0 --notes ''`.

-10. Update the version to the next development version:
-    `scripts/set_core_version.py 1.117.0-dev`.
-
-11. Commit and push the change:
-    `git commit -m "chore: bump version to 1.117.0-dev" && git push origin main`.
-
-12. Once the binaries are generated and [published](https://github.com/chatmail/core/releases),
-    check Windows binaries for false positive detections at [VirusTotal].
-    Either upload the binaries directly or submit a direct link to the artifact.
-    You can use [old browsers interface](https://www.virustotal.com/old-browsers/)
-    if there are problems with using the default website.
-    If you submit a direct link and get to the page saying
-    "No security vendors flagged this URL as malicious",
-    it does not mean that the file itself is not detected.
-    You need to go to the "details" tab
-    and click on the SHA-256 hash in the "Body SHA-256" section.
-    If any false positive is detected,
-    open an issue to track removing it.
-    See <https://github.com/chatmail/core/issues/7847>
-    for an example of false positive detection issue.
-    If there is a false positive "Microsoft" detection,
-    mark the issue as a blocker.
-
-[VirusTotal]: https://www.virustotal.com/
-
-## Dealing with antivirus false positives
-
-If Windows release is incorrectly detected by some antivirus, submit requests to remove detection.
-
-"Microsoft" antivirus is built in Windows and will break user setups so removing its detection should be highest priority.
-To submit false positive to Microsoft, go to <https://www.microsoft.com/en-us/wdsi/filesubmission> and select "Submit file as a ... Software developer" option.
-
-False positive contacts for other vendors can be found at <https://docs.virustotal.com/docs/false-positive-contacts>.
-Not all of them may be up to date, so check the links below first.
-Previously we successfully used the following contacts:
- [ESET-NOD32](mailto:samples@eset.com)
- [Symantec](https://symsubmit.symantec.com/)
-
 ## Dealing with failed releases

 Once you make a GitHub release,
--- a/benches/decrypting.rs
+++ b/benches/decrypting.rs
@@ -8,47 +8,43 @@
 //! cargo bench --bench decrypting --features="internals"
 //! ```
 //!
-//! or, if you want to only run e.g. the 'Decrypt and parse a symmetrically encrypted message' benchmark:
+//! or, if you want to only run e.g. the 'Decrypt a symmetrically encrypted message' benchmark:
 //!
 //! ```text
-//! cargo bench --bench decrypting --features="internals" -- 'Decrypt and parse a symmetrically encrypted message'
+//! cargo bench --bench decrypting --features="internals" -- 'Decrypt a symmetrically encrypted message'
 //! ```
 //!
-//! You can also pass a substring:
+//! You can also pass a substring.
+//! So, you can run all 'Decrypt and parse' benchmarks with:
 //!
 //! ```text
-//! cargo bench --bench decrypting --features="internals" -- 'symmetrically'
+//! cargo bench --bench decrypting --features="internals" -- 'Decrypt and parse'
 //! ```
 //!
 //! Symmetric decryption has to try out all known secrets,
 //! You can benchmark this by adapting the `NUM_SECRETS` variable.

 use std::hint::black_box;
-use std::sync::LazyLock;

 use criterion::{Criterion, criterion_group, criterion_main};
 use deltachat::internals_for_benches::create_broadcast_secret;
+use deltachat::internals_for_benches::create_dummy_keypair;
 use deltachat::internals_for_benches::save_broadcast_secret;
-use deltachat::securejoin::get_securejoin_qr;
 use deltachat::{
-    Events, chat::ChatId, config::Config, context::Context, internals_for_benches::key_from_asc,
-    internals_for_benches::parse_and_get_text, internals_for_benches::store_self_keypair,
+    Events,
+    chat::ChatId,
+    config::Config,
+    context::Context,
+    internals_for_benches::key_from_asc,
+    internals_for_benches::parse_and_get_text,
+    internals_for_benches::store_self_keypair,
+    pgp::{KeyPair, SeipdVersion, decrypt, pk_encrypt, symm_encrypt_message},
    stock_str::StockStrings,
 };
+use rand::{Rng, rng};
 use tempfile::tempdir;

-static NUM_BROADCAST_SECRETS: LazyLock<usize> = LazyLock::new(|| {
-    std::env::var("NUM_BROADCAST_SECRETS")
-        .unwrap_or("500".to_string())
-        .parse()
-        .unwrap()
-});
-static NUM_AUTH_TOKENS: LazyLock<usize> = LazyLock::new(|| {
-    std::env::var("NUM_AUTH_TOKENS")
-        .unwrap_or("5000".to_string())
-        .parse()
-        .unwrap()
-});
+const NUM_SECRETS: usize = 500;

 async fn create_context() -> Context {
    let dir = tempdir().unwrap();
@@ -62,7 +58,9 @@ async fn create_context() -> Context {
        .await
        .unwrap();
    let secret = key_from_asc(include_str!("../test-data/key/bob-secret.asc")).unwrap();
-    store_self_keypair(&context, &secret)
+    let public = secret.to_public_key();
+    let key_pair = KeyPair { public, secret };
+    store_self_keypair(&context, &key_pair)
        .await
        .expect("Failed to save key");

@@ -72,6 +70,66 @@ async fn create_context() -> Context {
 fn criterion_benchmark(c: &mut Criterion) {
    let mut group = c.benchmark_group("Decrypt");

+    // ===========================================================================================
+    // Benchmarks for decryption only, without any other parsing
+    // ===========================================================================================
+
+    group.sample_size(10);
+
+    group.bench_function("Decrypt a symmetrically encrypted message", |b| {
+        let plain = generate_plaintext();
+        let secrets = generate_secrets();
+        let encrypted = tokio::runtime::Runtime::new().unwrap().block_on(async {
+            let secret = secrets[NUM_SECRETS / 2].clone();
+            symm_encrypt_message(
+                plain.clone(),
+                create_dummy_keypair("alice@example.org").unwrap().secret,
+                black_box(&secret),
+                true,
+            )
+            .await
+            .unwrap()
+        });
+
+        b.iter(|| {
+            let mut msg =
+                decrypt(encrypted.clone().into_bytes(), &[], black_box(&secrets)).unwrap();
+            let decrypted = msg.as_data_vec().unwrap();
+
+            assert_eq!(black_box(decrypted), plain);
+        });
+    });
+
+    group.bench_function("Decrypt a public-key encrypted message", |b| {
+        let plain = generate_plaintext();
+        let key_pair = create_dummy_keypair("alice@example.org").unwrap();
+        let secrets = generate_secrets();
+        let encrypted = tokio::runtime::Runtime::new().unwrap().block_on(async {
+            pk_encrypt(
+                plain.clone(),
+                vec![black_box(key_pair.public.clone())],
+                key_pair.secret.clone(),
+                true,
+                true,
+                SeipdVersion::V2,
+            )
+            .await
+            .unwrap()
+        });
+
+        b.iter(|| {
+            let mut msg = decrypt(
+                encrypted.clone().into_bytes(),
+                std::slice::from_ref(&key_pair.secret),
+                black_box(&secrets),
+            )
+            .unwrap();
+            let decrypted = msg.as_data_vec().unwrap();
+
+            assert_eq!(black_box(decrypted), plain);
+        });
+    });
+
    // ===========================================================================================
    // Benchmarks for the whole parsing pipeline, incl. decryption (but excl. receive_imf())
    // ===========================================================================================
@@ -81,7 +139,7 @@ fn criterion_benchmark(c: &mut Criterion) {

    // "secret" is the shared secret that was used to encrypt text_symmetrically_encrypted.eml.
    // Put it into the middle of our secrets:
-    secrets[*NUM_BROADCAST_SECRETS / 2] = "secret".to_string();
+    secrets[NUM_SECRETS / 2] = "secret".to_string();

    let context = rt.block_on(async {
        let context = create_context().await;
@@ -90,10 +148,6 @@ fn criterion_benchmark(c: &mut Criterion) {
                .await
                .unwrap();
        }
-        for _i in 0..*NUM_AUTH_TOKENS {
-            get_securejoin_qr(&context, None).await.unwrap();
-        }
-        println!("NUM_AUTH_TOKENS={}", *NUM_AUTH_TOKENS);
        context
    });

@@ -107,7 +161,7 @@ fn criterion_benchmark(c: &mut Criterion) {
                )
                .await
                .unwrap();
-                assert_eq!(black_box(text), "Symmetrically encrypted message");
+                assert_eq!(text, "Symmetrically encrypted message");
            }
        });
    });
@@ -122,7 +176,7 @@ fn criterion_benchmark(c: &mut Criterion) {
                )
                .await
                .unwrap();
-                assert_eq!(black_box(text), "hi");
+                assert_eq!(text, "hi");
            }
        });
    });
@@ -131,12 +185,17 @@ fn criterion_benchmark(c: &mut Criterion) {
 }

 fn generate_secrets() -> Vec<String> {
-    let secrets: Vec<String> = (0..*NUM_BROADCAST_SECRETS)
+    let secrets: Vec<String> = (0..NUM_SECRETS)
        .map(|_| create_broadcast_secret())
        .collect();
-    println!("NUM_BROADCAST_SECRETS={}", *NUM_BROADCAST_SECRETS);
    secrets
 }

+fn generate_plaintext() -> Vec<u8> {
+    let mut plain: Vec<u8> = vec![0; 500];
+    rng().fill(&mut plain[..]);
+    plain
+}
+
 criterion_group!(benches, criterion_benchmark);
 criterion_main!(benches);
--- a/deltachat-contact-tools/src/vcard.rs
+++ b/deltachat-contact-tools/src/vcard.rs
@@ -36,45 +36,6 @@ impl VcardContact {
    }
 }

-fn escape(s: &str) -> String {
-    // https://www.rfc-editor.org/rfc/rfc6350.html#section-3.4
-    s
-        // backslash must be first!
-        .replace(r"\", r"\\")
-        .replace(',', r"\,")
-        .replace(';', r"\;")
-        .replace('\n', r"\n")
-}
-
-fn unescape(s: &str) -> String {
-    // https://www.rfc-editor.org/rfc/rfc6350.html#section-3.4
-    let mut out = String::new();
-
-    let mut chars = s.chars();
-    while let Some(c) = chars.next() {
-        if c == '\\' {
-            if let Some(next) = chars.next() {
-                match next {
-                    '\\' | ',' | ';' => out.push(next),
-                    'n' | 'N' => out.push('\n'),
-                    _ => {
-                        // Invalid escape sequence (keep unchanged)
-                        out.push('\\');
-                        out.push(next);
-                    }
-                }
-            } else {
-                // Invalid escape sequence (keep unchanged)
-                out.push('\\');
-            }
-        } else {
-            out.push(c);
-        }
-    }
-
-    out
-}
-
 /// Returns a vCard containing given contacts.
 ///
 /// Calling [`parse_vcard()`] on the returned result is a reverse operation.
@@ -85,6 +46,10 @@ pub fn make_vcard(contacts: &[VcardContact]) -> String {
        Some(datetime.format("%Y%m%dT%H%M%SZ").to_string())
    }

+    fn escape(s: &str) -> String {
+        s.replace(',', "\\,")
+    }
+
    let mut res = "".to_string();
    for c in contacts {
        // Mustn't contain ',', but it's easier to escape than to error out.
@@ -159,7 +124,7 @@ pub fn parse_vcard(vcard: &str) -> Vec<VcardContact> {
    fn vcard_property<'a>(line: &'a str, property: &str) -> Option<(&'a str, String)> {
        let (params, value) = vcard_property_raw(line, property)?;
        // Some fields can't contain commas, but unescape them everywhere for safety.
-        Some((params, unescape(value)))
+        Some((params, value.replace("\\,", ",")))
    }
    fn base64_key(line: &str) -> Option<&str> {
        let (params, value) = vcard_property_raw(line, "key")?;
--- a/deltachat-contact-tools/src/vcard/vcard_tests.rs
+++ b/deltachat-contact-tools/src/vcard/vcard_tests.rs
@@ -91,7 +91,7 @@ fn test_make_and_parse_vcard() {
            authname: "Alice Wonderland".to_string(),
            key: Some("[base64-data]".to_string()),
            profile_image: Some("image in Base64".to_string()),
-            biography: Some("Hi,\nI'm Alice; and this is a backslash: \\".to_string()),
+            biography: Some("Hi, I'm Alice".to_string()),
            timestamp: Ok(1713465762),
        },
        VcardContact {
@@ -110,7 +110,7 @@ fn test_make_and_parse_vcard() {
             FN:Alice Wonderland\r\n\
             KEY:data:application/pgp-keys;base64\\,[base64-data]\r\n\
             PHOTO:data:image/jpeg;base64\\,image in Base64\r\n\
-             NOTE:Hi\\,\\nI'm Alice\\; and this is a backslash: \\\\\r\n\
+             NOTE:Hi\\, I'm Alice\r\n\
             REV:20240418T184242Z\r\n\
             END:VCARD\r\n",
        "BEGIN:VCARD\r\n\
@@ -276,14 +276,3 @@ END:VCARD",
    assert!(contacts[0].timestamp.is_err());
    assert_eq!(contacts[0].profile_image.as_ref().unwrap(), "/9aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Z");
 }
-
-#[test]
-fn test_vcard_value_escape_unescape() {
-    let original = "Text, with; chars and a \\ and a newline\nand a literal newline \\n";
-    let expected_escaped = r"Text\, with\; chars and a \\ and a newline\nand a literal newline \\n";
-
-    let escaped = escape(original);
-    assert_eq!(escaped, expected_escaped);
-    let unescaped = unescape(&escaped);
-    assert_eq!(original, unescaped);
-}
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.47.0-dev"
+version = "2.43.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -1569,7 +1569,7 @@ dc_array_t*     dc_wait_next_msgs            (dc_context_t* context);
 * (read receipts aren't sent for noticed messages).
 *
 * Calling this function usually results in the event #DC_EVENT_MSGS_NOTICED.
- * See also dc_markseen_msgs() and dc_markfresh_chat().
+ * See also dc_markseen_msgs().
 *
 * @memberof dc_context_t
 * @param context The context object as returned from dc_context_new().
@@ -1578,29 +1578,6 @@ dc_array_t*     dc_wait_next_msgs            (dc_context_t* context);
 void            dc_marknoticed_chat          (dc_context_t* context, uint32_t chat_id);


-/**
- * Mark the last incoming message in chat as _fresh_.
- *
- * UI can use this to offer a "mark unread" option,
- * so that already noticed chats (see dc_marknoticed_chat()) get a badge counter again.
- *
- * dc_get_fresh_msg_cnt() and dc_get_fresh_msgs() usually is increased by one afterwards.
- *
- * #DC_EVENT_MSGS_CHANGED is fired as usual,
- * however, #DC_EVENT_INCOMING_MSG is _not_ fired again.
- * This is to not add complexity to incoming messages code,
- * e.g. UI usually does not add notifications for manually unread chats.
- * If the UI wants to update system badge counters,
- * they should do so directly after calling dc_markfresh_chat().
- *
- * @memberof dc_context_t
- * @param context The context object as returned from dc_context_new().
- * @param chat_id The chat ID of which the last incoming message should be marked as fresh.
- *     If the chat does not have incoming messages, nothing happens.
- */
-void            dc_markfresh_chat            (dc_context_t* context, uint32_t chat_id);
-
-
 /**
 * Returns all message IDs of the given types in a given chat or any chat.
 * Typically used to show a gallery.
@@ -2494,6 +2471,76 @@ void            dc_imex                      (dc_context_t* context, int what, c
 char*           dc_imex_has_backup           (dc_context_t* context, const char* dir);


+/**
+ * Initiate Autocrypt Setup Transfer.
+ * Before starting the setup transfer with this function, the user should be asked:
+ *
+ * ~~~
+ * "An 'Autocrypt Setup Message' securely shares your end-to-end setup with other Autocrypt-compliant apps.
+ * The setup will be encrypted by a setup code which is displayed here and must be typed on the other device.
+ * ~~~
+ *
+ * After that, this function should be called to send the Autocrypt Setup Message.
+ * The function creates the setup message and adds it to outgoing message queue.
+ * The message is sent asynchronously.
+ *
+ * The required setup code is returned in the following format:
+ *
+ * ~~~
+ * 1234-1234-1234-1234-1234-1234-1234-1234-1234
+ * ~~~
+ *
+ * The setup code should be shown to the user then:
+ *
+ * ~~~
+ * "Your key has been sent to yourself. Switch to the other device and
+ * open the setup message. You should be prompted for a setup code. Type
+ * the following digits into the prompt:
+ *
+ * 1234 - 1234 - 1234 -
+ * 1234 - 1234 - 1234 -
+ * 1234 - 1234 - 1234
+ *
+ * Once you're done, your other device will be ready to use Autocrypt."
+ * ~~~
+ *
+ * On the _other device_ you will call dc_continue_key_transfer() then
+ * for setup messages identified by dc_msg_is_setupmessage().
+ *
+ * For more details about the Autocrypt setup process, please refer to
+ * https://autocrypt.org/en/latest/level1.html#autocrypt-setup-message
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @return The setup code. Must be released using dc_str_unref() after usage.
+ *     On errors, e.g. if the message could not be sent, NULL is returned.
+ */
+char*           dc_initiate_key_transfer     (dc_context_t* context);
+
+
+/**
+ * Continue the Autocrypt Key Transfer on another device.
+ *
+ * If you have started the key transfer on another device using dc_initiate_key_transfer()
+ * and you've detected a setup message with dc_msg_is_setupmessage(), you should prompt the
+ * user for the setup code and call this function then.
+ *
+ * You can use dc_msg_get_setupcodebegin() to give the user a hint about the code (useful if the user
+ * has created several messages and should not enter the wrong code).
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @param msg_id The ID of the setup message to decrypt.
+ * @param setup_code The setup code entered by the user. This is the same setup code as returned from
+ *     dc_initiate_key_transfer() on the other device.
+ *     There is no need to format the string correctly, the function will remove all spaces and other characters and
+ *     insert the `-` characters at the correct places.
+ * @return 1=key successfully decrypted and imported; both devices will use the same key now;
+ *     0=key transfer failed e.g. due to a bad setup code.
+ */
+int             dc_continue_key_transfer     (dc_context_t* context, uint32_t msg_id, const char* setup_code);
+
+
 /**
 * Signal an ongoing process to stop.
 *
@@ -4565,7 +4612,7 @@ int             dc_msg_is_info                (const dc_msg_t* msg);
 *   and also offer a way to fix the encryption, eg. by a button offering a QR scan
 * - DC_INFO_WEBXDC_INFO_MESSAGE (32) - Info-message created by webxdc app sending `update.info`
 * - DC_INFO_CHAT_E2EE (50) - Info-message for "Chat is end-to-end-encrypted"
- * - DC_INFO_GROUP_DESCRIPTION_CHANGED (70) - Info-message "Description changed", UI should open the profile with the description
+ * - DC_INFO_GROUP_NAME_CHANGED (70) - Info-message "Description changed", UI should open the profile with the description
 *
 * For the messages that refer to a CONTACT,
 * dc_msg_get_info_contact_id() returns the contact ID.
@@ -4612,10 +4659,7 @@ uint32_t        dc_msg_get_info_contact_id    (const dc_msg_t* msg);
 #define         DC_INFO_GROUP_IMAGE_CHANGED        3
 #define         DC_INFO_MEMBER_ADDED_TO_GROUP      4
 #define         DC_INFO_MEMBER_REMOVED_FROM_GROUP  5
-
-// Deprecated as of 2026-03-16, not used for new messages.
 #define         DC_INFO_AUTOCRYPT_SETUP_MESSAGE    6
-
 #define         DC_INFO_SECURE_JOIN_MESSAGE        7
 #define         DC_INFO_LOCATIONSTREAMING_ENABLED  8
 #define         DC_INFO_LOCATION_ONLY              9
@@ -4645,6 +4689,40 @@ uint32_t        dc_msg_get_info_contact_id    (const dc_msg_t* msg);
 char*           dc_msg_get_webxdc_href        (const dc_msg_t* msg);


+/**
+ * Check if the message is an Autocrypt Setup Message.
+ *
+ * Setup messages should be shown in an unique way e.g. using a different text color.
+ * On a click or another action, the user should be prompted for the setup code
+ * which is forwarded to dc_continue_key_transfer() then.
+ *
+ * Setup message are typically generated by dc_initiate_key_transfer() on another device.
+ *
+ * @memberof dc_msg_t
+ * @param msg The message object.
+ * @return 1=message is a setup message, 0=no setup message.
+ *     For setup messages, dc_msg_get_viewtype() returns #DC_MSG_FILE.
+ */
+int             dc_msg_is_setupmessage        (const dc_msg_t* msg);
+
+
+/**
+ * Get the first characters of the setup code.
+ *
+ * Typically, this is used to pre-fill the first entry field of the setup code.
+ * If the user has several setup messages, he can be sure typing in the correct digits.
+ *
+ * To check, if a message is a setup message, use dc_msg_is_setupmessage().
+ * To decrypt a secret key from a setup message, use dc_continue_key_transfer().
+ *
+ * @memberof dc_msg_t
+ * @param msg The message object.
+ * @return Typically the first two digits of the setup code or an empty string if unknown.
+ *     NULL is never returned. Must be released using dc_str_unref() when done.
+ */
+char*           dc_msg_get_setupcodebegin     (const dc_msg_t* msg);
+
+
 /**
 * Gets the error status of the message.
 * If there is no error associated with the message, NULL is returned.
@@ -6238,7 +6316,7 @@ void dc_event_unref(dc_event_t* event);
 * should not be disturbed by a dialog or so. Instead, use a bubble or so.
 *
 * However, for ongoing processes (e.g. dc_configure())
- * or for functions that are expected to fail
+ * or for functions that are expected to fail (e.g. dc_continue_key_transfer())
 * it might be better to delay showing these events until the function has really
 * failed (returned false). It should be sufficient to report only the _last_ error
 * in a message box then.
@@ -6677,7 +6755,6 @@ void dc_event_unref(dc_event_t* event);
 * UI usually only takes action in case call UI was opened before, otherwise the event should be ignored.
 *
 * @param data1 (int) msg_id ID of the message referring to the call
- * @param data2 (int) 1 if the call was accepted from this device (process).
 */
 #define DC_EVENT_INCOMING_CALL_ACCEPTED                  2560

@@ -6706,8 +6783,8 @@ void dc_event_unref(dc_event_t* event);
 * UI should update the list.
 *
 * The event is emitted when the transports are modified on another device
- * using the JSON-RPC calls `add_or_update_transport`, `add_transport_from_qr`, `delete_transport`,
- * `set_transport_unpublished` or `set_config(configured_addr)`.
+ * using the JSON-RPC calls `add_or_update_transport`, `add_transport_from_qr`, `delete_transport`
+ * or `set_config(configured_addr)`.
 */
 #define DC_EVENT_TRANSPORTS_MODIFIED           2600

@@ -7419,7 +7496,7 @@ void dc_event_unref(dc_event_t* event);

 /// "Messages are end-to-end encrypted."
 ///
-/// Used in info-messages, UI may add smth. as "Tap to learn more."
+/// Used in info messages.
 #define DC_STR_CHAT_PROTECTION_ENABLED 170

 /// "Others will only see this group after you sent a first message."
@@ -7502,19 +7579,6 @@ void dc_event_unref(dc_event_t* event);
 /// `%1$s` and `%2$s` will both be replaced by the name of the inviter.
 #define DC_STR_SECURE_JOIN_CHANNEL_STARTED 203

-/// "Channel name changed from %1$s to %2$s."
-///
-/// Used in status messages.
-///
-/// `%1$s` will be replaced by the old channel name.
-/// `%2$s` will be replaced by the new channel name.
-#define DC_STR_CHANNEL_NAME_CHANGED 204
-
-/// "Channel image changed."
-///
-/// Used in status messages.
-#define DC_STR_CHANNEL_IMAGE_CHANGED 205
-
 /// "The attachment contains anonymous usage statistics, which help us improve Delta Chat. Thank you!"
 ///
 /// Used as the message body for statistics sent out.
@@ -7553,11 +7617,6 @@ void dc_event_unref(dc_event_t* event);
 /// "Chat description changed by %1$s."
 #define DC_STR_GROUP_DESCRIPTION_CHANGED_BY_OTHER 241

-/// "Messages are end-to-end encrypted."
-///
-/// Used when creating text for the "Encryption Info" dialogs.
-#define DC_STR_MESSAGES_ARE_E2EE 242
-
 /**
 * @}
 */
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -15,7 +15,6 @@ use std::collections::BTreeMap;
 use std::convert::TryFrom;
 use std::fmt::Write;
 use std::future::Future;
-use std::mem::ManuallyDrop;
 use std::ptr;
 use std::str::FromStr;
 use std::sync::{Arc, LazyLock, Mutex};
@@ -680,6 +679,7 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        | EventType::ChatModified(_)
        | EventType::ChatDeleted { .. }
        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
+        | EventType::IncomingCallAccepted { .. }
        | EventType::OutgoingCallAccepted { .. }
        | EventType::CallEnded { .. }
        | EventType::EventChannelOverflow { .. }
@@ -702,9 +702,6 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        } => status_update_serial.to_u32() as libc::c_int,
        EventType::WebxdcRealtimeData { data, .. } => data.len() as libc::c_int,
        EventType::IncomingCall { has_video, .. } => *has_video as libc::c_int,
-        EventType::IncomingCallAccepted {
-            from_this_device, ..
-        } => *from_this_device as libc::c_int,

        #[allow(unreachable_patterns)]
        #[cfg(test)]
@@ -1523,23 +1520,6 @@ pub unsafe extern "C" fn dc_marknoticed_chat(context: *mut dc_context_t, chat_id
    })
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_markfresh_chat(context: *mut dc_context_t, chat_id: u32) {
-    if context.is_null() {
-        eprintln!("ignoring careless call to dc_markfresh_chat()");
-        return;
-    }
-    let ctx = &*context;
-
-    block_on(async move {
-        chat::markfresh_chat(ctx, ChatId::new(chat_id))
-            .await
-            .context("Failed markfresh chat")
-            .log_err(ctx)
-            .unwrap_or(())
-    })
-}
-
 fn from_prim<S, T>(s: S) -> Option<T>
 where
    T: FromPrimitive,
@@ -2446,6 +2426,45 @@ pub unsafe extern "C" fn dc_imex_has_backup(
    }
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_initiate_key_transfer(context: *mut dc_context_t) -> *mut libc::c_char {
+    if context.is_null() {
+        eprintln!("ignoring careless call to dc_initiate_key_transfer()");
+        return ptr::null_mut(); // NULL explicitly defined as "error"
+    }
+    let ctx = &*context;
+
+    match block_on(imex::initiate_key_transfer(ctx))
+        .context("dc_initiate_key_transfer()")
+        .log_err(ctx)
+    {
+        Ok(res) => res.strdup(),
+        Err(_) => ptr::null_mut(),
+    }
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_continue_key_transfer(
+    context: *mut dc_context_t,
+    msg_id: u32,
+    setup_code: *const libc::c_char,
+) -> libc::c_int {
+    if context.is_null() || msg_id <= constants::DC_MSG_ID_LAST_SPECIAL || setup_code.is_null() {
+        eprintln!("ignoring careless call to dc_continue_key_transfer()");
+        return 0;
+    }
+    let ctx = &*context;
+
+    block_on(imex::continue_key_transfer(
+        ctx,
+        MsgId::new(msg_id),
+        &to_string_lossy(setup_code),
+    ))
+    .context("dc_continue_key_transfer")
+    .log_err(ctx)
+    .is_ok() as libc::c_int
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_stop_ongoing_process(context: *mut dc_context_t) {
    if context.is_null() {
@@ -3768,6 +3787,16 @@ pub unsafe extern "C" fn dc_msg_get_webxdc_href(msg: *mut dc_msg_t) -> *mut libc
    ffi_msg.message.get_webxdc_href().strdup()
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_is_setupmessage(msg: *mut dc_msg_t) -> libc::c_int {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_is_setupmessage()");
+        return 0;
+    }
+    let ffi_msg = &*msg;
+    ffi_msg.message.is_setupmessage().into()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
    if msg.is_null() {
@@ -3778,6 +3807,20 @@ pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
    ffi_msg.message.has_html().into()
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_get_setupcodebegin(msg: *mut dc_msg_t) -> *mut libc::c_char {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_get_setupcodebegin()");
+        return "".strdup();
+    }
+    let ffi_msg = &*msg;
+    let ctx = &*ffi_msg.context;
+
+    block_on(ffi_msg.message.get_setupcodebegin(ctx))
+        .unwrap_or_default()
+        .strdup()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_set_text(msg: *mut dc_msg_t, text: *const libc::c_char) {
    if msg.is_null() {
@@ -5107,10 +5150,10 @@ pub unsafe extern "C" fn dc_jsonrpc_init(
        return ptr::null_mut();
    }

-    let account_manager = ManuallyDrop::new(Arc::from_raw(account_manager));
-    let cmd_api = block_on(deltachat_jsonrpc::api::CommandApi::from_arc(Arc::clone(
-        &account_manager,
-    )));
+    let account_manager = Arc::from_raw(account_manager);
+    let cmd_api = block_on(deltachat_jsonrpc::api::CommandApi::from_arc(
+        account_manager.clone(),
+    ));

    let (request_handle, receiver) = RpcClient::new();
    let handle = RpcSession::new(request_handle, cmd_api);
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.47.0-dev"
+version = "2.43.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -31,7 +31,7 @@ use deltachat::peer_channels::{
 };
 use deltachat::provider::get_provider_info;
 use deltachat::qr::{self, Qr};
-use deltachat::qr_code_generator::{create_qr_svg, generate_backup_qr, get_securejoin_qr_svg};
+use deltachat::qr_code_generator::{generate_backup_qr, get_securejoin_qr_svg};
 use deltachat::reaction::{get_msg_reactions, send_reaction};
 use deltachat::securejoin;
 use deltachat::stock_str::StockMessage;
@@ -68,7 +68,6 @@ use self::types::{
    },
 };
 use crate::api::types::chat_list::{get_chat_list_item_by_id, ChatListItemFetchResult};
-use crate::api::types::login_param::TransportListEntry;
 use crate::api::types::qr::{QrObject, SecurejoinSource, SecurejoinUiPath};

 #[derive(Debug)]
@@ -529,7 +528,6 @@ impl CommandApi {
    ///   from a server encoded in a QR code.
    /// - [Self::list_transports()] to get a list of all configured transports.
    /// - [Self::delete_transport()] to remove a transport.
-    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
    async fn add_or_update_transport(
        &self,
        account_id: u32,
@@ -555,23 +553,7 @@ impl CommandApi {
    /// Returns the list of all email accounts that are used as a transport in the current profile.
    /// Use [Self::add_or_update_transport()] to add or change a transport
    /// and [Self::delete_transport()] to delete a transport.
-    /// Use [Self::list_transports_ex()] to additionally query
-    /// whether the transports are marked as 'unpublished'.
    async fn list_transports(&self, account_id: u32) -> Result<Vec<EnteredLoginParam>> {
-        let ctx = self.get_context(account_id).await?;
-        let res = ctx
-            .list_transports()
-            .await?
-            .into_iter()
-            .map(|t| t.param.into())
-            .collect();
-        Ok(res)
-    }
-
-    /// Returns the list of all email accounts that are used as a transport in the current profile.
-    /// Use [Self::add_or_update_transport()] to add or change a transport
-    /// and [Self::delete_transport()] to delete a transport.
-    async fn list_transports_ex(&self, account_id: u32) -> Result<Vec<TransportListEntry>> {
        let ctx = self.get_context(account_id).await?;
        let res = ctx
            .list_transports()
@@ -589,26 +571,6 @@ impl CommandApi {
        ctx.delete_transport(&addr).await
    }

-    /// Change whether the transport is unpublished.
-    ///
-    /// Unpublished transports are not advertised to contacts,
-    /// and self-sent messages are not sent there,
-    /// so that we don't cause extra messages to the corresponding inbox,
-    /// but can still receive messages from contacts who don't know our new transport addresses yet.
-    ///
-    /// The default is false, but when the user updates from a version that didn't have this flag,
-    /// existing secondary transports are set to unpublished,
-    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
-    async fn set_transport_unpublished(
-        &self,
-        account_id: u32,
-        addr: String,
-        unpublished: bool,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        ctx.set_transport_unpublished(&addr, unpublished).await
-    }
-
    /// Signal an ongoing process to stop.
    async fn stop_ongoing_process(&self, account_id: u32) -> Result<()> {
        let ctx = self.get_context(account_id).await?;
@@ -737,6 +699,25 @@ impl CommandApi {
        message::estimate_deletion_cnt(&ctx, from_server, seconds).await
    }

+    // ---------------------------------------------
+    //  autocrypt
+    // ---------------------------------------------
+
+    async fn initiate_autocrypt_key_transfer(&self, account_id: u32) -> Result<String> {
+        let ctx = self.get_context(account_id).await?;
+        deltachat::imex::initiate_key_transfer(&ctx).await
+    }
+
+    async fn continue_autocrypt_key_transfer(
+        &self,
+        account_id: u32,
+        message_id: u32,
+        setup_code: String,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        deltachat::imex::continue_key_transfer(&ctx, MsgId::new(message_id), &setup_code).await
+    }
+
    // ---------------------------------------------
    //   chat list
    // ---------------------------------------------
@@ -883,8 +864,6 @@ impl CommandApi {
    /// if `checkQr()` returns `askVerifyContact` or `askVerifyGroup`
    /// an out-of-band-verification can be joined using `secure_join()`
    ///
-    /// @deprecated as of 2026-03; use create_qr_svg(get_chat_securejoin_qr_code()) instead.
-    ///
    /// chat_id: If set to a group-chat-id,
    ///     the Verified-Group-Invite protocol is offered in the QR code;
    ///     works for protected groups as well as for normal groups.
@@ -2001,8 +1980,6 @@ impl CommandApi {
    /// even if there is no concurrent call to [`CommandApi::provide_backup`],
    /// but will fail after 60 seconds to avoid deadlocks.
    ///
-    /// @deprecated as of 2026-03; use `create_qr_svg(get_backup_qr())` instead.
-    ///
    /// Returns the QR code rendered as an SVG image.
    async fn get_backup_qr_svg(&self, account_id: u32) -> Result<String> {
        let ctx = self.get_context(account_id).await?;
@@ -2016,11 +1993,6 @@ impl CommandApi {
        generate_backup_qr(&ctx, &qr).await
    }

-    /// Renders the given text as a QR code SVG image.
-    async fn create_qr_svg(&self, text: String) -> Result<String> {
-        create_qr_svg(&text)
-    }
-
    /// Gets a backup from a remote provider.
    ///
    /// This retrieves the backup from a remote device over the network and imports it into
@@ -2534,10 +2506,7 @@ impl CommandApi {
                    continue;
                }
                let sticker_name = sticker_entry.file_name().into_string().unwrap_or_default();
-                if sticker_name.ends_with(".png")
-                    || sticker_name.ends_with(".webp")
-                    || sticker_name.ends_with(".gif")
-                {
+                if sticker_name.ends_with(".png") || sticker_name.ends_with(".webp") {
                    sticker_paths.push(
                        sticker_entry
                            .path()
--- a/deltachat-jsonrpc/src/api/types/events.rs
+++ b/deltachat-jsonrpc/src/api/types/events.rs
@@ -441,8 +441,6 @@ pub enum EventType {
        msg_id: u32,
        /// ID of the chat which the message belongs to.
        chat_id: u32,
-        /// The call was accepted from this device (process).
-        from_this_device: bool,
    },

    /// Outgoing call accepted.
@@ -636,14 +634,9 @@ impl From<CoreEventType> for EventType {
                place_call_info,
                has_video,
            },
-            CoreEventType::IncomingCallAccepted {
-                msg_id,
-                chat_id,
-                from_this_device,
-            } => IncomingCallAccepted {
+            CoreEventType::IncomingCallAccepted { msg_id, chat_id } => IncomingCallAccepted {
                msg_id: msg_id.to_u32(),
                chat_id: chat_id.to_u32(),
-                from_this_device,
            },
            CoreEventType::OutgoingCallAccepted {
                msg_id,
--- a/deltachat-jsonrpc/src/api/types/login_param.rs
+++ b/deltachat-jsonrpc/src/api/types/login_param.rs
@@ -4,16 +4,6 @@ use serde::Deserialize;
 use serde::Serialize;
 use yerpc::TypeDef;

-#[derive(Serialize, TypeDef, schemars::JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct TransportListEntry {
-    /// The login data entered by the user.
-    pub param: EnteredLoginParam,
-    /// Whether this transport is set to 'unpublished'.
-    /// See `set_transport_unpublished` / `setTransportUnpublished` for details.
-    pub is_unpublished: bool,
-}
-
 /// Login parameters entered by the user.
 ///
 /// Usually it will be enough to only set `addr` and `password`,
@@ -66,15 +56,6 @@ pub struct EnteredLoginParam {
    pub oauth2: Option<bool>,
 }

-impl From<dc::TransportListEntry> for TransportListEntry {
-    fn from(transport: dc::TransportListEntry) -> Self {
-        TransportListEntry {
-            param: transport.param.into(),
-            is_unpublished: transport.is_unpublished,
-        }
-    }
-}
-
 impl From<dc::EnteredLoginParam> for EnteredLoginParam {
    fn from(param: dc::EnteredLoginParam) -> Self {
        let imap_security: Socket = param.imap.security.into();
--- a/deltachat-jsonrpc/src/api/types/message.rs
+++ b/deltachat-jsonrpc/src/api/types/message.rs
@@ -68,6 +68,7 @@ pub struct MessageObject {
    /// if `show_padlock` is `false`,
    /// and nothing if it is `true`.
    show_padlock: bool,
+    is_setupmessage: bool,
    is_info: bool,
    is_forwarded: bool,

@@ -87,6 +88,8 @@ pub struct MessageObject {
    override_sender_name: Option<String>,
    sender: ContactObject,

+    setup_code_begin: Option<String>,
+
    file: Option<String>,
    file_mime: Option<String>,

@@ -223,6 +226,7 @@ impl MessageObject {

            subject: message.get_subject().to_owned(),
            show_padlock: message.get_showpadlock(),
+            is_setupmessage: message.is_setupmessage(),
            is_info: message.is_info(),
            is_forwarded: message.is_forwarded(),
            is_bot: message.is_bot(),
@@ -239,6 +243,8 @@ impl MessageObject {
            override_sender_name,
            sender,

+            setup_code_begin: message.get_setupcodebegin(context).await,
+
            file: match message.get_file(context) {
                Some(path_buf) => path_buf.to_str().map(|s| s.to_owned()),
                None => None,
--- a/deltachat-jsonrpc/src/api/types/qr.rs
+++ b/deltachat-jsonrpc/src/api/types/qr.rs
@@ -19,8 +19,6 @@ pub enum QrObject {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },
    /// Ask the user whether to join the group.
    AskVerifyGroup {
@@ -36,8 +34,6 @@ pub enum QrObject {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },
    /// Ask the user whether to join the broadcast channel.
    AskJoinBroadcast {
@@ -58,8 +54,6 @@ pub enum QrObject {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },
    /// Contact fingerprint is verified.
    ///
@@ -235,7 +229,6 @@ impl From<Qr> for QrObject {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
                let fingerprint = fingerprint.to_string();
@@ -244,7 +237,6 @@ impl From<Qr> for QrObject {
                    fingerprint,
                    invitenumber,
                    authcode,
-                    is_v3,
                }
            }
            Qr::AskVerifyGroup {
@@ -254,7 +246,6 @@ impl From<Qr> for QrObject {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
                let fingerprint = fingerprint.to_string();
@@ -265,7 +256,6 @@ impl From<Qr> for QrObject {
                    fingerprint,
                    invitenumber,
                    authcode,
-                    is_v3,
                }
            }
            Qr::AskJoinBroadcast {
@@ -275,7 +265,6 @@ impl From<Qr> for QrObject {
                fingerprint,
                authcode,
                invitenumber,
-                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
                let fingerprint = fingerprint.to_string();
@@ -286,7 +275,6 @@ impl From<Qr> for QrObject {
                    fingerprint,
                    authcode,
                    invitenumber,
-                    is_v3,
                }
            }
            Qr::FprOk { contact_id } => {
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.47.0-dev"
+  "version": "2.43.0"
 }
--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.47.0-dev"
+version = "2.43.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -302,6 +302,9 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            // TODO: reuse commands definition in main.rs.
            "imex" => println!(
                "====================Import/Export commands==\n\
+                 initiate-key-transfer\n\
+                 get-setupcodebegin <msg-id>\n\
+                 continue-key-transfer <msg-id> <setup-code>\n\
                 has-backup\n\
                 export-backup\n\
                 import-backup <backup-file>\n\
@@ -405,6 +408,34 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 ============================================="
            ),
        },
+        "initiate-key-transfer" => match initiate_key_transfer(&context).await {
+            Ok(setup_code) => {
+                println!("Setup code for the transferred setup message: {setup_code}",)
+            }
+            Err(err) => bail!("Failed to generate setup code: {err}"),
+        },
+        "get-setupcodebegin" => {
+            ensure!(!arg1.is_empty(), "Argument <msg-id> missing.");
+            let msg_id: MsgId = MsgId::new(arg1.parse()?);
+            let msg = Message::load_from_db(&context, msg_id).await?;
+            if msg.is_setupmessage() {
+                let setupcodebegin = msg.get_setupcodebegin(&context).await;
+                println!(
+                    "The setup code for setup message {} starts with: {}",
+                    msg_id,
+                    setupcodebegin.unwrap_or_default(),
+                );
+            } else {
+                bail!("{msg_id} is no setup message.",);
+            }
+        }
+        "continue-key-transfer" => {
+            ensure!(
+                !arg1.is_empty() && !arg2.is_empty(),
+                "Arguments <msg-id> <setup-code> expected"
+            );
+            continue_key_transfer(&context, MsgId::new(arg1.parse()?), arg2).await?;
+        }
        "has-backup" => {
            has_backup(&context, blobdir).await?;
        }
--- a/deltachat-repl/src/main.rs
+++ b/deltachat-repl/src/main.rs
@@ -149,7 +149,10 @@ impl Completer for DcHelper {
    }
 }

-const IMEX_COMMANDS: [&str; 10] = [
+const IMEX_COMMANDS: [&str; 13] = [
+    "initiate-key-transfer",
+    "get-setupcodebegin",
+    "continue-key-transfer",
    "has-backup",
    "export-backup",
    "import-backup",
--- a/deltachat-rpc-client/README.md
+++ b/deltachat-rpc-client/README.md
@@ -2,8 +2,8 @@

 RPC client connects to standalone Delta Chat RPC server `deltachat-rpc-server`
 and provides asynchronous interface to it.
-`rpc.start()` performs a health-check RPC call to verify the server
-started successfully and will raise an error if startup fails
+`rpc.start()` blocks until the server is initialized
+and will raise an error if initialization fails
 (e.g. if the accounts directory could not be used).

 ## Getting started
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.47.0-dev"
+version = "2.43.0"
 license = "MPL-2.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/_utils.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/_utils.py
@@ -1,5 +1,4 @@
 import argparse
-import functools
 import os
 import re
 import sys
@@ -190,6 +189,9 @@ class futuremethod:  # noqa: N801
        self._func = func

    def __get__(self, instance, owner=None):
+        if instance is None:
+            return self
+
        def future(*args):
            generator = self._func(instance, *args)
            res = next(generator)
@@ -202,7 +204,6 @@ class futuremethod:  # noqa: N801

            return f

-        @functools.wraps(self._func)
        def wrapper(*args):
            f = future(*args)
            return f()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -483,6 +483,10 @@ class Account:
        passphrase = ""  # Importing passphrase-protected keys is currently not supported.
        self._rpc.import_self_keys(self.id, str(path), passphrase)

+    def initiate_autocrypt_key_transfer(self) -> None:
+        """Send Autocrypt Setup Message."""
+        return self._rpc.initiate_autocrypt_key_transfer(self.id)
+
    def ice_servers(self) -> list:
        """Return ICE servers for WebRTC configuration."""
        ice_servers_json = self._rpc.ice_servers(self.id)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -72,6 +72,14 @@ class Message:
        """Return True if the message exists."""
        return bool(self._rpc.get_existing_msg_ids(self.account.id, [self.id]))

+    def continue_autocrypt_key_transfer(self, setup_code: str) -> None:
+        """Continue the Autocrypt Setup Message key transfer.
+
+        This function can be called on received Autocrypt Setup Message
+        to import the key encrypted with the provided setup code.
+        """
+        self._rpc.continue_autocrypt_key_transfer(self.account.id, self.id, setup_code)
+
    def send_webxdc_status_update(self, update: Union[dict, str], description: str) -> None:
        """Send a webxdc status update. This message must be a webxdc."""
        if not isinstance(update, str):
--- a/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
@@ -58,11 +58,15 @@ class Rpc:
        self,
        accounts_dir: Optional[str] = None,
        rpc_server_path="deltachat-rpc-server",
+        _skip_ready_check=False,
        **kwargs,
    ):
        """Initialize RPC client.

        The 'kwargs' arguments will be passed to subprocess.Popen().
+        '_skip_ready_check' is for debugging/testing only,
+        e.g. when using an old server that doesn't send
+        ready/init_error notifications on startup.
        """
        if accounts_dir:
            kwargs["env"] = {
@@ -72,6 +76,7 @@ class Rpc:

        self._kwargs = kwargs
        self.rpc_server_path = rpc_server_path
+        self._skip_ready_check = _skip_ready_check
        self.process: subprocess.Popen
        self.id_iterator: Iterator[int]
        self.event_queues: dict[int, Queue]
@@ -86,13 +91,12 @@ class Rpc:
    def start(self) -> None:
        """Start RPC server subprocess and wait for successful initialization.

-        This method blocks until the RPC server responds to an initial
-        health-check RPC call (get_system_info).
-        If the server fails to start
+        This method blocks until the RPC server sends a "ready" notification.
+        If the server fails to initialize
        (e.g., due to an invalid accounts directory),
-        a JsonRpcError is raised.
+        a JsonRpcError is raised with the error message provided by the server.
        """
-        popen_kwargs = {"stdin": subprocess.PIPE, "stdout": subprocess.PIPE, "stderr": subprocess.PIPE}
+        popen_kwargs = {"stdin": subprocess.PIPE, "stdout": subprocess.PIPE}
        if sys.version_info >= (3, 11):
            # Prevent subprocess from capturing SIGINT.
            popen_kwargs["process_group"] = 0
@@ -103,6 +107,8 @@ class Rpc:
        popen_kwargs.update(self._kwargs)
        self.process = subprocess.Popen(self.rpc_server_path, **popen_kwargs)

+        self._wait_for_ready()
+
        self.id_iterator = itertools.count(start=1)
        self.event_queues = {}
        self.request_results = {}
@@ -115,20 +121,42 @@ class Rpc:
        self.events_thread = Thread(target=self.events_loop)
        self.events_thread.start()

-        # Perform a health-check RPC call to ensure the server started
-        # successfully and the accounts directory is usable.
+    def _wait_for_ready(self) -> None:
+        """Wait for "ready" or "init_error" notification from the server."""
+        if self._skip_ready_check:
+            return
+
+        # Read the first JSON-RPC notification which is
+        # "ready" (success) or "init_error" (e.g. bad accounts dir).
+        line = self.process.stdout.readline()
+        if not line:
+            return_code = self.process.wait()
+            if return_code != 0:
+                raise JsonRpcError(f"RPC server terminated with exit code {return_code}")
+            return
+
        try:
-            system_info = self.get_system_info()
-        except (JsonRpcError, Exception) as e:
-            # The reader_loop already saw EOF on stdout, so the process
-            # has exited and stderr is available.
-            stderr = self.process.stderr.read().decode(errors="replace").strip()
-            if stderr:
-                raise JsonRpcError(f"RPC server failed to start: {stderr}") from e
-            raise JsonRpcError(f"RPC server startup check failed: {e}") from e
+            status = json.loads(line)
+        except json.JSONDecodeError:
+            raise JsonRpcError(f"RPC server sent invalid initial message: {line.decode().strip()}") from None
+
+        if status.get("method") == "init_error":
+            error_msg = status.get("params", ["Unknown error"])[0]
+            raise JsonRpcError(f"RPC server initialization failed: {error_msg}")
+
+        if status.get("method") != "ready":
+            raise JsonRpcError(f"RPC server sent unexpected initial message: {line.decode().strip()}")
+
+        params = status.get("params", [{}])[0]
+        core_version = params.get("core_version", "unknown")
+        server_path = params.get("server_path", "unknown")
+        accounts_dir = params.get("accounts_dir", "unknown")
        logging.info(
-            "RPC server ready. Core version: %s",
-            system_info.get("deltachat_core_version", "unknown"),
+            "RPC server ready. Core version: {}, Server path: {}, Accounts dir: {}".format(
+                core_version,
+                server_path,
+                accounts_dir,
+            ),
        )

    def close(self) -> None:
@@ -161,10 +189,6 @@ class Rpc:
        except Exception:
            # Log an exception if the reader loop dies.
            logging.exception("Exception in the reader loop")
-        finally:
-            # Unblock any pending requests when the server closes stdout.
-            for _request_id, queue in self.request_results.items():
-                queue.put({"error": {"code": -32000, "message": "RPC server closed"}})

    def writer_loop(self) -> None:
        """Writer loop ensuring only a single thread writes requests."""
@@ -173,6 +197,7 @@ class Rpc:
                data = (json.dumps(request) + "\n").encode()
                self.process.stdin.write(data)
                self.process.stdin.flush()
+
        except Exception:
            # Log an exception if the writer loop dies.
            logging.exception("Exception in the writer loop")
--- a/deltachat-rpc-client/tests/test_cross_core.py
+++ b/deltachat-rpc-client/tests/test_cross_core.py
@@ -8,7 +8,7 @@ from deltachat_rpc_client import DeltaChat, Rpc
 def test_install_venv_and_use_other_core(tmp_path, get_core_python_env):
    python, rpc_server_path = get_core_python_env("2.24.0")
    subprocess.check_call([python, "-m", "pip", "install", "deltachat-rpc-server==2.24.0"])
-    rpc = Rpc(accounts_dir=tmp_path.joinpath("accounts"), rpc_server_path=rpc_server_path)
+    rpc = Rpc(accounts_dir=tmp_path.joinpath("accounts"), rpc_server_path=rpc_server_path, _skip_ready_check=True)

    with rpc:
        dc = DeltaChat(rpc)
--- a/deltachat-rpc-client/tests/test_key_transfer.py
+++ b/deltachat-rpc-client/tests/test_key_transfer.py
@@ -0,0 +1,49 @@
+import pytest
+
+from deltachat_rpc_client import EventType
+from deltachat_rpc_client.rpc import JsonRpcError
+
+
+def wait_for_autocrypt_setup_message(account):
+    while True:
+        event = account.wait_for_event()
+        if event.kind == EventType.MSGS_CHANGED and event.msg_id != 0:
+            msg_id = event.msg_id
+            msg = account.get_message_by_id(msg_id)
+            if msg.get_snapshot().is_setupmessage:
+                return msg
+
+
+def test_autocrypt_setup_message_key_transfer(acfactory):
+    alice1 = acfactory.get_online_account()
+
+    alice2 = acfactory.get_unconfigured_account()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
+    alice2.bring_online()
+
+    setup_code = alice1.initiate_autocrypt_key_transfer()
+    msg = wait_for_autocrypt_setup_message(alice2)
+
+    # Test that entering wrong code returns an error.
+    with pytest.raises(JsonRpcError):
+        msg.continue_autocrypt_key_transfer("7037-0673-6287-3013-4095-7956-5617-6806-6756")
+
+    msg.continue_autocrypt_key_transfer(setup_code)
+
+
+def test_ac_setup_message_twice(acfactory):
+    alice1 = acfactory.get_online_account()
+
+    alice2 = acfactory.get_unconfigured_account()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
+    alice2.bring_online()
+
+    # Send the first Autocrypt Setup Message and ignore it.
+    _setup_code = alice1.initiate_autocrypt_key_transfer()
+    wait_for_autocrypt_setup_message(alice2)
+
+    # Send the second Autocrypt Setup Message and import it.
+    setup_code = alice1.initiate_autocrypt_key_transfer()
+    msg = wait_for_autocrypt_setup_message(alice2)
+
+    msg.continue_autocrypt_key_transfer(setup_code)
--- a/deltachat-rpc-client/tests/test_multitransport.py
+++ b/deltachat-rpc-client/tests/test_multitransport.py
@@ -1,7 +1,7 @@
 import pytest

 from deltachat_rpc_client import EventType
-from deltachat_rpc_client.const import ChatType, DownloadState
+from deltachat_rpc_client.const import DownloadState
 from deltachat_rpc_client.rpc import JsonRpcError


@@ -225,9 +225,6 @@ def test_transport_synchronization(acfactory, log) -> None:
    log.section("ac1 changes the primary transport")
    ac1.set_config("configured_addr", transport3["addr"])

-    # One event for updated `add_timestamp` of the new primary transport,
-    # one event for the `configured_addr` update.
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
    [transport1, transport3] = ac1_clone.list_transports()
    assert ac1_clone.get_config("configured_addr") == addr3
@@ -318,10 +315,11 @@ def test_transport_limit(acfactory) -> None:
    account.add_transport_from_qr(qr)


-def test_message_info_imap_urls(acfactory) -> None:
+def test_message_info_imap_urls(acfactory, log) -> None:
    """Test that message info contains IMAP URLs of where the message was received."""
    alice, bob = acfactory.get_online_accounts(2)

+    log.section("Alice adds ac1 clone removes second transport")
    qr = acfactory.get_account_qr()
    for i in range(3):
        alice.add_transport_from_qr(qr)
@@ -329,6 +327,9 @@ def test_message_info_imap_urls(acfactory) -> None:
        for _ in range(i + 1):
            alice.bring_online()

+    new_alice_addr = alice.list_transports()[2]["addr"]
+    alice.set_config("configured_addr", new_alice_addr)
+
    # Enable multi-device mode so messages are not deleted immediately.
    alice.set_config("bcc_self", "1")

@@ -336,53 +337,12 @@ def test_message_info_imap_urls(acfactory) -> None:
    # This is where he will send the message.
    bob_chat = bob.create_chat(alice)

-    # Alice switches to another transport and removes the rest of the transports.
-    new_alice_addr = alice.list_transports()[1]["addr"]
-    alice.set_config("configured_addr", new_alice_addr)
-    removed_addrs = []
-    for transport in alice.list_transports():
-        if transport["addr"] != new_alice_addr:
-            alice.delete_transport(transport["addr"])
-            removed_addrs.append(transport["addr"])
-    alice.stop_io()
-    alice.start_io()
+    # Alice changes the transport again.
+    alice.set_config("configured_addr", alice.list_transports()[3]["addr"])

    bob_chat.send_text("Hello!")

    msg = alice.wait_for_incoming_msg()
-    msg_info = msg.get_info()
-    assert new_alice_addr in msg_info
-    for removed_addr in removed_addrs:
-        assert removed_addr not in msg_info
-    assert f"{new_alice_addr}/INBOX" in msg_info
-
-
-def test_remove_primary_transport(acfactory, log) -> None:
-    """Test that after removing the primary relay, Alice can still receive messages."""
-    alice, bob = acfactory.get_online_accounts(2)
-    qr = acfactory.get_account_qr()
-
-    alice.add_transport_from_qr(qr)
-    alice.bring_online()
-
-    bob_chat = bob.create_chat(alice)
-    alice.create_chat(bob)
-
-    log.section("Alice sets up second transport")
-    [transport1, transport2] = alice.list_transports()
-    alice.set_config("configured_addr", transport2["addr"])
-
-    bob_chat.send_text("Hello!")
-    msg1 = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg1.text == "Hello!"
-
-    log.section("Alice removes the primary relay")
-    alice.delete_transport(transport1["addr"])
-    alice.stop_io()
-    alice.start_io()
-
-    bob_chat.send_text("Hello again!")
-    msg2 = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg2.text == "Hello again!"
-    assert msg2.chat.get_basic_snapshot().chat_type == ChatType.SINGLE
-    assert msg2.chat == alice.create_chat(bob)
+    for alice_transport in alice.list_transports():
+        addr = alice_transport["addr"]
+        assert (addr == new_alice_addr) == (addr in msg.get_info())
--- a/deltachat-rpc-client/tests/test_securejoin.py
+++ b/deltachat-rpc-client/tests/test_securejoin.py
@@ -167,16 +167,12 @@ def test_qr_securejoin_broadcast(acfactory, all_devices_online):
            assert "invited you to join this channel" in first_msg.text
            assert first_msg.is_info

+        member_added_msg = chat_msgs.pop(0).get_snapshot()
        if inviter_side:
-            member_added_msg = chat_msgs.pop(0).get_snapshot()
            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
            assert member_added_msg.info_contact_id == contact_snapshot.id
        else:
-            if chat_msgs[0].get_snapshot().text == "You joined the channel.":
-                member_added_msg = chat_msgs.pop(0).get_snapshot()
-            else:
-                member_added_msg = chat_msgs.pop(1).get_snapshot()
-                assert member_added_msg.text == "You joined the channel."
+            assert member_added_msg.text == "You joined the channel."
        assert member_added_msg.is_info

        hello_msg = chat_msgs.pop(0).get_snapshot()
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -671,7 +671,7 @@ def test_early_failure(tmp_path) -> None:
    file_path = tmp_path / "not_a_dir"
    file_path.write_text("I am a file, not a directory")
    rpc = Rpc(accounts_dir=str(file_path))
-    with pytest.raises(JsonRpcError, match="(?i)directory"):
+    with pytest.raises(JsonRpcError, match="initialization failed"):
        rpc.start()

    # A non-empty directory that is not a deltachat accounts directory.
@@ -679,7 +679,7 @@ def test_early_failure(tmp_path) -> None:
    non_dc_dir.mkdir()
    (non_dc_dir / "some_file").write_text("content")
    rpc = Rpc(accounts_dir=str(non_dc_dir))
-    with pytest.raises(JsonRpcError, match="invalid_dir"):
+    with pytest.raises(JsonRpcError, match="initialization failed"):
        rpc.start()


--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.47.0-dev"
+version = "2.43.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.47.0-dev"
+  "version": "2.43.0"
 }
--- a/deltachat-rpc-server/src/main.rs
+++ b/deltachat-rpc-server/src/main.rs
@@ -72,14 +72,7 @@ async fn main_impl() -> Result<()> {
    #[cfg(target_family = "unix")]
    let mut sigterm = signal_unix::signal(signal_unix::SignalKind::terminate())?;

-    let path = std::env::var("DC_ACCOUNTS_PATH").unwrap_or_else(|_| "accounts".to_string());
-    log::info!("Starting with accounts directory `{path}`.");
-    let writable = true;
-    let accounts = Accounts::new(PathBuf::from(&path), writable).await?;
-
-    log::info!("Creating JSON-RPC API.");
-    let accounts = Arc::new(RwLock::new(accounts));
-    let state = CommandApi::from_arc(accounts.clone()).await;
+    let (accounts, state) = init_accounts_and_report_status().await?;

    let (client, mut out_receiver) = RpcClient::new();
    let session = RpcSession::new(client.clone(), state.clone());
@@ -160,3 +153,41 @@ async fn main_impl() -> Result<()> {

    Ok(())
 }
+
+async fn init_accounts_and_report_status() -> Result<(Arc<RwLock<Accounts>>, CommandApi)> {
+    let path = std::env::var("DC_ACCOUNTS_PATH").unwrap_or_else(|_| "accounts".to_string());
+    log::info!("Starting with accounts directory `{path}`.");
+    let path = PathBuf::from(&path);
+    match Accounts::new(path.clone(), true).await {
+        Ok(accounts) => {
+            log::info!("Creating JSON-RPC API.");
+            let accounts = Arc::new(RwLock::new(accounts));
+            let state = CommandApi::from_arc(accounts.clone()).await;
+            println!(
+                "{}",
+                serde_json::to_string(&serde_json::json!({
+                    "jsonrpc": "2.0",
+                    "method": "ready",
+                    "params": [{
+                        "core_version": DC_VERSION_STR,
+                        "server_path": env::current_exe()?.display().to_string(),
+                        "accounts_dir": path.display().to_string(),
+                    }]
+                }))?
+            );
+            Ok((accounts, state))
+        }
+        Err(err) => {
+            let error_msg = format!("{err:#}");
+            println!(
+                "{}",
+                serde_json::to_string(&serde_json::json!({
+                    "jsonrpc": "2.0",
+                    "method": "init_error",
+                    "params": [error_msg]
+                }))?
+            );
+            Err(err)
+        }
+    }
+}
--- a/deny.toml
+++ b/deny.toml
@@ -17,13 +17,6 @@ ignore = [
    # It is a transitive dependency of iroh 0.35.0,
    # this should be fixed by upgrading to iroh 1.0 once it is released.
    "RUSTSEC-2025-0134",
-
-    # rustls-webpki v0.102.8
-    # We cannot upgrade to >=0.103.10 because
-    # it is a transitive dependency of iroh 0.35.0
-    # which depends on ^0.102.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0049>
-    "RUSTSEC-2026-0049",
 ]

 [bans]
@@ -34,7 +27,6 @@ ignore = [
 skip = [
     { name = "async-channel", version = "1.9.0" },
     { name = "bitflags", version = "1.3.2" },
-     { name = "constant_time_eq", version = "0.3.1" },
     { name = "derive_more-impl", version = "1.0.0" },
     { name = "derive_more", version = "1.0.0" },
     { name = "event-listener", version = "2.5.3" },
--- a/draft/aeap-mvp.md
+++ b/draft/aeap-mvp.md
@@ -0,0 +1,127 @@
+AEAP MVP
+========
+
+Changes to the UIs
+------------------
+
+- The secondary self addresses (see below) are shown in the UI, but not editable.
+
+- When the user changed the email address in the configure screen, show a dialog to the user, either directly explaining things or with a link to the FAQ (see "Other" below)
+
+Changes in the core
+-------------------
+
+- [x] We have one primary self address and any number of secondary self addresses. `is_self_addr()` checks all of them.
+
+- [x] If the user does a reconfigure and changes the email address, the previous address is added as a secondary self address.
+
+  - don't forget to deduplicate secondary self addresses in case the user switches back and forth between addresses).
+
+  - The key stays the same.
+
+- [x] No changes for 1:1 chats, there simply is a new one. (This works since, contrary to group messages, messages sent to a 1:1 chat are not assigned to the group chat but always to the 1:1 chat with the sender. So it's not a problem that the new messages might be put into the old chat if they are a reply to a message there.)
+
+- [ ] When sending a message: If any of the secondary self addrs is in the chat's member list, remove it locally (because we just transitioned away from it). We add a log message for this (alternatively, a system message in the chat would be more visible).
+
+- [x] ([#3385](https://github.com/deltachat/deltachat-core-rust/pull/3385)) When receiving a message: If the key exists, but belongs to another address (we may want to benchmark this)
+  AND there is a `Chat-Version` header\
+  AND the message is signed correctly
+  AND the From address is (also) in the encrypted (and therefore signed) headers <sup>[[1]](#myfootnote1)</sup>\
+  AND the message timestamp is newer than the contact's `lastseen` (to prevent changing the address back when messages arrive out of order) (this condition is not that important since we will have eventual consistency even without it):
+
+  Replace the contact in _all_ groups, possibly deduplicate the members list, and add a system message to all of these chats.
+  
+  - Note that we can't simply compare the keys byte-by-byte, since the UID may have changed, or the sender may have rotated the key and signed the new key with the old one.
+
+<a name="myfootnote1">[1]</a>: Without this check, an attacker could replay a message from Alice to Bob. Then Bob's device would do an AEAP transition from Alice's to the attacker's address, allowing for easier phishing.
+
+<details>
+<summary>More details about this</summary>
+Suppose Alice sends a message to Evil (or to a group with both Evil and Bob). Evil then forwards the message to Bob, changing the From and To headers (and if necessary Message-Id) and replacing `addr=alice@example.org;` in the autocrypt header with `addr=evil@example.org;`.
+
+Then Bob's device sees that there is a message which is signed by Alice's key and comes from Evil's address and would do the AEAP transition, i.e. replace Alice with Evil in all groups and show a message "Alice changed their address from alice@example.org to evil@example.org". Disadvantages for Evil are that Bob's message will be shown on Alice's device, possibly creating confusion/suspicion, and that the usual "Setup changed for..." message will be shown the next time Evil sends a message (because Evil doesn't know Alice's private key).
+
+Possible mitigations:
+- if we make the AEAP device message sth. like "Automatically removed alice@example.org and added evil@example.org", then this will create more suspicion, making the phishing harder (we didn't talk about what what the wording should be at all yet).
+- Add something similar to replay protection to our Autocrypt implementation. This could be done e.g. by adding a second `From` header to the protected headers. If it's present, the receiver then requires it to be the same as the outer `From`, and if it's not present, we don't do AEAP --> **That's what we implemented**
+
+Note that usually a mail is signed by a key that has a UID matching the from address.
+
+  That's not mandatory for Autocrypt (and in fact, we just keep the old UID when changing the self address, so with AEAP the UID will actually be different than the from address sometimes)
+
+  https://autocrypt.org/level1.html#openpgp-based-key-data says:
+  > The content of the user id packet is only decorative
+
+</details>
+
+### Notes:
+  
+- We treat protected and non-protected chats the same
+- We leave the aeap transition statement away since it seems not to be needed, makes things harder on the sending side, wastes some network traffic, and is worse for privacy (since more people know what old addresses you had).
+- As soon as we encrypt read receipts, sending a read receipt will be enough to tell a lot of people that you transitioned
+- AEAP will make the problem of inconsistent group state worse, both because it doesn't work if the message is unencrypted (even if the design allowed it, it would be problematic security-wise) and because some chat partners may have gotten the transition and some not. We should do something against this at some point in the future, like asking the user whether they want to add/remove the members to restore consistent group state.
+
+#### Downsides of this design:
+- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
+
+#### Upsides:
+- With this approach, it's easy to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
+- Faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.
+
+### Alternatives and old discussions/plans:
+
+- Change the contact instead of rewriting the group member lists. This seems to call for more trouble since we will end up with multiple contacts having the same email address.
+
+- If needed, we could add a header a) indicating that the sender did an address transition or b) listing all the secondary (old) addresses.  For now, there is no big enough benefit to warrant introducing another header and its processing on the receiver side (including all the necessary checks and handling of error cases). Instead, we only check for the `Chat-Version` header to prevent accidental transitions when an MUA user sends a message from another email address with the same key.
+
+- The condition for a transition temporarily was:
+
+  > When receiving a message: If we are going to assign a message to a chat, but the sender is not a member of this chat\
+  > AND the signing key is the same as the direct (non-gossiped) key of one of the chat members\
+  > AND ...
+
+  However, this would mean that in 1:1 messages can't trigger a transition, since we don't assign private messages to the parent chat, but always to the 1:1 chat with the sender.
+  
+<details>
+<summary>Some previous state of the discussion, which temporarily lived in an issue description</summary>
+Summarizing the discussions from https://github.com/deltachat/deltachat-core-rust/pull/2896, mostly quoting @hpk42:
+
+1. (DONE) At the time of configure we push the current primary to become a secondary. 
+
+2. When a message is sent out to a chat, and the message is encrypted, and we have secondary addresses, then we 
+  a) add a protected "AEAP-Replacement" header that contains all secondary addresses 
+  b) if any of the secondary addresses is in the chat's member list, we remove it and leave a system message that we did so
+3. When an encrypted message with a replacement header is received, replace the e-mail address of all secondary contacts (if they exist) with the new primary and drop a sysmessage in all chats the secondary is member off.  This might (in edge cases) result in chats that have two or more contacts with the same e-mail address.  We might ignore this for a first release and just log a warning.  Let's maybe not get hung up on this case before everything else works. 
+
+Notes: 
+- for now we will send out aeap replacement headers forever, there is no termination condition other than lack of secondary addresses.  I think that's fine for now.  Later on we might introduce options to remove secondary addresses but i wouldn't do this for a first release/PR. 
+- the design is resilient against changing e-mail providers from A to B to C and then back to A, with partially updated chats and diverging views from recipients/contacts on this transition.  In the end, you will have a primary and some secondaries, and when you start sending out messages everybody will eventually synchronize when they receive the current state of primaries/secondaries. 
+- of course on incoming message for need to check for each stated secondary address in the replacement header that it uses the same signature as the signature we verified as valid with the incoming message  **-->  Also we have to somehow make sure that the signing key was not just gossiped from some random other person in some group.**
+- there are no extra flags/columns in the database needed (i hope) 
+
+#### Downsides of the chosen approach:
+- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
+- There will be multiple contacts with the same address in the database. We will have to do something against this at some point.
+
+The most obvious alternative would be to create a new contact with the new address and replace the old contact in the groups.
+
+#### Upsides:
+- With this approach, it's easier to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
+- (Also, less important: Slightly faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.)
+- It's easier to implement (if too many problems turn up, we can still switch to another approach and didn't waste that much development time.)
+
+[full messages](https://github.com/deltachat/deltachat-core-rust/pull/2896#discussion_r852002161)
+  
+_end of the previous state of the discussion_  
+
+</details>
+  
+Other
+-----
+
+- The user is responsible that messages to the old address arrive at the new address, for example by configuring the old provider to forward all emails to the new one.
+
+Notes during implementing
+========================
+
+- As far as I understand the code, unencrypted messages are unsigned. So, the transition only works if both sides have the other side's key.
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.47.0-dev"
+version = "2.43.0"
 license = "MPL-2.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
--- a/python/src/deltachat/account.py
+++ b/python/src/deltachat/account.py
@@ -553,6 +553,17 @@ class Account:
    def imex(self, path: str, imex_cmd: int, passphrase: Optional[str] = None) -> None:
        lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), as_dc_charpointer(passphrase))

+    def initiate_key_transfer(self) -> str:
+        """return setup code after a Autocrypt setup message
+        has been successfully sent to our own e-mail address ("self-sent message").
+        If sending out was unsuccessful, a RuntimeError is raised.
+        """
+        self.check_is_configured()
+        res = lib.dc_initiate_key_transfer(self._dc_context)
+        if res == ffi.NULL:
+            raise RuntimeError("could not send out autocrypt setup message")
+        return from_dc_charpointer(res)
+
    def get_setup_contact_qr(self) -> str:
        """get/create Setup-Contact QR Code as ascii-string.

--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -167,6 +167,14 @@ class Message:
        """return True if this message is a system/info message."""
        return bool(lib.dc_msg_is_info(self._dc_msg))

+    def is_setup_message(self):
+        """return True if this message is a setup message."""
+        return lib.dc_msg_is_setupmessage(self._dc_msg)
+
+    def get_setupcodebegin(self) -> str:
+        """return the first characters of a setup code in a setup message."""
+        return from_dc_charpointer(lib.dc_msg_get_setupcodebegin(self._dc_msg))
+
    def is_encrypted(self):
        """return True if this message was encrypted."""
        return bool(lib.dc_msg_get_showpadlock(self._dc_msg))
@@ -190,6 +198,12 @@ class Message:
        """Get a message summary as a single line of text. Typically used for notifications."""
        return from_dc_charpointer(lib.dc_msg_get_summarytext(self._dc_msg, width))

+    def continue_key_transfer(self, setup_code):
+        """extract key and use it as primary key for this account."""
+        res = lib.dc_continue_key_transfer(self.account._dc_context, self.id, as_dc_charpointer(setup_code))
+        if res == 0:
+            raise ValueError("Importing the key from Autocrypt Setup Message failed")
+
    @props.with_doc
    def time_sent(self):
        """UTC time when the message was sent.
--- a/python/tests/test_3_offline.py
+++ b/python/tests/test_3_offline.py
@@ -558,12 +558,6 @@ class TestOfflineChat:
        assert messages[0 + E2EE_INFO_MSGS].text == "msg1"
        assert os.path.exists(messages[1 + E2EE_INFO_MSGS].filename)

-    @pytest.mark.skip(
-        reason="We didn't find a way to correctly reset an account after a failed import attempt "
-        "while simultaneously making sure "
-        "that the password of an encrypted account survives a failed import attempt. "
-        "Since passphrases are not really supported anymore, we decided to just disable the test.",
-    )
    def test_import_encrypted_bak_into_encrypted_acct(self, acfactory, tmp_path):
        """
        Test that account passphrase isn't lost if backup failed to be imported.
--- a/python/tests/test_4_lowlevel.py
+++ b/python/tests/test_4_lowlevel.py
@@ -111,7 +111,7 @@ def test_dc_close_events(acfactory):
    register_global_plugin(ShutdownPlugin())
    assert hasattr(ac1, "_dc_context")
    ac1.shutdown()
-    shutdowns.get()
+    shutdowns.get(timeout=2)


 def test_wrong_db(tmp_path):
@@ -221,7 +221,7 @@ def test_logged_ac_process_ffi_failure(acfactory):

    # cause any event eg contact added/changed
    ac1.create_contact("something@example.org")
-    res = cap.get()
+    res = cap.get(timeout=10)
    assert "ac_process_ffi_event" in res
    assert "ZeroDivisionError" in res
    assert "Traceback" in res
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2026-03-19
+2026-02-17
--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.94.0
+RUST_VERSION=1.93.0

 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
--- a/scripts/set_core_version.py
+++ b/scripts/set_core_version.py
@@ -100,7 +100,7 @@ def main():

    today = datetime.date.today().isoformat()

-    if not newversion.endswith("-dev"):
+    if "alpha" not in newversion:
        found = False
        for line in Path("CHANGELOG.md").open():
            if line == f"## [{newversion}] - {today}\n":
--- a/spec.md
+++ b/spec.md
@@ -39,24 +39,9 @@ Messages SHOULD be encrypted by the
 [Autocrypt](https://autocrypt.org/level1.html) standard;
 `prefer-encrypt=mutual` MAY be set by default.

-Meta data SHOULD be encrypted
-by the [Header Protection](https://www.rfc-editor.org/rfc/rfc9788.html) standard
-with the following [Header Confidentiality Policy](https://www.rfc-editor.org/rfc/rfc9788.html#name-header-confidentiality-poli):
-```
-hcp_chat(name, val_in) → val_out:
-    if lower(name) is 'from':
-        assert that val_in is an RFC 5322 mailbox
-        return the RFC 5322 addr-spec part of val_in
-    else if lower(name) is 'to':
-        return '"hidden-recipients": ;'
-    else if lower(name) is 'date':
-        return the UTC form of a random date within the last 7 days
-    else if lower(name) is 'subject':
-        return '[...]'
-    else if lower(name) is in ['message-id', 'chat-is-post-message']:
-        return val_in
-    return null
-```
+Meta data (at least the subject and all chat-headers) SHOULD be encrypted
+by the [Protected Headers](https://tools.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html) standard.
+

 # Outgoing messages

--- a/src/accounts.rs
+++ b/src/accounts.rs
@@ -57,8 +57,8 @@ pub struct Accounts {
 impl Accounts {
    /// Loads or creates an accounts folder at the given `dir`.
    pub async fn new(dir: PathBuf, writable: bool) -> Result<Self> {
-        if writable {
-            Self::ensure_accounts_dir(&dir).await?;
+        if writable && !dir.exists() {
+            Accounts::create(&dir).await?;
        }
        let events = Events::new();
        Accounts::open(events, dir, writable).await
@@ -67,9 +67,10 @@ impl Accounts {
    /// Loads or creates an accounts folder at the given `dir`.
    /// Uses an existing events channel.
    pub async fn new_with_events(dir: PathBuf, writable: bool, events: Events) -> Result<Self> {
-        if writable {
-            Self::ensure_accounts_dir(&dir).await?;
+        if writable && !dir.exists() {
+            Accounts::create(&dir).await?;
        }
+
        Accounts::open(events, dir, writable).await
    }

@@ -81,20 +82,14 @@ impl Accounts {
        0
    }

-    /// Ensures the accounts directory and config file exist.
-    /// Creates them if the directory doesn't exist, or if it exists but is empty.
-    /// Errors if the directory exists with files but no config.
-    async fn ensure_accounts_dir(dir: &Path) -> Result<()> {
-        if !dir.exists() {
-            fs::create_dir_all(dir)
-                .await
-                .context("Failed to create folder")?;
-            Config::new(dir).await?;
-        } else if !dir.join(CONFIG_NAME).exists() {
-            let mut rd = fs::read_dir(dir).await?;
-            ensure!(rd.next_entry().await?.is_none(), "{dir:?} is not empty");
-            Config::new(dir).await?;
-        }
+    /// Creates a new default structure.
+    async fn create(dir: &Path) -> Result<()> {
+        fs::create_dir_all(dir)
+            .await
+            .context("failed to create folder")?;
+
+        Config::new(dir).await?;
+
        Ok(())
    }

@@ -686,27 +681,13 @@ impl Config {
        file.write_all(toml::to_string_pretty(&self.inner)?.as_bytes())
            .await
            .context("failed to write a tmp config")?;
-
-        // We use `sync_all()` and not `sync_data()` here.
-        // This translates to `fsync()` instead of `fdatasync()`.
-        // `fdatasync()` may be insufficient for newely created files
-        // and may not even synchronize the file size on some operating systems,
-        // resulting in a truncated file.
-        file.sync_all()
+        file.sync_data()
            .await
            .context("failed to sync a tmp config")?;
        drop(file);
        fs::rename(&tmp_path, &self.file)
            .await
            .context("failed to rename config")?;
-        // Sync the rename().
-        #[cfg(not(windows))]
-        {
-            let parent = self.file.parent().context("No parent directory")?;
-            let parent_file = fs::File::open(parent).await?;
-            parent_file.sync_all().await?;
-        }
-
        Ok(())
    }

@@ -934,26 +915,6 @@ mod tests {
        }
    }

-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_account_new_empty_existing_dir() {
-        let dir = tempfile::tempdir().unwrap();
-        let p: PathBuf = dir.path().join("accounts");
-
-        // A non-empty directory without accounts.toml should fail.
-        fs::create_dir_all(&p).await.unwrap();
-        fs::write(p.join("stray_file.txt"), b"hello").await.unwrap();
-        assert!(Accounts::new(p.clone(), true).await.is_err());
-
-        // Clean up to an empty directory.
-        fs::remove_file(p.join("stray_file.txt")).await.unwrap();
-
-        // An empty directory without accounts.toml should succeed.
-        let mut accounts = Accounts::new(p.clone(), true).await.unwrap();
-        assert_eq!(accounts.accounts.len(), 0);
-        let id = accounts.add_account().await.unwrap();
-        assert_eq!(id, 1);
-    }
-
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_account_new_open_conflict() {
        let dir = tempfile::tempdir().unwrap();
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -47,11 +47,11 @@ pub struct Aheader {
    pub public_key: SignedPublicKey,
    pub prefer_encrypt: EncryptPreference,

-    /// Whether `_verified` attribute is present.
-    ///
-    /// `_verified` attribute is an extension to `Autocrypt-Gossip`
-    /// header that is used to tell that the sender
-    /// marked this key as verified.
+    // Whether `_verified` attribute is present.
+    //
+    // `_verified` attribute is an extension to `Autocrypt-Gossip`
+    // header that is used to tell that the sender
+    // marked this key as verified.
    pub verified: bool,
 }

@@ -108,11 +108,13 @@ impl FromStr for Aheader {
            .remove("keydata")
            .context("keydata attribute is not found")
            .and_then(|raw| {
-                SignedPublicKey::from_base64(&raw).context("Autocrypt key cannot be decoded")
+                SignedPublicKey::from_base64(&raw).context("autocrypt key cannot be decoded")
+            })
+            .and_then(|key| {
+                key.verify_bindings()
+                    .and(Ok(key))
+                    .context("Autocrypt key cannot be verified")
            })?;
-        public_key
-            .verify_bindings()
-            .context("Autocrypt key cannot be verified")?;

        let prefer_encrypt = attributes
            .remove("prefer-encrypt")
--- a/src/calls.rs
+++ b/src/calls.rs
@@ -11,7 +11,7 @@ use crate::context::{Context, WeakContext};
 use crate::events::EventType;
 use crate::headerdef::HeaderDef;
 use crate::log::warn;
-use crate::message::{Message, MsgId, Viewtype, markseen_msgs};
+use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::net::dns::lookup_host_with_cache;
 use crate::param::Param;
@@ -249,7 +249,6 @@ impl Context {
        if chat.is_contact_request() {
            chat.id.accept(self).await?;
        }
-        markseen_msgs(self, vec![call_id]).await?;

        // send an acceptance message around: to the caller as well as to the other devices of the callee
        let mut msg = Message {
@@ -266,7 +265,6 @@ impl Context {
        self.emit_event(EventType::IncomingCallAccepted {
            msg_id: call.msg.id,
            chat_id: call.msg.chat_id,
-            from_this_device: true,
        });
        self.emit_msgs_changed(call.msg.chat_id, call_id);
        Ok(())
@@ -285,7 +283,6 @@ impl Context {
        if !call.is_accepted() {
            if call.is_incoming() {
                call.mark_as_ended(self).await?;
-                markseen_msgs(self, vec![call_id]).await?;
                let declined_call_str = stock_str::declined_call(self).await;
                call.update_text(self, &declined_call_str).await?;
            } else {
@@ -433,7 +430,6 @@ impl Context {
                        self.emit_event(EventType::IncomingCallAccepted {
                            msg_id: call.msg.id,
                            chat_id: call.msg.chat_id,
-                            from_this_device: false,
                        });
                    } else {
                        let accept_call_info = mime_message
--- a/src/calls/calls_tests.rs
+++ b/src/calls/calls_tests.rs
@@ -2,7 +2,6 @@ use super::*;
 use crate::chat::forward_msgs;
 use crate::config::Config;
 use crate::constants::DC_CHAT_ID_TRASH;
-use crate::message::MessageState;
 use crate::receive_imf::receive_imf;
 use crate::test_utils::{TestContext, TestContextManager};

@@ -116,28 +115,9 @@ async fn accept_call() -> Result<CallSetup> {
    // Bob accepts the incoming call
    bob.accept_incoming_call(bob_call.id, ACCEPT_INFO.to_string())
        .await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Incoming video call").await?;
    bob.evtracker
-        .get_matching(|evt| {
-            matches!(
-                evt,
-                EventType::IncomingCallAccepted {
-                    from_this_device: true,
-                    ..
-                }
-            )
-        })
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
        .await;
    let sent2 = bob.pop_sent_msg().await;
    let info = bob
@@ -151,15 +131,7 @@ async fn accept_call() -> Result<CallSetup> {
    bob2.recv_msg_trash(&sent2).await;
    assert_text(&bob, bob_call.id, "Incoming video call").await?;
    bob2.evtracker
-        .get_matching(|evt| {
-            matches!(
-                evt,
-                EventType::IncomingCallAccepted {
-                    from_this_device: false,
-                    ..
-                }
-            )
-        })
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
        .await;
    let info = bob2
        .load_call_by_id(bob2_call.id)
@@ -228,20 +200,9 @@ async fn test_accept_call_callee_ends() -> Result<()> {
        bob2_call,
        ..
    } = accept_call().await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);

    // Bob has accepted the call and also ends it
    bob.end_call(bob_call.id).await?;
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Incoming video call\n<1 minute").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -367,18 +328,8 @@ async fn test_callee_rejects_call() -> Result<()> {
    } = setup_call().await?;

    // Bob has accepted Alice before, but does not want to talk with Alice
+    bob_call.chat_id.accept(&bob).await?;
    bob.end_call(bob_call.id).await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Declined call").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -419,35 +370,6 @@ async fn test_callee_rejects_call() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_callee_sees_contact_request_call() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat = alice.create_chat(bob).await;
-    alice
-        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string(), true)
-        .await?;
-    let sent1 = alice.pop_sent_msg().await;
-    let bob_call = bob.recv_msg(&sent1).await;
-    // Bob can't end_call() because the contact request isn't accepted, but he can mark the call as
-    // seen.
-    markseen_msgs(bob, vec![bob_call.id]).await?;
-    assert_eq!(bob_call.id.get_state(bob).await?, MessageState::InSeen);
-    // Bob sends an MDN only to self so that an unaccepted contact can't know anything.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, ContactId::SELF)
-            )
-            .await?,
-        1
-    );
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_caller_cancels_call() -> Result<()> {
    // Alice calls Bob
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -1,7 +1,7 @@
 //! # Chat module.

 use std::cmp;
-use std::collections::{BTreeSet, HashMap, HashSet};
+use std::collections::{HashMap, HashSet};
 use std::fmt;
 use std::io::Cursor;
 use std::marker::Sync;
@@ -42,7 +42,6 @@ use crate::message::{self, Message, MessageState, MsgId, Viewtype};
 use crate::mimefactory::{MimeFactory, RenderedEmail};
 use crate::mimeparser::SystemMessage;
 use crate::param::{Param, Params};
-use crate::pgp::addresses_from_public_key;
 use crate::receive_imf::ReceivedMsg;
 use crate::smtp::{self, send_msg_to_smtp};
 use crate::stock_str;
@@ -258,11 +257,7 @@ impl ChatId {
                        ChatIdBlocked::get_for_contact(context, contact_id, create_blocked)
                            .await
                            .map(|chat| chat.id)?;
-                    if create_blocked != Blocked::Yes {
-                        info!(context, "Scale up origin of {contact_id} to CreateChat.");
-                        ContactId::scaleup_origin(context, &[contact_id], Origin::CreateChat)
-                            .await?;
-                    }
+                    ContactId::scaleup_origin(context, &[contact_id], Origin::CreateChat).await?;
                    chat_id
                } else {
                    warn!(
@@ -476,7 +471,7 @@ impl ChatId {

    /// Adds message "Messages are end-to-end encrypted".
    pub(crate) async fn add_e2ee_notice(self, context: &Context, timestamp: i64) -> Result<()> {
-        let text = stock_str::messages_e2ee_info_msg(context).await;
+        let text = stock_str::messages_e2e_encrypted(context).await;
        add_info_msg_with_cmd(
            context,
            self,
@@ -1158,7 +1153,7 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            return Ok(stock_str::encr_none(context).await);
        }

-        let mut ret = stock_str::messages_are_e2ee(context).await + "\n";
+        let mut ret = stock_str::messages_e2e_encrypted(context).await + "\n";

        for &contact_id in get_chat_contacts(context, self)
            .await?
@@ -1175,13 +1170,8 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            let fingerprint = contact
                .fingerprint()
                .context("Contact does not have a fingerprint in encrypted chat")?;
-            if let Some(public_key) = contact.public_key(context).await? {
-                if let Some(relay_addrs) = addresses_from_public_key(&public_key) {
-                    let relays = relay_addrs.join(",");
-                    ret += &format!("\n{addr}({relays})\n{fingerprint}\n");
-                } else {
-                    ret += &format!("\n{addr}\n{fingerprint}\n");
-                }
+            if contact.public_key(context).await?.is_some() {
+                ret += &format!("\n{addr}\n{fingerprint}\n");
            } else {
                ret += &format!("\n{addr}\n(key missing)\n{fingerprint}\n");
            }
@@ -1782,6 +1772,16 @@ impl Chat {
                .set_i64(Param::GroupNameTimestamp, msg.timestamp_sort)
                .set_i64(Param::GroupDescriptionTimestamp, msg.timestamp_sort);
            self.update_param(context).await?;
+            // TODO: Remove this compat code needed because Core <= v1.143:
+            // - doesn't accept synchronization of QR code tokens for unpromoted groups, so we also
+            //   send them when the group is promoted.
+            // - doesn't sync QR code tokens for unpromoted groups and the group might be created
+            //   before an upgrade.
+            context
+                .sync_qr_code_tokens(Some(self.grpid.as_str()))
+                .await
+                .log_err(context)
+                .ok();
        }

        let is_bot = context.get_config_bool(Config::Bot).await?;
@@ -2844,12 +2844,19 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
    let lowercase_from = from.to_lowercase();

    recipients.retain(|x| x.to_lowercase() != lowercase_from);
-
-    // Default Webxdc integrations are hidden messages and must not be sent out:
-    if (msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden)
-        // This may happen eg. for groups with only SELF and bcc_self disabled:
-        || (!context.get_config_bool(Config::BccSelf).await? && recipients.is_empty())
+    if context.get_config_bool(Config::BccSelf).await?
+        || msg.param.get_cmd() == SystemMessage::AutocryptSetupMessage
    {
+        smtp::add_self_recipients(context, &mut recipients, needs_encryption).await?;
+    }
+
+    // Default Webxdc integrations are hidden messages and must not be sent out
+    if msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden {
+        recipients.clear();
+    }
+
+    if recipients.is_empty() {
+        // may happen eg. for groups with only SELF and bcc_self disabled
        info!(
            context,
            "Message {} has no recipient, skipping smtp-send.", msg.id
@@ -2888,10 +2895,6 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
        );
    }

-    if context.get_config_bool(Config::BccSelf).await? {
-        smtp::add_self_recipients(context, &mut recipients, rendered_msg.is_encrypted).await?;
-    }
-
    if needs_encryption && !rendered_msg.is_encrypted {
        /* unrecoverable */
        message::set_msg_failed(
@@ -3403,38 +3406,6 @@ pub(crate) async fn mark_old_messages_as_noticed(
    Ok(())
 }

-/// Marks last incoming message in a chat as fresh.
-pub async fn markfresh_chat(context: &Context, chat_id: ChatId) -> Result<()> {
-    let affected_rows = context
-        .sql
-        .execute(
-            "UPDATE msgs
-                SET state=?1
-              WHERE id=(SELECT id
-                          FROM msgs
-                         WHERE state IN (?1, ?2, ?3) AND hidden=0 AND chat_id=?4
-                      ORDER BY timestamp DESC, id DESC
-                         LIMIT 1)
-                AND state!=?1",
-            (
-                MessageState::InFresh,
-                MessageState::InNoticed,
-                MessageState::InSeen,
-                chat_id,
-            ),
-        )
-        .await?;
-
-    if affected_rows == 0 {
-        return Ok(());
-    }
-
-    context.emit_msgs_changed_without_msg_id(chat_id);
-    chatlist_events::emit_chatlist_item_changed(context, chat_id);
-
-    Ok(())
-}
-
 /// Returns all database message IDs of the given types.
 ///
 /// If `chat_id` is None, return messages from any chat.
@@ -3923,6 +3894,8 @@ pub(crate) async fn add_contact_to_chat_ex(
        );
        return Ok(false);
    }
+
+    let sync_qr_code_tokens;
    if from_handshake && chat.param.get_int(Param::Unpromoted).unwrap_or_default() == 1 {
        let smeared_time = smeared_time(context);
        chat.param
@@ -3930,7 +3903,11 @@ pub(crate) async fn add_contact_to_chat_ex(
            .set_i64(Param::GroupNameTimestamp, smeared_time)
            .set_i64(Param::GroupDescriptionTimestamp, smeared_time);
        chat.update_param(context).await?;
+        sync_qr_code_tokens = true;
+    } else {
+        sync_qr_code_tokens = false;
    }
+
    if context.is_self_addr(contact.get_addr()).await? {
        // ourself is added using ContactId::SELF, do not add this address explicitly.
        // if SELF is not in the group, members cannot be added at all.
@@ -3979,6 +3956,20 @@ pub(crate) async fn add_contact_to_chat_ex(
        send_msg(context, chat_id, &mut msg).await?;

        sync = Nosync;
+        // TODO: Remove this compat code needed because Core <= v1.143:
+        // - doesn't accept synchronization of QR code tokens for unpromoted groups, so we also send
+        //   them when the group is promoted.
+        // - doesn't sync QR code tokens for unpromoted groups and the group might be created before
+        //   an upgrade.
+        if sync_qr_code_tokens
+            && context
+                .sync_qr_code_tokens(Some(chat.grpid.as_str()))
+                .await
+                .log_err(context)
+                .is_ok()
+        {
+            context.scheduler.interrupt_smtp().await;
+        }
    }
    context.emit_event(EventType::ChatModified(chat_id));
    if sync.into() {
@@ -4272,7 +4263,9 @@ async fn set_chat_description_ex(

    if chat.is_promoted() {
        let mut msg = Message::new(Viewtype::Text);
-        msg.text = stock_str::msg_chat_description_changed(context, ContactId::SELF).await;
+        msg.text =
+            "[Chat description changed. To see this and other new features, please update the app]"
+                .to_string();
        msg.param.set_cmd(SystemMessage::GroupDescriptionChanged);

        msg.id = send_msg(context, chat_id, &mut msg).await?;
@@ -4357,11 +4350,8 @@ async fn rename_ex(
                && sanitize_single_line(&chat.name) != new_name
            {
                msg.viewtype = Viewtype::Text;
-                msg.text = if chat.typ == Chattype::OutBroadcast {
-                    stock_str::msg_broadcast_name_changed(context, &chat.name, &new_name).await
-                } else {
-                    stock_str::msg_grp_name(context, &chat.name, &new_name, ContactId::SELF).await
-                };
+                msg.text =
+                    stock_str::msg_grp_name(context, &chat.name, &new_name, ContactId::SELF).await;
                msg.param.set_cmd(SystemMessage::GroupNameChanged);
                if !chat.name.is_empty() {
                    msg.param.set(Param::Arg, &chat.name);
@@ -4422,11 +4412,7 @@ pub async fn set_chat_profile_image(
    if new_image.is_empty() {
        chat.param.remove(Param::ProfileImage);
        msg.param.remove(Param::Arg);
-        msg.text = if chat.typ == Chattype::OutBroadcast {
-            stock_str::msg_broadcast_img_changed(context).await
-        } else {
-            stock_str::msg_grp_img_deleted(context, ContactId::SELF).await
-        };
+        msg.text = stock_str::msg_grp_img_deleted(context, ContactId::SELF).await;
    } else {
        let mut image_blob = BlobObject::create_and_deduplicate(
            context,
@@ -4436,11 +4422,7 @@ pub async fn set_chat_profile_image(
        image_blob.recode_to_avatar_size(context).await?;
        chat.param.set(Param::ProfileImage, image_blob.as_name());
        msg.param.set(Param::Arg, image_blob.as_name());
-        msg.text = if chat.typ == Chattype::OutBroadcast {
-            stock_str::msg_broadcast_img_changed(context).await
-        } else {
-            stock_str::msg_grp_img_changed(context, ContactId::SELF).await
-        };
+        msg.text = stock_str::msg_grp_img_changed(context, ContactId::SELF).await;
    }
    chat.update_param(context).await?;
    if chat.is_promoted() {
@@ -4682,6 +4664,7 @@ pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
            }
            msg_state => bail!("Unexpected message state {msg_state}"),
        }
+        msg.timestamp_sort = create_smeared_timestamp(context);
        if create_send_msg_jobs(context, &mut msg).await?.is_empty() {
            continue;
        }
@@ -5077,18 +5060,18 @@ async fn set_contacts_by_fingerprints(
        matches!(chat.typ, Chattype::Group | Chattype::OutBroadcast),
        "{id} is not a group or broadcast",
    );
-    let mut contacts = BTreeSet::new();
+    let mut contacts = HashSet::new();
    for (fingerprint, addr) in fingerprint_addrs {
        let contact = Contact::add_or_lookup_ex(context, "", addr, fingerprint, Origin::Hidden)
            .await?
            .0;
        contacts.insert(contact);
    }
-    let contacts_old = BTreeSet::<ContactId>::from_iter(get_chat_contacts(context, id).await?);
+    let contacts_old = HashSet::<ContactId>::from_iter(get_chat_contacts(context, id).await?);
    if contacts == contacts_old {
        return Ok(());
    }
-    let broadcast_contacts_added = context
+    context
        .sql
        .transaction(move |transaction| {
            // For broadcast channels, we only add members,
@@ -5105,31 +5088,12 @@ async fn set_contacts_by_fingerprints(
            let mut statement = transaction.prepare(
                "INSERT OR IGNORE INTO chats_contacts (chat_id, contact_id) VALUES (?, ?)",
            )?;
-            let mut broadcast_contacts_added = Vec::new();
            for contact_id in &contacts {
-                if statement.execute((id, contact_id))? > 0 && chat.typ == Chattype::OutBroadcast {
-                    broadcast_contacts_added.push(*contact_id);
-                }
+                statement.execute((id, contact_id))?;
            }
-            Ok(broadcast_contacts_added)
+            Ok(())
        })
        .await?;
-    let timestamp = smeared_time(context);
-    for added_id in broadcast_contacts_added {
-        let msg = stock_str::msg_add_member_local(context, added_id, ContactId::UNDEFINED).await;
-        add_info_msg_with_cmd(
-            context,
-            id,
-            &msg,
-            SystemMessage::MemberAddedToGroup,
-            Some(timestamp),
-            timestamp,
-            None,
-            Some(ContactId::SELF),
-            Some(added_id),
-        )
-        .await?;
-    }
    context.emit_event(EventType::ChatModified(id));
    Ok(())
 }
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
@@ -866,6 +866,7 @@ async fn test_add_device_msg_unlabelled() {
    assert_eq!(msg1.from_id, ContactId::DEVICE);
    assert_eq!(msg1.to_id, ContactId::SELF);
    assert!(!msg1.is_info());
+    assert!(!msg1.is_setupmessage());

    let msg2 = message::Message::load_from_db(&t, msg2_id.unwrap()).await;
    assert!(msg2.is_ok());
@@ -898,6 +899,7 @@ async fn test_add_device_msg_labelled() -> Result<()> {
    assert_eq!(msg1.from_id, ContactId::DEVICE);
    assert_eq!(msg1.to_id, ContactId::SELF);
    assert!(!msg1.is_info());
+    assert!(!msg1.is_setupmessage());

    // check device chat
    let chat_id = msg1.chat_id;
@@ -1329,54 +1331,6 @@ async fn test_marknoticed_all_chats() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_markfresh_chat() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    // alice sends a message to Bob
-    let alice_chat = alice.create_chat(bob).await;
-    let sent_msg1 = alice.send_text(alice_chat.id, "hi bob!").await;
-
-    // bob received the message, fresh count is 1
-    let bob_msg1 = bob.recv_msg(&sent_msg1).await;
-    let bob_chat_id = bob_msg1.chat_id;
-    bob_chat_id.accept(bob).await?;
-    assert_eq!(bob_msg1.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 1);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 1);
-
-    // alice sends another message to bob, fresh count is 2
-    let sent_msg2 = alice.send_text(alice_chat.id, "howdy?").await;
-    let bob_msg2 = bob.recv_msg(&sent_msg2).await;
-    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
-    assert_eq!(bob_msg1.state, MessageState::InFresh);
-    assert_eq!(bob_msg2.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 2);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 2);
-
-    // bob marks the chat as noticed, messages are no longer fresh, fresh count is 0
-    marknoticed_chat(bob, bob_chat_id).await?;
-    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
-    let bob_msg2 = Message::load_from_db(bob, bob_msg2.id).await?;
-    assert_ne!(bob_msg1.state, MessageState::InFresh);
-    assert_ne!(bob_msg2.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 0);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 0);
-
-    // bob marks the chat as fresh again, fresh count is 1 again
-    markfresh_chat(bob, bob_chat_id).await?;
-    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
-    let bob_msg2 = Message::load_from_db(bob, bob_msg2.id).await?;
-    assert_ne!(bob_msg1.state, MessageState::InFresh);
-    assert_eq!(bob_msg2.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 1);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 1);
-
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_archive_fresh_msgs() -> Result<()> {
    let t = TestContext::new_alice().await;
@@ -2687,7 +2641,7 @@ async fn test_resend_own_message() -> Result<()> {
    );
    let msg_from = Contact::get_by_id(&fiona, msg.get_from_id()).await?;
    assert_eq!(msg_from.get_addr(), "alice@example.org");
-    assert!(sent1_ts_sent == msg.timestamp_sent);
+    assert!(sent1_ts_sent < msg.timestamp_sent);

    Ok(())
 }
@@ -2777,24 +2731,27 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        join_securejoin(charlie, &qr).await.unwrap();

        let request = charlie.pop_sent_msg().await;
-        assert_eq!(request.recipients, "alice@example.org");
+        assert_eq!(request.recipients, "alice@example.org charlie@example.net");

        alice.recv_msg_trash(&request).await;
    }

-    tcm.section("Alice sends vc-pubkey");
+    tcm.section("Alice sends auth-required");
    {
-        let vc_pubkey = alice.pop_sent_msg().await;
-        assert_eq!(vc_pubkey.recipients, "charlie@example.net");
-        let parsed = charlie.parse_msg(&vc_pubkey).await;
-        assert!(parsed.get_header(HeaderDef::AutocryptGossip).is_none());
-        assert_eq!(parsed.decoded_data_contains("charlie@example.net"), false);
+        let auth_required = alice.pop_sent_msg().await;
+        assert_eq!(
+            auth_required.recipients,
+            "charlie@example.net alice@example.org"
+        );
+        let parsed = charlie.parse_msg(&auth_required).await;
+        assert!(parsed.get_header(HeaderDef::AutocryptGossip).is_some());
+        assert!(parsed.decoded_data_contains("charlie@example.net"));
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

-        let parsed_by_bob = bob.parse_msg(&vc_pubkey).await;
+        let parsed_by_bob = bob.parse_msg(&auth_required).await;
        assert!(parsed_by_bob.decrypting_failed);

-        charlie.recv_msg_trash(&vc_pubkey).await;
+        charlie.recv_msg_trash(&auth_required).await;
    }

    tcm.section("Charlie sends request-with-auth");
@@ -3035,49 +2992,27 @@ async fn test_broadcast_recipients_sync1() -> Result<()> {
    alice1.recv_msg_trash(&request).await;
    alice2.recv_msg_trash(&request).await;

-    let vc_pubkey = alice1.pop_sent_msg().await;
-    charlie.recv_msg_trash(&vc_pubkey).await;
+    let auth_required = alice1.pop_sent_msg().await;
+    charlie.recv_msg_trash(&auth_required).await;
+    alice2.recv_msg_trash(&auth_required).await;

    let request_with_auth = charlie.pop_sent_msg().await;
    alice1.recv_msg_trash(&request_with_auth).await;
    alice2.recv_msg_trash(&request_with_auth).await;

    let member_added = alice1.pop_sent_msg().await;
-    let a2_charlie_added = alice2.recv_msg(&member_added).await;
+    let a2_member_added = alice2.recv_msg(&member_added).await;
    let _c_member_added = charlie.recv_msg(&member_added).await;
-    let a2_chatlist = Chatlist::try_load(alice2, 0, Some("Channel"), None).await?;
-    assert_eq!(a2_chatlist.get_msg_id(0)?.unwrap(), a2_charlie_added.id);

    // Alice1 will now sync the full member list to Alice2:
    sync(alice1, alice2).await;
+    let a2_chatlist = Chatlist::try_load(alice2, 0, Some("Channel"), None).await?;
+    assert_eq!(a2_chatlist.get_msg_id(0)?.unwrap(), a2_member_added.id);
+
    let a2_bob_contact = alice2.add_or_lookup_contact_id(bob).await;
    let a2_charlie_contact = alice2.add_or_lookup_contact_id(charlie).await;
-    let a2_chatlist = Chatlist::try_load(alice2, 0, Some("Channel"), None).await?;
-    let msg_id = a2_chatlist.get_msg_id(0)?.unwrap();
-    let a2_bob_added = Message::load_from_db(alice2, msg_id).await?;
-    assert_ne!(a2_bob_added.id, a2_charlie_added.id);
-    assert_eq!(
-        a2_bob_added.text,
-        stock_str::msg_add_member_local(alice2, a2_bob_contact, ContactId::UNDEFINED).await
-    );
-    assert_eq!(a2_bob_added.from_id, ContactId::SELF);
-    assert_eq!(
-        a2_bob_added.param.get_cmd(),
-        SystemMessage::MemberAddedToGroup
-    );
-    assert_eq!(
-        ContactId::new(
-            a2_bob_added
-                .param
-                .get_int(Param::ContactAddedRemoved)
-                .unwrap()
-                .try_into()
-                .unwrap()
-        ),
-        a2_bob_contact
-    );

-    let a2_chat_members = get_chat_contacts(alice2, a2_charlie_added.chat_id).await?;
+    let a2_chat_members = get_chat_contacts(alice2, a2_member_added.chat_id).await?;
    assert!(a2_chat_members.contains(&a2_bob_contact));
    assert!(a2_chat_members.contains(&a2_charlie_contact));
    assert_eq!(a2_chat_members.len(), 2);
@@ -3183,7 +3118,7 @@ async fn test_broadcasts_name_and_avatar() -> Result<()> {
    assert_eq!(rcvd.get_info_type(), SystemMessage::GroupNameChanged);
    assert_eq!(
        rcvd.text,
-        r#"Channel name changed from "My Channel" to "New Channel name"."#
+        r#"Group name changed from "My Channel" to "New Channel name" by Alice."#
    );
    let bob_chat = Chat::load_from_db(bob, bob_chat.id).await?;
    assert_eq!(bob_chat.name, "New Channel name");
@@ -3200,7 +3135,7 @@ async fn test_broadcasts_name_and_avatar() -> Result<()> {
    let rcvd = bob.recv_msg(&sent).await;
    assert!(rcvd.get_override_sender_name().is_none());
    assert_eq!(rcvd.get_info_type(), SystemMessage::GroupImageChanged);
-    assert_eq!(rcvd.text, "Channel image changed.");
+    assert_eq!(rcvd.text, "Group image changed by Alice.");
    assert_eq!(rcvd.chat_id, bob_chat.id);

    let bob_chat = Chat::load_from_db(bob, bob_chat.id).await?;
@@ -3223,59 +3158,29 @@ async fn test_broadcasts_name_and_avatar() -> Result<()> {

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_chat_description_basic() {
-    test_chat_description("", false, Chattype::Group)
-        .await
-        .unwrap();
-    // Don't test with broadcast channels,
-    // because broadcast channels can only be joined via a QR code
+    test_chat_description("", false).await.unwrap()
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_chat_description_unpromoted_description() {
-    test_chat_description(
-        "Unpromoted description in the beginning",
-        false,
-        Chattype::Group,
-    )
-    .await
-    .unwrap();
-    // Don't test with broadcast channels,
-    // because broadcast channels can only be joined via a QR code
+    test_chat_description("Unpromoted description in the beginning", false)
+        .await
+        .unwrap()
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_chat_description_qr() {
-    test_chat_description("", true, Chattype::Group)
-        .await
-        .unwrap();
-    test_chat_description("", true, Chattype::OutBroadcast)
-        .await
-        .unwrap();
+    test_chat_description("", true).await.unwrap()
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_chat_description_unpromoted_description_qr() {
-    test_chat_description(
-        "Unpromoted description in the beginning",
-        true,
-        Chattype::Group,
-    )
-    .await
-    .unwrap();
-    test_chat_description(
-        "Unpromoted description in the beginning",
-        true,
-        Chattype::OutBroadcast,
-    )
-    .await
-    .unwrap();
+    test_chat_description("Unpromoted description in the beginning", true)
+        .await
+        .unwrap()
 }

-async fn test_chat_description(
-    initial_description: &str,
-    join_via_qr: bool,
-    chattype: Chattype,
-) -> Result<()> {
+async fn test_chat_description(initial_description: &str, join_via_qr: bool) -> Result<()> {
    let mut tcm = TestContextManager::new();
    let alice = &tcm.alice().await;
    let alice2 = &tcm.alice().await;
@@ -3285,29 +3190,12 @@ async fn test_chat_description(
    alice2.set_config_bool(Config::SyncMsgs, true).await?;

    tcm.section("Create a group chat, and add Bob");
-    let alice_chat_id = if chattype == Chattype::Group {
-        create_group(alice, "My Group").await?
-    } else {
-        create_broadcast(alice, "My Channel".to_string()).await?
-    };
-    sync(alice, alice2).await;
+    let alice_chat_id = create_group(alice, "My Group").await?;

    if !initial_description.is_empty() {
        set_chat_description(alice, alice_chat_id, initial_description).await?;
-
-        if chattype == Chattype::OutBroadcast {
-            // Broadcast channels are always promoted, so, a message is sent:
-            let sent = alice.pop_sent_msg().await;
-            assert_eq!(
-                sent.load_from_db().await.text,
-                "You changed the chat description."
-            );
-            let rcvd = alice2.recv_msg(&sent).await;
-            assert_eq!(rcvd.text, "You changed the chat description.");
-        } else {
-            sync(alice, alice2).await;
-        }
    }
+    sync(alice, alice2).await;

    let alice2_chat_id = get_chat_id_by_grpid(
        alice2,
@@ -3335,12 +3223,7 @@ async fn test_chat_description(
        initial_description
    );

-    for description in [
-        &"This<>is 'a' \"cool\" chat:/\\|?*".repeat(50),
-        "multiple\nline\n\nbreaks\n\n\r\n.",
-        "",
-        "ä ẟ 😂",
-    ] {
+    for description in ["This is a cool group", "", "ä ẟ 😂"] {
        tcm.section(&format!(
            "Alice sets the chat description to '{description}'"
        ));
@@ -3348,15 +3231,10 @@ async fn test_chat_description(
        let sent = alice.pop_sent_msg().await;
        assert_eq!(
            sent.load_from_db().await.text,
-            "You changed the chat description."
+            "[Chat description changed. To see this and other new features, please update the app]"
        );

        tcm.section("Bob receives the description change");
-        let parsed = MimeMessage::from_bytes(bob, sent.payload().as_bytes()).await?;
-        assert_eq!(
-            parsed.parts[0].msg,
-            "[Chat description changed. To see this and other new features, please update the app]"
-        );
        let rcvd = bob.recv_msg(&sent).await;
        assert_eq!(rcvd.get_info_type(), SystemMessage::GroupDescriptionChanged);
        assert_eq!(rcvd.text, "Chat description changed by alice@example.org.");
@@ -3451,17 +3329,14 @@ async fn test_broadcast_joining_golden() -> Result<()> {
        .await;

    let alice_bob_contact = alice.add_or_lookup_contact_no_key(bob).await;
+    let private_chat = ChatIdBlocked::lookup_by_contact(alice, alice_bob_contact.id)
+        .await?
+        .unwrap();
    // The 1:1 chat with Bob should not be visible to the user:
-    assert!(
-        ChatIdBlocked::lookup_by_contact(alice, alice_bob_contact.id)
-            .await?
-            .is_none()
-    );
-    let private_chat_id =
-        ChatId::create_for_contact_with_blocked(alice, alice_bob_contact.id, Blocked::Not).await?;
+    assert_eq!(private_chat.blocked, Blocked::Yes);
    alice
        .golden_test_chat(
-            private_chat_id,
+            private_chat.id,
            "test_broadcast_joining_golden_private_chat",
        )
        .await;
@@ -3738,13 +3613,16 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {
    join_securejoin(bob0, &qr).await.unwrap();

    let request = bob0.pop_sent_msg().await;
-    assert_eq!(request.recipients, "alice@example.org");
+    assert_eq!(request.recipients, "alice@example.org bob@example.net");

    alice.recv_msg_trash(&request).await;
-    let vc_pubkey = alice.pop_sent_msg().await;
-    assert_eq!(vc_pubkey.recipients, "bob@example.net");
+    let auth_required = alice.pop_sent_msg().await;
+    assert_eq!(
+        auth_required.recipients,
+        "bob@example.net alice@example.org"
+    );

-    bob0.recv_msg_trash(&vc_pubkey).await;
+    bob0.recv_msg_trash(&auth_required).await;
    let request_with_auth = bob0.pop_sent_msg().await;
    assert_eq!(
        request_with_auth.recipients,
@@ -3760,7 +3638,7 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {
    assert_eq!(rcvd.param.get_cmd(), SystemMessage::MemberAddedToGroup);

    tcm.section("Bob's second device also receives these messages");
-    bob1.recv_msg_trash(&vc_pubkey).await;
+    bob1.recv_msg_trash(&auth_required).await;
    bob1.recv_msg_trash(&request_with_auth).await;
    bob1.recv_msg(&member_added).await;

@@ -3790,7 +3668,7 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {

    let leave_msg = bob0.pop_sent_msg().await;
    let parsed = MimeMessage::from_bytes(bob1, leave_msg.payload().as_bytes()).await?;
-    assert_eq!(parsed.parts[0].msg, "bob@example.net left the group.");
+    assert_eq!(parsed.parts[0].msg, "I left the group.");

    let rcvd = bob1.recv_msg(&leave_msg).await;

@@ -3857,7 +3735,7 @@ async fn test_only_broadcast_owner_can_send_1() -> Result<()> {
        "Bob receives an answer, but shows it in 1:1 chat because of a fingerprint mismatch",
    );
    let rcvd = bob.recv_msg(&member_added).await;
-    assert_eq!(rcvd.text, "Member bob@example.net was added.");
+    assert_eq!(rcvd.text, "I added member bob@example.net.");

    let bob_alice_chat_id = bob.get_chat(alice).await.id;
    assert_eq!(rcvd.chat_id, bob_alice_chat_id);
@@ -3907,7 +3785,6 @@ async fn test_only_broadcast_owner_can_send_2() -> Result<()> {
    tcm.section("Now, Alice's fingerprint changes");

    alice.sql.execute("DELETE FROM keypairs", ()).await?;
-    *alice.self_public_key.lock().await = None;
    alice
        .sql
        .execute("DELETE FROM config WHERE keyname='key_id'", ())
@@ -3918,20 +3795,14 @@ async fn test_only_broadcast_owner_can_send_2() -> Result<()> {
        .self_fingerprint
        .take();

-    tcm.section("Alice sends a message, which is trashed");
-    let sent = alice.send_text(alice_broadcast_id, "Hi").await;
-    bob.recv_msg_trash(&sent).await;
-    let EventType::Warning(warning) = bob
-        .evtracker
-        .get_matching(|ev| matches!(ev, EventType::Warning(_)))
-        .await
-    else {
-        unreachable!()
-    };
-    assert!(
-        warning.contains("This sender is not allowed to encrypt with this secret key"),
-        "Wrong warning: {warning}"
+    tcm.section(
+        "Alice sends a message, which is not put into the broadcast chat but into a 1:1 chat",
    );
+    let sent = alice.send_text(alice_broadcast_id, "Hi").await;
+    let rcvd = bob.recv_msg(&sent).await;
+    assert_eq!(rcvd.text, "Hi");
+    let bob_alice_chat_id = bob.get_chat(alice).await.id;
+    assert_eq!(rcvd.chat_id, bob_alice_chat_id);

    Ok(())
 }
@@ -3966,7 +3837,7 @@ async fn test_sync_broadcast_avatar_and_name() -> Result<()> {
    assert_eq!(rcvd.param.get_cmd(), SystemMessage::GroupNameChanged);
    assert_eq!(
        rcvd.text,
-        r#"Channel name changed from "foo" to "New name"."#
+        r#"You changed group name from "foo" to "New name"."#
    );

    let a2_broadcast_chat = Chat::load_from_db(alice2, a2_broadcast_id).await?;
@@ -3980,7 +3851,7 @@ async fn test_sync_broadcast_avatar_and_name() -> Result<()> {
    let rcvd = alice1.recv_msg(&sent).await;
    assert_eq!(rcvd.chat_id, a1_broadcast_id);
    assert_eq!(rcvd.param.get_cmd(), SystemMessage::GroupImageChanged);
-    assert_eq!(rcvd.text, "Channel image changed.");
+    assert_eq!(rcvd.text, "You changed the group image.");

    let a1_broadcast_chat = Chat::load_from_db(alice1, a1_broadcast_id).await?;
    let avatar = a1_broadcast_chat.get_profile_image(alice1).await?.unwrap();
@@ -4000,7 +3871,6 @@ async fn test_encrypt_decrypt_broadcast() -> Result<()> {
    let grpid = "grpid";

    let alice_bob_contact_id = alice.add_or_lookup_contact_id(bob).await;
-    let bob_alice_contact_id = bob.add_or_lookup_contact_id(alice).await;

    tcm.section("Create a broadcast channel with Bob, and send a message");
    let alice_chat_id = create_out_broadcast_ex(
@@ -4024,7 +3894,6 @@ async fn test_encrypt_decrypt_broadcast() -> Result<()> {
    )
    .await?;
    save_broadcast_secret(bob, bob_chat_id, secret).await?;
-    add_to_chat_contacts_table(bob, time(), bob_chat_id, &[bob_alice_contact_id]).await?;

    let sent = alice
        .send_text(alice_chat_id, "Symmetrically encrypted message")
@@ -4098,7 +3967,7 @@ async fn test_chat_get_encryption_info() -> Result<()> {
        chat_id.get_encryption_info(alice).await?,
        "Messages are end-to-end encrypted.\n\
         \n\
-         bob@example.net(bob@example.net)\n\
+         bob@example.net\n\
         CCCB 5AA9 F6E1 141C 9431\n\
         65F1 DB18 B18C BCF7 0487"
    );
@@ -4108,11 +3977,11 @@ async fn test_chat_get_encryption_info() -> Result<()> {
        chat_id.get_encryption_info(alice).await?,
        "Messages are end-to-end encrypted.\n\
         \n\
-         fiona@example.net(fiona@example.net)\n\
+         fiona@example.net\n\
         C8BA 50BF 4AC1 2FAF 38D7\n\
         F657 DDFC 8E9F 3C79 9195\n\
         \n\
-         bob@example.net(bob@example.net)\n\
+         bob@example.net\n\
         CCCB 5AA9 F6E1 141C 9431\n\
         65F1 DB18 B18C BCF7 0487"
    );
@@ -4784,10 +4653,6 @@ async fn test_sync_broadcast_and_send_message() -> Result<()> {
        vec![a2b_contact_id]
    );

-    // alice2's smeared clock may be behind alice1's one, so we need to work around "hi" appearing
-    // before "You joined the channel." for bob. alice1 makes 3 more calls of
-    // create_smeared_timestamp() than alice2 does as of 2026-03-10.
-    SystemTime::shift(Duration::from_secs(3));
    tcm.section("Alice's second device sends a message to the channel");
    let sent_msg = alice2.send_text(a2_broadcast_id, "hi").await;
    let msg = bob.recv_msg(&sent_msg).await;
@@ -4852,7 +4717,7 @@ async fn test_sync_name() -> Result<()> {
    assert_eq!(rcvd.to_id, ContactId::SELF);
    assert_eq!(
        rcvd.text,
-        "Channel name changed from \"Channel\" to \"Broadcast channel 42\"."
+        "You changed group name from \"Channel\" to \"Broadcast channel 42\"."
    );
    assert_eq!(rcvd.param.get_cmd(), SystemMessage::GroupNameChanged);
    let a1_broadcast_id = get_chat_id_by_grpid(alice1, &a0_broadcast_chat.grpid)
@@ -4922,22 +4787,6 @@ async fn test_sync_create_group() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_broadcast_contacts_are_hidden() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-    send_text_msg(alice, alice_chat_id, "hello".to_string()).await?;
-    bob.recv_msg(&alice.pop_sent_msg().await).await;
-    assert_eq!(Contact::get_all(alice, 0, None).await?.len(), 0);
-    assert_eq!(Contact::get_all(bob, 0, None).await?.len(), 0);
-    Ok(())
-}
-
 /// Tests sending JPEG image with .png extension.
 ///
 /// This is a regression test, previously sending failed
--- a/src/config.rs
+++ b/src/config.rs
@@ -19,7 +19,7 @@ use crate::log::LogExt;
 use crate::mimefactory::RECOMMENDED_FILE_SIZE;
 use crate::provider::Provider;
 use crate::sync::{self, Sync::*, SyncData};
-use crate::tools::{get_abs_path, time};
+use crate::tools::get_abs_path;
 use crate::transport::{ConfiguredLoginParam, add_pseudo_transport, send_sync_transports};
 use crate::{constants, stats};

@@ -828,22 +828,6 @@ impl Context {
                                (addr,),
                            )?;

-                            // Update the timestamp for the primary transport
-                            // so it becomes the first in `get_all_self_addrs()` list
-                            // and the list of relays distributed in the public key.
-                            // This ensures that messages will be sent
-                            // to the primary relay by the contacts
-                            // and will be fetched in background_fetch()
-                            // which only fetches from the primary transport.
-                            transaction
-                                .execute(
-                                    "UPDATE transports SET add_timestamp=?, is_published=1 WHERE addr=?",
-                                    (time(), addr),
-                                )
-                                .context(
-                                    "Failed to update add_timestamp for the new primary transport",
-                                )?;
-
                            // Clean up SMTP and IMAP APPEND queue.
                            //
                            // The messages in the queue have a different
@@ -960,33 +944,12 @@ impl Context {
        Ok(())
    }

-    /// Returns all self addresses, newest first.
+    /// Returns the primary self address followed by all secondary ones.
    pub(crate) async fn get_all_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql
-            .query_map_vec(
-                "SELECT addr FROM transports ORDER BY add_timestamp DESC, id DESC",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )
-            .await
-    }
+        let primary_addrs = self.get_config(Config::ConfiguredAddr).await?.into_iter();
+        let secondary_addrs = self.get_secondary_self_addrs().await?.into_iter();

-    /// Returns all published self addresses, newest first.
-    /// See `[Context::set_transport_unpublished]`
-    pub(crate) async fn get_published_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql
-            .query_map_vec(
-                "SELECT addr FROM transports WHERE is_published=1 ORDER BY add_timestamp DESC, id DESC",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )
-            .await
+        Ok(primary_addrs.chain(secondary_addrs).collect())
    }

    /// Returns all secondary self addresses.
@@ -997,24 +960,6 @@ impl Context {
        }).await
    }

-    /// Returns all published secondary self addresses.
-    /// See `[Context::set_transport_unpublished]`
-    pub(crate) async fn get_published_secondary_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql
-            .query_map_vec(
-                "SELECT addr FROM transports
-                WHERE is_published
-                AND addr NOT IN (SELECT value FROM config WHERE keyname='configured_addr')
-                ORDER BY add_timestamp DESC, id DESC",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )
-            .await
-    }
-
    /// Returns the primary self address.
    /// Returns an error if no self addr is configured.
    pub async fn get_primary_self_addr(&self) -> Result<String> {
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -28,8 +28,8 @@ use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
 use crate::imap::Imap;
 use crate::log::warn;
+use crate::login_param::EnteredCertificateChecks;
 pub use crate::login_param::EnteredLoginParam;
-use crate::login_param::{EnteredCertificateChecks, TransportListEntry};
 use crate::message::Message;
 use crate::net::proxy::ProxyConfig;
 use crate::oauth2::get_oauth2_addr;
@@ -110,7 +110,6 @@ impl Context {
    ///   from a server encoded in a QR code.
    /// - [Self::list_transports()] to get a list of all configured transports.
    /// - [Self::delete_transport()] to remove a transport.
-    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
    pub async fn add_or_update_transport(&self, param: &mut EnteredLoginParam) -> Result<()> {
        self.stop_io().await;
        let result = self.add_transport_inner(param).await;
@@ -189,22 +188,14 @@ impl Context {
    /// Returns the list of all email accounts that are used as a transport in the current profile.
    /// Use [Self::add_or_update_transport()] to add or change a transport
    /// and [Self::delete_transport()] to delete a transport.
-    pub async fn list_transports(&self) -> Result<Vec<TransportListEntry>> {
+    pub async fn list_transports(&self) -> Result<Vec<EnteredLoginParam>> {
        let transports = self
            .sql
-            .query_map_vec(
-                "SELECT entered_param, is_published FROM transports",
-                (),
-                |row| {
-                    let param: String = row.get(0)?;
-                    let param: EnteredLoginParam = serde_json::from_str(&param)?;
-                    let is_published: bool = row.get(1)?;
-                    Ok(TransportListEntry {
-                        param,
-                        is_unpublished: !is_published,
-                    })
-                },
-            )
+            .query_map_vec("SELECT entered_param FROM transports", (), |row| {
+                let entered_param: String = row.get(0)?;
+                let transport: EnteredLoginParam = serde_json::from_str(&entered_param)?;
+                Ok(transport)
+            })
            .await?;

        Ok(transports)
@@ -270,44 +261,6 @@ impl Context {
        Ok(())
    }

-    /// Change whether the transport is unpublished.
-    ///
-    /// Unpublished transports are not advertised to contacts,
-    /// and self-sent messages are not sent there,
-    /// so that we don't cause extra messages to the corresponding inbox,
-    /// but can still receive messages from contacts who don't know our new transport addresses yet.
-    ///
-    /// The default is false, but when the user updates from a version that didn't have this flag,
-    /// existing secondary transports are set to unpublished,
-    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
-    pub async fn set_transport_unpublished(&self, addr: &str, unpublished: bool) -> Result<()> {
-        self.sql
-            .transaction(|trans| {
-                let primary_addr: String = trans
-                    .query_row(
-                        "SELECT value FROM config WHERE keyname='configured_addr'",
-                        (),
-                        |row| row.get(0),
-                    )
-                    .context("Select primary address")?;
-                if primary_addr == addr && unpublished {
-                    bail!("Can't set primary relay as unpublished");
-                }
-                // We need to update the timestamp so that the key's timestamp changes
-                // and is recognized as newer by our peers
-                trans
-                    .execute(
-                        "UPDATE transports SET is_published=?, add_timestamp=? WHERE addr=? AND is_published!=?1",
-                        (!unpublished, time(), addr),
-                    )
-                    .context("Update transports")?;
-                Ok(())
-            })
-            .await?;
-        send_sync_transports(self).await?;
-        Ok(())
-    }
-
    async fn inner_configure(&self, param: &EnteredLoginParam) -> Result<()> {
        info!(self, "Configure ...");

@@ -596,6 +549,9 @@ async fn get_configured_param(
 async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'static Provider>> {
    progress!(ctx, 1);

+    let ctx2 = ctx.clone();
+    let update_device_chats_handle = task::spawn(async move { ctx2.update_device_chats().await });
+
    let configured_param = get_configured_param(ctx, param).await?;
    let proxy_config = ProxyConfig::load(ctx).await?;
    let strict_tls = configured_param.strict_tls(proxy_config.is_some());
@@ -634,14 +590,11 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
    let (_s, r) = async_channel::bounded(1);
    let mut imap = Imap::new(ctx, transport_id, configured_param.clone(), r).await?;
    let configuring = true;
-    let imap_session = match imap.connect(ctx, configuring).await {
-        Ok(imap_session) => imap_session,
-        Err(err) => {
-            bail!(
-                "{}",
-                nicer_configuration_error(ctx, format!("{err:#}")).await
-            );
-        }
+    if let Err(err) = imap.connect(ctx, configuring).await {
+        bail!(
+            "{}",
+            nicer_configuration_error(ctx, format!("{err:#}")).await
+        );
    };

    progress!(ctx, 850);
@@ -656,17 +609,7 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
        ctx.sql.set_raw_config("mvbox_move", Some("0")).await?;
        ctx.sql.set_raw_config("only_fetch_mvbox", None).await?;
    }
-    if !ctx.get_config_bool(Config::FixIsChatmail).await? {
-        if imap_session.is_chatmail() {
-            ctx.sql.set_raw_config("is_chatmail", Some("1")).await?;
-        } else if !is_configured {
-            // Reset the setting that may have been set
-            // during failed configuration.
-            ctx.sql.set_raw_config("is_chatmail", Some("0")).await?;
-        }
-    }

-    drop(imap_session);
    drop(imap);

    progress!(ctx, 910);
@@ -686,9 +629,7 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
    ctx.scheduler.interrupt_inbox().await;

    progress!(ctx, 940);
-    ctx.update_device_chats()
-        .await
-        .context("Failed to update device chats")?;
+    update_device_chats_handle.await??;

    ctx.sql.set_raw_config_bool("configured", true).await?;
    ctx.emit_event(EventType::AccountsItemChanged);
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -234,6 +234,19 @@ pub(crate) const TIMESTAMP_SENT_TOLERANCE: i64 = 60;
 // Newer Delta Chats will remove the prefix as needed.
 pub(crate) const EDITED_PREFIX: &str = "✏️";

+// Strings needed to render the Autocrypt Setup Message.
+// Left untranslated as not being supported/recommended workflow and as translations would require deep knowledge.
+pub(crate) const ASM_SUBJECT: &str = "Autocrypt Setup Message";
+pub(crate) const ASM_BODY: &str = "This is the Autocrypt Setup Message \
+    used to transfer your end-to-end setup between clients.
+
+    To decrypt and use your setup, \
+    open the message in an Autocrypt-compliant client \
+    and enter the setup code presented on the generating device.
+
+    If you see this message in a chatmail client (Delta Chat, Arcane Chat, Delta Touch ...), \
+    use \"Settings / Add Second Device\" instead.";
+
 /// Period between `sql::housekeeping()` runs.
 pub(crate) const HOUSEKEEPING_PERIOD: i64 = 24 * 60 * 60;

--- a/src/contact.rs
+++ b/src/contact.rs
@@ -35,7 +35,6 @@ use crate::log::{LogExt, warn};
 use crate::message::MessageState;
 use crate::mimeparser::AvatarAction;
 use crate::param::{Param, Params};
-use crate::pgp::{addresses_from_public_key, merge_openpgp_certificates};
 use crate::sync::{self, Sync::*};
 use crate::tools::{SystemTime, duration_to_str, get_abs_path, normalize_text, time, to_lowercase};
 use crate::{chat, chatlist_events, ensure_and_debug_assert_ne, stock_str};
@@ -315,67 +314,6 @@ pub async fn make_vcard(context: &Context, contacts: &[ContactId]) -> Result<Str
        .to_string())
 }

-/// Imports public key into the public key store.
-///
-/// They key may come from Autocrypt header,
-/// Autocrypt-Gossip header or a vCard.
-///
-/// If the key with the same fingerprint already exists,
-/// it is updated by merging the new key.
-pub(crate) async fn import_public_key(
-    context: &Context,
-    public_key: &SignedPublicKey,
-) -> Result<()> {
-    public_key
-        .verify_bindings()
-        .context("Attempt to import broken public key")?;
-
-    let fingerprint = public_key.dc_fingerprint().hex();
-
-    let merged_public_key;
-    let merged_public_key_ref = if let Some(public_key_bytes) = context
-        .sql
-        .query_row_optional(
-            "SELECT public_key
-             FROM public_keys
-             WHERE fingerprint=?",
-            (&fingerprint,),
-            |row| {
-                let bytes: Vec<u8> = row.get(0)?;
-                Ok(bytes)
-            },
-        )
-        .await?
-    {
-        let old_public_key = SignedPublicKey::from_slice(&public_key_bytes)?;
-        merged_public_key = merge_openpgp_certificates(public_key.clone(), old_public_key)
-            .context("Failed to merge public keys")?;
-        &merged_public_key
-    } else {
-        public_key
-    };
-
-    let inserted = context
-        .sql
-        .execute(
-            "INSERT INTO public_keys (fingerprint, public_key)
-             VALUES (?, ?)
-             ON CONFLICT (fingerprint)
-             DO UPDATE SET public_key=excluded.public_key
-                WHERE public_key!=excluded.public_key",
-            (&fingerprint, merged_public_key_ref.to_bytes()),
-        )
-        .await?;
-    if inserted > 0 {
-        info!(
-            context,
-            "Saved key with fingerprint {fingerprint} from the Autocrypt header"
-        );
-    }
-
-    Ok(())
-}
-
 /// Imports contacts from the given vCard.
 ///
 /// Returns the ids of successfully processed contacts in the order they appear in `vcard`,
@@ -414,14 +352,23 @@ async fn import_vcard_contact(context: &Context, contact: &VcardContact) -> Resu
            .ok()
    });

-    let fingerprint = if let Some(public_key) = key {
-        import_public_key(context, &public_key)
-            .await
-            .context("Failed to import public key from vCard")?;
-        public_key.dc_fingerprint().hex()
+    let fingerprint;
+    if let Some(public_key) = key {
+        fingerprint = public_key.dc_fingerprint().hex();
+
+        context
+            .sql
+            .execute(
+                "INSERT INTO public_keys (fingerprint, public_key)
+                 VALUES (?, ?)
+                 ON CONFLICT (fingerprint)
+                 DO NOTHING",
+                (&fingerprint, public_key.to_bytes()),
+            )
+            .await?;
    } else {
-        String::new()
-    };
+        fingerprint = String::new();
+    }

    let (id, modified) =
        match Contact::add_or_lookup_ex(context, &contact.authname, &addr, &fingerprint, origin)
@@ -1397,7 +1344,7 @@ WHERE addr=?
        let fingerprint_other = fingerprint_other.to_string();

        let stock_message = if contact.public_key(context).await?.is_some() {
-            stock_str::messages_are_e2ee(context).await
+            stock_str::messages_e2e_encrypted(context).await
        } else {
            stock_str::encr_none(context).await
        };
@@ -1437,16 +1384,6 @@ WHERE addr=?
            );
        }

-        if let Some(public_key) = contact.public_key(context).await?
-            && let Some(relay_addrs) = addresses_from_public_key(&public_key)
-        {
-            ret += "\n\nRelays:";
-            for relay in &relay_addrs {
-                ret += "\n";
-                ret += relay;
-            }
-        }
-
        Ok(ret)
    }

--- a/src/contact/contact_tests.rs
+++ b/src/contact/contact_tests.rs
@@ -841,10 +841,7 @@ Me (alice@example.org):

 bob@example.net (bob@example.net):
 CCCB 5AA9 F6E1 141C 9431
-65F1 DB18 B18C BCF7 0487
-
-Relays:
-bob@example.net"
+65F1 DB18 B18C BCF7 0487"
    );
    let contact = Contact::get_by_id(alice, contact_bob_id).await?;
    assert!(contact.e2ee_avail(alice).await?);
@@ -1148,11 +1145,8 @@ async fn test_make_n_import_vcard() -> Result<()> {
    let alice = &tcm.alice().await;
    let bob = &tcm.bob().await;
    bob.set_config(Config::Displayname, Some("Bob")).await?;
-    bob.set_config(
-        Config::Selfstatus,
-        Some("It's me,\nbob; and here's a backslash: \\"),
-    )
-    .await?;
+    bob.set_config(Config::Selfstatus, Some("It's me, bob"))
+        .await?;
    let avatar_path = bob.dir.path().join("avatar.png");
    let avatar_bytes = include_bytes!("../../test-data/image/avatar64x64.png");
    let avatar_base64 = base64::engine::general_purpose::STANDARD.encode(avatar_bytes);
--- a/src/context.rs
+++ b/src/context.rs
@@ -10,7 +10,6 @@ use std::time::Duration;

 use anyhow::{Result, bail, ensure};
 use async_channel::{self as channel, Receiver, Sender};
-use pgp::composed::SignedPublicKey;
 use ratelimit::Ratelimit;
 use tokio::sync::{Mutex, Notify, RwLock};

@@ -234,21 +233,12 @@ pub struct InnerContext {
    /// This is a global mutex-like state for operations which should be modal in the
    /// clients.
    running_state: RwLock<RunningState>,
+    /// Mutex to avoid generating the key for the user more than once.
+    pub(crate) generating_key_mutex: Mutex<()>,
    /// Mutex to enforce only a single running oauth2 is running.
    pub(crate) oauth2_mutex: Mutex<()>,
    /// Mutex to prevent a race condition when a "your pw is wrong" warning is sent, resulting in multiple messages being sent.
    pub(crate) wrong_pw_warning_mutex: Mutex<()>,
-    /// Mutex to prevent running housekeeping from multiple threads at once.
-    pub(crate) housekeeping_mutex: Mutex<()>,
-
-    /// Mutex to prevent multiple IMAP loops from fetching the messages at once.
-    ///
-    /// Without this mutex IMAP loops may waste traffic downloading the same message
-    /// from multiple IMAP servers and create multiple copies of the same message
-    /// in the database if the check for duplicates and creating a message
-    /// happens in separate database transactions.
-    pub(crate) fetch_msgs_mutex: Mutex<()>,
-
    pub(crate) translated_stockstrings: StockStrings,
    pub(crate) events: Events,

@@ -316,13 +306,6 @@ pub struct InnerContext {
    /// the standard library's OnceLock is enough, and it's a lot smaller in memory.
    pub(crate) self_fingerprint: OnceLock<String>,

-    /// OpenPGP certificate aka Transferrable Public Key.
-    ///
-    /// It is generated on first use from the secret key stored in the database.
-    ///
-    /// Mutex is also held while generating the key to avoid generating the key twice.
-    pub(crate) self_public_key: Mutex<Option<SignedPublicKey>>,
-
    /// `Connectivity` values for mailboxes, unordered. Used to compute the aggregate connectivity,
    /// see [`Context::get_connectivity()`].
    pub(crate) connectivities: parking_lot::Mutex<Vec<ConnectivityStore>>,
@@ -492,10 +475,9 @@ impl Context {
            running_state: RwLock::new(Default::default()),
            sql: Sql::new(dbfile),
            smeared_timestamp: SmearedTimestamp::new(),
+            generating_key_mutex: Mutex::new(()),
            oauth2_mutex: Mutex::new(()),
            wrong_pw_warning_mutex: Mutex::new(()),
-            housekeeping_mutex: Mutex::new(()),
-            fetch_msgs_mutex: Mutex::new(()),
            translated_stockstrings: stockstrings,
            events,
            scheduler: SchedulerState::new(),
@@ -513,7 +495,6 @@ impl Context {
            tls_session_store: TlsSessionStore::new(),
            iroh: Arc::new(RwLock::new(None)),
            self_fingerprint: OnceLock::new(),
-            self_public_key: Mutex::new(None),
            connectivities: parking_lot::Mutex::new(Vec::new()),
            pre_encrypt_mime_hook: None.into(),
        };
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -1,256 +1,34 @@
-//! Helper functions for decryption.
-//! The actual decryption is done in the [`crate::pgp`] module.
+//! End-to-end decryption support.

 use std::collections::HashSet;
-use std::io::Cursor;

-use anyhow::{Context as _, Result, bail};
+use anyhow::Result;
 use mailparse::ParsedMail;
-use pgp::composed::Esk;
-use pgp::composed::Message;
-use pgp::composed::PlainSessionKey;
-use pgp::composed::SignedSecretKey;
-use pgp::composed::decrypt_session_key_with_password;
-use pgp::packet::SymKeyEncryptedSessionKey;
-use pgp::types::Password;
-use pgp::types::StringToKey;

-use crate::chat::ChatId;
-use crate::constants::Chattype;
-use crate::contact::ContactId;
-use crate::context::Context;
-use crate::key::self_fingerprint;
-use crate::key::{Fingerprint, SignedPublicKey, load_self_secret_keyring};
-use crate::token::Namespace;
+use crate::key::{Fingerprint, SignedPublicKey, SignedSecretKey};
+use crate::pgp;

-/// Tries to decrypt the message,
-/// returning a tuple of `(decrypted message, fingerprint)`.
+/// Tries to decrypt a message, but only if it is structured as an Autocrypt message.
 ///
-/// If the message wasn't encrypted, returns `Ok(None)`.
-///
-/// If the message was asymmetrically encrypted, returns `Ok((decrypted message, None))`.
-///
-/// If the message was symmetrically encrypted, returns `Ok((decrypted message, Some(fingerprint)))`,
-/// where `fingerprint` denotes which contact is allowed to send encrypted with this symmetric secret.
-/// If the message is not signed by `fingerprint`, it must be dropped.
-///
-/// Otherwise, Eve could send a message to Alice
-/// encrypted with the symmetric secret of someone else's broadcast channel.
-/// If Alice sends an answer (or read receipt),
-/// then Eve would know that Alice is in the broadcast channel.
-pub(crate) async fn decrypt(
-    context: &Context,
-    mail: &mailparse::ParsedMail<'_>,
-) -> Result<Option<(Message<'static>, Option<String>)>> {
-    // `pgp::composed::Message` is huge (>4kb), so, make sure that it is in a Box when held over an await point
-    let Some(msg) = get_encrypted_pgp_message_boxed(mail)? else {
-        return Ok(None);
-    };
-    let expected_sender_fingerprint: Option<String>;
-
-    let plain = if let Message::Encrypted { esk, .. } = &*msg
-        // We only allow one ESK for symmetrically encrypted messages
-        // to avoid dealing with messages that are encrypted to multiple symmetric keys
-        // or a mix of symmetric and asymmetric keys:
-        && let [Esk::SymKeyEncryptedSessionKey(esk)] = &esk[..]
-    {
-        check_symmetric_encryption(esk)?;
-        let (psk, fingerprint) = decrypt_session_key_symmetrically(context, esk)
-            .await
-            .context("decrypt_session_key_symmetrically")?;
-        expected_sender_fingerprint = fingerprint;
-
-        tokio::task::spawn_blocking(move || -> Result<Message<'_>> {
-            let plain = msg
-                .decrypt_with_session_key(psk)
-                .context("decrypt_with_session_key")?;
-
-            let plain: Message<'static> = plain.decompress()?;
-            Ok(plain)
-        })
-        .await??
-    } else {
-        // Message is asymmetrically encrypted
-        let secret_keys: Vec<SignedSecretKey> = load_self_secret_keyring(context).await?;
-        expected_sender_fingerprint = None;
-
-        tokio::task::spawn_blocking(move || -> Result<Message<'_>> {
-            let empty_pw = Password::empty();
-            let secret_keys: Vec<&SignedSecretKey> = secret_keys.iter().collect();
-            let plain = msg
-                .decrypt_with_keys(vec![&empty_pw], secret_keys)
-                .context("decrypt_with_keys")?;
-
-            let plain: Message<'static> = plain.decompress()?;
-            Ok(plain)
-        })
-        .await??
-    };
-
-    Ok(Some((plain, expected_sender_fingerprint)))
-}
-
-async fn decrypt_session_key_symmetrically(
-    context: &Context,
-    esk: &SymKeyEncryptedSessionKey,
-) -> Result<(PlainSessionKey, Option<String>)> {
-    let self_fp = self_fingerprint(context).await?;
-    let query_only = true;
-    context
-        .sql
-        .call(query_only, |conn| {
-            // First, try decrypting using AUTH tokens from scanned QR codes, stored in the bobstate,
-            // because usually there will only be 1 or 2 of it, so, it should be fast
-            let res: Option<(PlainSessionKey, String)> = try_decrypt_with_bobstate(esk, conn)?;
-            if let Some((plain_session_key, fingerprint)) = res {
-                return Ok((plain_session_key, Some(fingerprint)));
-            }
-
-            // Then, try decrypting using broadcast secrets
-            let res: Option<(PlainSessionKey, Option<String>)> =
-                try_decrypt_with_broadcast_secret(esk, conn)?;
-            if let Some((plain_session_key, fingerprint)) = res {
-                return Ok((plain_session_key, fingerprint));
-            }
-
-            // Finally, try decrypting using own AUTH tokens
-            // There can be a lot of AUTH tokens,
-            // because a new one is generated every time a QR code is shown
-            let res: Option<PlainSessionKey> = try_decrypt_with_auth_token(esk, conn, self_fp)?;
-            if let Some(plain_session_key) = res {
-                return Ok((plain_session_key, None));
-            }
-
-            bail!("Could not find symmetric secret for session key")
-        })
-        .await
-}
-
-fn try_decrypt_with_bobstate(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-) -> Result<Option<(PlainSessionKey, String)>> {
-    let mut stmt = conn.prepare("SELECT invite FROM bobstate")?;
-    let mut rows = stmt.query(())?;
-    while let Some(row) = rows.next()? {
-        let invite: crate::securejoin::QrInvite = row.get(0)?;
-        let authcode = invite.authcode().to_string();
-        let alice_fp = invite.fingerprint().hex();
-        let shared_secret = format!("securejoin/{alice_fp}/{authcode}");
-        if let Ok(psk) = decrypt_session_key_with_password(esk, &Password::from(shared_secret)) {
-            let fingerprint = invite.fingerprint().hex();
-            return Ok(Some((psk, fingerprint)));
-        }
-    }
-    Ok(None)
-}
-
-fn try_decrypt_with_broadcast_secret(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-) -> Result<Option<(PlainSessionKey, Option<String>)>> {
-    let Some((psk, chat_id)) = try_decrypt_with_broadcast_secret_inner(esk, conn)? else {
-        return Ok(None);
-    };
-    let chat_type: Chattype =
-        conn.query_one("SELECT type FROM chats WHERE id=?", (chat_id,), |row| {
-            row.get(0)
-        })?;
-    let fp: Option<String> = if chat_type == Chattype::OutBroadcast {
-        // An attacker who knows the secret will also know who owns it,
-        // and it's easiest code-wise to just return None here.
-        // But we could alternatively return the self fingerprint here
-        None
-    } else if chat_type == Chattype::InBroadcast {
-        let contact_id: ContactId = conn
-            .query_one(
-                "SELECT contact_id FROM chats_contacts WHERE chat_id=? AND contact_id>9",
-                (chat_id,),
-                |row| row.get(0),
-            )
-            .context("Find InBroadcast owner")?;
-        let fp = conn
-            .query_one(
-                "SELECT fingerprint FROM contacts WHERE id=?",
-                (contact_id,),
-                |row| row.get(0),
-            )
-            .context("Find owner fingerprint")?;
-        Some(fp)
-    } else {
-        bail!("Chat {chat_id} is not a broadcast but {chat_type}")
-    };
-    Ok(Some((psk, fp)))
-}
-
-fn try_decrypt_with_broadcast_secret_inner(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-) -> Result<Option<(PlainSessionKey, ChatId)>> {
-    let mut stmt = conn.prepare("SELECT secret, chat_id FROM broadcast_secrets")?;
-    let mut rows = stmt.query(())?;
-    while let Some(row) = rows.next()? {
-        let secret: String = row.get(0)?;
-        if let Ok(psk) = decrypt_session_key_with_password(esk, &Password::from(secret)) {
-            let chat_id: ChatId = row.get(1)?;
-            return Ok(Some((psk, chat_id)));
-        }
-    }
-    Ok(None)
-}
-
-fn try_decrypt_with_auth_token(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-    self_fingerprint: &str,
-) -> Result<Option<PlainSessionKey>> {
-    // ORDER BY id DESC to query the most-recently saved tokens are returned first.
-    // This improves performance when Bob scans a QR code that was just created.
-    let mut stmt = conn.prepare("SELECT token FROM tokens WHERE namespc=? ORDER BY id DESC")?;
-    let mut rows = stmt.query((Namespace::Auth,))?;
-    while let Some(row) = rows.next()? {
-        let token: String = row.get(0)?;
-        let shared_secret = format!("securejoin/{self_fingerprint}/{token}");
-        if let Ok(psk) = decrypt_session_key_with_password(esk, &Password::from(shared_secret)) {
-            return Ok(Some(psk));
-        }
-    }
-    Ok(None)
-}
-
-/// Returns Ok(()) if we want to try symmetrically decrypting the message,
-/// and Err with a reason if symmetric decryption should not be tried.
-///
-/// A DoS attacker could send a message with a lot of encrypted session keys,
-/// all of which use a very hard-to-compute string2key algorithm.
-/// We would then try to decrypt all of the encrypted session keys
-/// with all of the known shared secrets.
-/// In order to prevent this, we do not try to symmetrically decrypt messages
-/// that use a string2key algorithm other than 'Salted'.
-pub(crate) fn check_symmetric_encryption(esk: &SymKeyEncryptedSessionKey) -> Result<()> {
-    match esk.s2k() {
-        Some(StringToKey::Salted { .. }) => Ok(()),
-        _ => bail!("unsupported string2key algorithm"),
-    }
-}
-
-/// Turns a [`ParsedMail`] into [`pgp::composed::Message`].
-/// [`pgp::composed::Message`] is huge (over 4kb),
-/// so, it is put on the heap using [`Box`].
-pub fn get_encrypted_pgp_message_boxed<'a>(
+/// If successful and the message was encrypted,
+/// returns the decrypted and decompressed message.
+pub fn try_decrypt<'a>(
    mail: &'a ParsedMail<'a>,
-) -> Result<Option<Box<Message<'static>>>> {
+    private_keyring: &'a [SignedSecretKey],
+    shared_secrets: &[String],
+) -> Result<Option<::pgp::composed::Message<'static>>> {
    let Some(encrypted_data_part) = get_encrypted_mime(mail) else {
        return Ok(None);
    };
+
    let data = encrypted_data_part.get_body_raw()?;
-    let cursor = Cursor::new(data);
-    let (msg, _headers) = Message::from_armor(cursor)?;
-    Ok(Some(Box::new(msg)))
+    let msg = pgp::decrypt(data, private_keyring, shared_secrets)?;
+
+    Ok(Some(msg))
 }

 /// Returns a reference to the encrypted payload of a message.
-pub fn get_encrypted_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail<'b>> {
+pub(crate) fn get_encrypted_mime<'a, 'b>(mail: &'a ParsedMail<'b>) -> Option<&'a ParsedMail<'b>> {
    get_autocrypt_mime(mail)
        .or_else(|| get_mixed_up_mime(mail))
        .or_else(|| get_attachment_mime(mail))
@@ -353,10 +131,8 @@ pub(crate) fn validate_detached_signature<'a, 'b>(
        // First part is the content, second part is the signature.
        let content = first_part.raw_bytes;
        let ret_valid_signatures = match second_part.get_body_raw() {
-            Ok(signature) => {
-                crate::pgp::pk_validate(content, &signature, public_keyring_for_validate)
-                    .unwrap_or_default()
-            }
+            Ok(signature) => pgp::pk_validate(content, &signature, public_keyring_for_validate)
+                .unwrap_or_default(),
            Err(_) => Default::default(),
        };
        Some((first_part, ret_valid_signatures))
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -40,6 +40,7 @@ impl EncryptHelper {
        keyring: Vec<SignedPublicKey>,
        mail_to_encrypt: MimePart<'static>,
        compress: bool,
+        anonymous_recipients: bool,
        seipd_version: SeipdVersion,
    ) -> Result<String> {
        let sign_key = load_self_secret_key(context).await?;
@@ -48,8 +49,15 @@ impl EncryptHelper {
        let cursor = Cursor::new(&mut raw_message);
        mail_to_encrypt.clone().write_part(cursor).ok();

-        let ctext =
-            pgp::pk_encrypt(raw_message, keyring, sign_key, compress, seipd_version).await?;
+        let ctext = pgp::pk_encrypt(
+            raw_message,
+            keyring,
+            sign_key,
+            compress,
+            anonymous_recipients,
+            seipd_version,
+        )
+        .await?;

        Ok(ctext)
    }
@@ -62,13 +70,8 @@ impl EncryptHelper {
        shared_secret: &str,
        mail_to_encrypt: MimePart<'static>,
        compress: bool,
-        sign: bool,
    ) -> Result<String> {
-        let sign_key = if sign {
-            Some(load_self_secret_key(context).await?)
-        } else {
-            None
-        };
+        let sign_key = load_self_secret_key(context).await?;

        let mut raw_message = Vec::new();
        let cursor = Cursor::new(&mut raw_message);
--- a/src/events/payload.rs
+++ b/src/events/payload.rs
@@ -57,7 +57,7 @@ pub enum EventType {
    /// should not be disturbed by a dialog or so.  Instead, use a bubble or so.
    ///
    /// However, for ongoing processes (eg. configure())
-    /// or for functions that are expected to fail
+    /// or for functions that are expected to fail (eg. dc_continue_key_transfer())
    /// it might be better to delay showing these events until the function has really
    /// failed (returned false). It should be sufficient to report only the *last* error
    /// in a message box then.
@@ -397,8 +397,6 @@ pub enum EventType {
        msg_id: MsgId,
        /// ID of the chat which the message belongs to.
        chat_id: ChatId,
-        /// The call was accepted from this device (process).
-        from_this_device: bool,
    },

    /// Outgoing call accepted.
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -208,10 +208,10 @@ mod tests {
    /// Test that headers are parsed case-insensitively
    fn test_get_header_value_case() {
        let (headers, _) =
-            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-GoSsIp: fooBaR").unwrap();
+            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-SeTup-MessAge: v99").unwrap();
        assert_eq!(
-            headers.get_header_value(HeaderDef::AutocryptGossip),
-            Some("fooBaR".to_string())
+            headers.get_header_value(HeaderDef::AutocryptSetupMessage),
+            Some("v99".to_string())
        );
        assert_eq!(
            headers.get_header_value(HeaderDef::From_),
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -18,6 +18,7 @@ use async_channel::{self, Receiver, Sender};
 use async_imap::types::{Fetch, Flag, Name, NameAttribute, UnsolicitedResponse};
 use futures::{FutureExt as _, TryStreamExt};
 use futures_lite::FutureExt;
+use num_traits::FromPrimitive;
 use ratelimit::Ratelimit;
 use url::Url;

@@ -27,7 +28,7 @@ use crate::calls::{
 use crate::chat::{self, ChatId, ChatIdBlocked, add_device_msg};
 use crate::chatlist_events;
 use crate::config::Config;
-use crate::constants::{self, Blocked, DC_VERSION_STR};
+use crate::constants::{self, Blocked, DC_VERSION_STR, ShowEmails};
 use crate::contact::ContactId;
 use crate::context::Context;
 use crate::events::EventType;
@@ -561,19 +562,16 @@ impl Imap {
            .select_with_uidvalidity(context, folder)
            .await
            .with_context(|| format!("Failed to select folder {folder:?}"))?;
+        if !folder_exists {
+            return Ok(false);
+        }

        if !session.new_mail {
            info!(context, "No new emails in folder {folder:?}.");
            return Ok(false);
        }
-        // Make sure not to return before setting new_mail to false
-        // Otherwise, we will skip IDLE and go into an infinite loop
        session.new_mail = false;

-        if !folder_exists {
-            return Ok(false);
-        }
-
        let mut read_cnt = 0;
        loop {
            let (n, fetch_more) = self
@@ -609,7 +607,6 @@ impl Imap {
            .await
            .context("prefetch")?;
        let read_cnt = msgs.len();
-        let _fetch_msgs_lock_guard = context.fetch_msgs_mutex.lock().await;

        let mut uids_fetch: Vec<u32> = Vec::new();
        let mut available_post_msgs: Vec<String> = Vec::new();
@@ -1240,7 +1237,6 @@ impl Session {
            // have been modified while our request was in progress.
            // We may or may not have these new flags as a part of the response,
            // so better skip next IDLE and do another round of flag synchronization.
-            info!(context, "Got unsolicited fetch, will skip idle");
            self.new_mail = true;
        }

@@ -1978,6 +1974,15 @@ async fn needs_move_to_mvbox(
        return Ok(false);
    }

+    if headers
+        .get_header_value(HeaderDef::AutocryptSetupMessage)
+        .is_some()
+    {
+        // do not move setup messages;
+        // there may be a non-delta device that wants to handle it
+        return Ok(false);
+    }
+
    if has_chat_version {
        Ok(true)
    } else if let Some(parent) = get_prefetch_parent_message(context, headers).await? {
@@ -2126,11 +2131,16 @@ pub(crate) async fn prefetch_should_download(
        false
    };

+    // Autocrypt Setup Message should be shown even if it is from non-chat client.
+    let is_autocrypt_setup_message = headers
+        .get_header_value(HeaderDef::AutocryptSetupMessage)
+        .is_some();
+
    let from = match mimeparser::get_from(headers) {
        Some(f) => f,
        None => return Ok(false),
    };
-    let (_from_id, blocked_contact, _origin) =
+    let (_from_id, blocked_contact, origin) =
        match from_field_to_contact_id(context, &from, None, true, true).await? {
            Some(res) => res,
            None => return Ok(false),
@@ -2143,7 +2153,28 @@ pub(crate) async fn prefetch_should_download(
        return Ok(false);
    }

-    let should_download = (!blocked_contact) || maybe_ndn;
+    let is_chat_message = headers.get_header_value(HeaderDef::ChatVersion).is_some();
+    let accepted_contact = origin.is_known();
+    let is_reply_to_chat_message = get_prefetch_parent_message(context, headers)
+        .await?
+        .is_some_and(|parent| match parent.is_dc_message {
+            MessengerMessage::No => false,
+            MessengerMessage::Yes | MessengerMessage::Reply => true,
+        });
+
+    let show_emails =
+        ShowEmails::from_i32(context.get_config_int(Config::ShowEmails).await?).unwrap_or_default();
+
+    let show = is_autocrypt_setup_message
+        || match show_emails {
+            ShowEmails::Off => is_chat_message || is_reply_to_chat_message,
+            ShowEmails::AcceptedContacts => {
+                is_chat_message || is_reply_to_chat_message || accepted_contact
+            }
+            ShowEmails::All => true,
+        };
+
+    let should_download = (show && !blocked_contact) || maybe_ndn;
    Ok(should_download)
 }

--- a/src/imap/imap_tests.rs
+++ b/src/imap/imap_tests.rs
@@ -105,9 +105,10 @@ async fn check_target_folder_combination(
    expected_destination: &str,
    accepted_chat: bool,
    outgoing: bool,
+    setupmessage: bool,
 ) -> Result<()> {
    println!(
-        "Testing: For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}"
+        "Testing: For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}, setupmessage {setupmessage}"
    );

    let t = TestContext::new_alice().await;
@@ -124,7 +125,9 @@ async fn check_target_folder_combination(
    }
    let temp;

-    let bytes = {
+    let bytes = if setupmessage {
+        include_bytes!("../../test-data/message/AutocryptSetupMessage.eml")
+    } else {
        temp = format!(
            "Received: (Postfix, from userid 1000); Mon, 4 Dec 2006 14:51:39 +0100 (CET)\n\
                    {}\
@@ -161,7 +164,7 @@ async fn check_target_folder_combination(
    assert_eq!(
        expected,
        actual.as_deref(),
-        "For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}: expected {expected:?}, got {actual:?}"
+        "For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}, setupmessage {setupmessage}: expected {expected:?}, got {actual:?}"
    );
    Ok(())
 }
@@ -201,6 +204,7 @@ async fn test_target_folder_incoming_accepted() -> Result<()> {
            expected_destination,
            true,
            false,
+            false,
        )
        .await?;
    }
@@ -217,6 +221,7 @@ async fn test_target_folder_incoming_request() -> Result<()> {
            expected_destination,
            false,
            false,
+            false,
        )
        .await?;
    }
@@ -234,6 +239,25 @@ async fn test_target_folder_outgoing() -> Result<()> {
            expected_destination,
            true,
            true,
+            false,
+        )
+        .await?;
+    }
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_target_folder_setupmsg() -> Result<()> {
+    // Test setupmessages
+    for (folder, mvbox_move, chat_msg, _expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
+        check_target_folder_combination(
+            folder,
+            *mvbox_move,
+            *chat_msg,
+            if folder == &"Spam" { "INBOX" } else { folder }, // Never move setup messages, except if they are in "Spam"
+            false,
+            true,
+            true,
        )
        .await?;
    }
--- a/src/imap/session.rs
+++ b/src/imap/session.rs
@@ -21,8 +21,10 @@ const PREFETCH_FLAGS: &str = "(UID INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIE
                              DATE \
                              X-MICROSOFT-ORIGINAL-MESSAGE-ID \
                              FROM \
+                              IN-REPLY-TO REFERENCES \
                              CHAT-VERSION \
                              CHAT-IS-POST-MESSAGE \
+                              AUTO-SUBMITTED \
                              AUTOCRYPT-SETUP-MESSAGE\
                              )])";

--- a/src/imex.rs
+++ b/src/imex.rs
@@ -19,8 +19,9 @@ use crate::config::Config;
 use crate::context::Context;
 use crate::e2ee;
 use crate::events::EventType;
-use crate::key::{self, DcKey, SignedSecretKey};
+use crate::key::{self, DcKey, SignedPublicKey, SignedSecretKey};
 use crate::log::{LogExt, warn};
+use crate::pgp;
 use crate::qr::DCBACKUP_VERSION;
 use crate::sql;
 use crate::tools::{
@@ -28,9 +29,11 @@ use crate::tools::{
    write_file,
 };

+mod key_transfer;
 mod transfer;

 use ::pgp::types::KeyDetails;
+pub use key_transfer::{continue_key_transfer, initiate_key_transfer};
 pub use transfer::{BackupProvider, get_backup};

 // Name of the database file in the backup.
@@ -100,8 +103,7 @@ pub async fn imex(

    if let Err(err) = res.as_ref() {
        // We are using Anyhow's .context() and to show the inner error, too, we need the {:#}:
-        error!(context, "{:#}", err);
-        warn!(context, "IMEX failed to complete: {:#}", err);
+        error!(context, "IMEX failed to complete: {:#}", err);
        context.emit_event(EventType::ImexProgress(0));
    } else {
        info!(context, "IMEX successfully completed");
@@ -139,13 +141,19 @@ pub async fn has_backup(_context: &Context, dir_name: &Path) -> Result<String> {
 }

 async fn set_self_key(context: &Context, armored: &str) -> Result<()> {
-    let secret_key = SignedSecretKey::from_asc(armored)?;
-    key::store_self_keypair(context, &secret_key).await?;
+    let private_key = SignedSecretKey::from_asc(armored)?;
+    let public_key = private_key.to_public_key();
+
+    let keypair = pgp::KeyPair {
+        public: public_key,
+        secret: private_key,
+    };
+    key::store_self_keypair(context, &keypair).await?;

    info!(
        context,
-        "Stored self key: {:?}.",
-        secret_key.public_key().fingerprint()
+        "stored self key: {:?}",
+        keypair.secret.public_key().legacy_key_id()
    );
    Ok(())
 }
@@ -201,6 +209,15 @@ async fn import_backup(
    backup_to_import: &Path,
    passphrase: String,
 ) -> Result<()> {
+    ensure!(
+        !context.is_configured().await?,
+        "Cannot import backups to accounts in use."
+    );
+    ensure!(
+        !context.scheduler.is_running().await,
+        "cannot import backup, IO is running"
+    );
+
    let backup_file = File::open(backup_to_import).await?;
    let file_size = backup_file.metadata().await?.len();
    info!(
@@ -234,15 +251,6 @@ pub(crate) async fn import_backup_stream<R: tokio::io::AsyncRead + Unpin>(
    file_size: u64,
    passphrase: String,
 ) -> Result<()> {
-    ensure!(
-        !context.is_configured().await?,
-        "Cannot import backups to accounts in use"
-    );
-    ensure!(
-        !context.scheduler.is_running().await,
-        "Cannot import backup, IO is running"
-    );
-
    import_backup_stream_inner(context, backup_file, file_size, passphrase)
        .await
        .0
@@ -309,9 +317,6 @@ where
    }
 }

-// This function returns a tuple (Result<()>,) rather than Result<()>
-// so that we don't accidentally early-return with `?`
-// and forget to cleanup.
 async fn import_backup_stream_inner<R: tokio::io::AsyncRead + Unpin>(
    context: &Context,
    backup_file: R,
@@ -358,6 +363,11 @@ async fn import_backup_stream_inner<R: tokio::io::AsyncRead + Unpin>(
            }
        }
    };
+    if res.is_err() {
+        for blob in blobs {
+            fs::remove_file(&blob).await.log_err(context).ok();
+        }
+    }

    let unpacked_database = context.get_blobdir().join(DBFILE_BACKUP_NAME);
    if res.is_ok() {
@@ -380,22 +390,6 @@ async fn import_backup_stream_inner<R: tokio::io::AsyncRead + Unpin>(
        res = context.sql.run_migrations(context).await;
        context.emit_event(EventType::AccountsItemChanged);
    }
-    if res.is_err() {
-        context.sql.close().await;
-        fs::remove_file(context.sql.dbfile.as_path())
-            .await
-            .log_err(context)
-            .ok();
-        for blob in blobs {
-            fs::remove_file(&blob).await.log_err(context).ok();
-        }
-        context
-            .sql
-            .open(context, "".to_string())
-            .await
-            .log_err(context)
-            .ok();
-    }
    if res.is_ok() {
        delete_and_reset_all_device_msgs(context)
            .await
@@ -660,36 +654,38 @@ async fn export_self_keys(context: &Context, dir: &Path) -> Result<()> {
    let keys = context
        .sql
        .query_map_vec(
-            "SELECT id, private_key, id=(SELECT value FROM config WHERE keyname='key_id') FROM keypairs;",
+            "SELECT id, public_key, private_key, id=(SELECT value FROM config WHERE keyname='key_id') FROM keypairs;",
            (),
            |row| {
                let id = row.get(0)?;
-                let private_key_blob: Vec<u8> = row.get(1)?;
+                let public_key_blob: Vec<u8> = row.get(1)?;
+                let public_key = SignedPublicKey::from_slice(&public_key_blob);
+                let private_key_blob: Vec<u8> = row.get(2)?;
                let private_key = SignedSecretKey::from_slice(&private_key_blob);
-                let is_default: i32 = row.get(2)?;
+                let is_default: i32 = row.get(3)?;

-                Ok((id, private_key, is_default))
+                Ok((id, public_key, private_key, is_default))
            },
        )
        .await?;
    let self_addr = context.get_primary_self_addr().await?;
-    for (id, private_key, is_default) in keys {
+    for (id, public_key, private_key, is_default) in keys {
        let id = Some(id).filter(|_| is_default == 0);

-        let Ok(private_key) = private_key else {
-            export_errors += 1;
-            continue;
-        };
-
-        if let Err(err) = export_key_to_asc_file(context, dir, &self_addr, id, &private_key).await {
-            error!(context, "Failed to export private key: {:#}.", err);
+        if let Ok(key) = public_key {
+            if let Err(err) = export_key_to_asc_file(context, dir, &self_addr, id, &key).await {
+                error!(context, "Failed to export public key: {:#}.", err);
+                export_errors += 1;
+            }
+        } else {
            export_errors += 1;
        }
-
-        let public_key = private_key.to_public_key();
-
-        if let Err(err) = export_key_to_asc_file(context, dir, &self_addr, id, &public_key).await {
-            error!(context, "Failed to export public key: {:#}.", err);
+        if let Ok(key) = private_key {
+            if let Err(err) = export_key_to_asc_file(context, dir, &self_addr, id, &key).await {
+                error!(context, "Failed to export private key: {:#}.", err);
+                export_errors += 1;
+            }
+        } else {
            export_errors += 1;
        }
    }
@@ -719,7 +715,12 @@ where
        format!("{kind}-key-{addr}-{id}-{fp}.asc")
    };
    let path = dir.join(&file_name);
-    info!(context, "Exporting key to {}.", path.display());
+    info!(
+        context,
+        "Exporting key {:?} to {}.",
+        key.key_id(),
+        path.display()
+    );

    // Delete the file if it already exists.
    delete_file(context, &path).await.ok();
@@ -806,12 +807,12 @@ mod tests {

    use super::*;
    use crate::config::Config;
-    use crate::test_utils::{TestContext, TestContextManager, alice_keypair};
+    use crate::test_utils::{TestContext, alice_keypair};

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_export_public_key_to_asc_file() {
        let context = TestContext::new().await;
-        let key = alice_keypair().to_public_key();
+        let key = alice_keypair().public;
        let blobdir = Path::new("$BLOBDIR");
        let filename = export_key_to_asc_file(&context.ctx, blobdir, "a@b", None, &key)
            .await
@@ -828,7 +829,7 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_import_private_key_exported_to_asc_file() {
        let context = TestContext::new().await;
-        let key = alice_keypair();
+        let key = alice_keypair().secret;
        let blobdir = Path::new("$BLOBDIR");
        let filename = export_key_to_asc_file(&context.ctx, blobdir, "a@b", None, &key)
            .await
@@ -1023,81 +1024,6 @@ mod tests {
        Ok(())
    }

-    /// Tests that [`crate::qr::DCBACKUP_VERSION`] is checked correctly.
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_import_backup_fails_because_of_dcbackup_version() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let context1 = tcm.alice().await;
-        let context2 = tcm.unconfigured().await;
-
-        assert!(context1.is_configured().await?);
-        assert!(!context2.is_configured().await?);
-
-        let backup_dir = tempfile::tempdir().unwrap();
-
-        tcm.section("export from context1");
-        assert!(
-            imex(&context1, ImexMode::ExportBackup, backup_dir.path(), None)
-                .await
-                .is_ok()
-        );
-        let _event = context1
-            .evtracker
-            .get_matching(|evt| matches!(evt, EventType::ImexProgress(1000)))
-            .await;
-        let backup = has_backup(&context2, backup_dir.path()).await?;
-        let modified_backup = backup_dir.path().join("modified_backup.tar");
-
-        tcm.section("Change backup_version to be higher than DCBACKUP_VERSION");
-        {
-            let unpack_dir = tempfile::tempdir().unwrap();
-            let mut ar = Archive::new(File::open(&backup).await?);
-            ar.unpack(&unpack_dir).await?;
-
-            let sql = sql::Sql::new(unpack_dir.path().join(DBFILE_BACKUP_NAME));
-            sql.open(&context2, "".to_string()).await?;
-            assert_eq!(
-                sql.get_raw_config_int("backup_version").await?.unwrap(),
-                DCBACKUP_VERSION
-            );
-            sql.set_raw_config_int("backup_version", DCBACKUP_VERSION + 1)
-                .await?;
-            sql.close().await;
-
-            let modified_backup_file = File::create(&modified_backup).await?;
-            let mut builder = tokio_tar::Builder::new(modified_backup_file);
-            builder.append_dir_all("", unpack_dir.path()).await?;
-            builder.finish().await?;
-        }
-
-        tcm.section("import to context2");
-        let err = imex(&context2, ImexMode::ImportBackup, &modified_backup, None)
-            .await
-            .unwrap_err();
-        assert!(err.to_string().starts_with("This profile is from a newer version of Delta Chat. Please update Delta Chat and try again"));
-
-        // Some UIs show the error from the event to the user.
-        // Therefore, it must also be a user-facing string, rather than some technical info:
-        let err_event = context2
-            .evtracker
-            .get_matching(|evt| matches!(evt, EventType::Error(_)))
-            .await;
-        let EventType::Error(err_msg) = err_event else {
-            unreachable!()
-        };
-        assert!(err_msg.starts_with("This profile is from a newer version of Delta Chat. Please update Delta Chat and try again"));
-
-        context2
-            .evtracker
-            .get_matching(|evt| matches!(evt, EventType::ImexProgress(0)))
-            .await;
-
-        assert!(!context2.is_configured().await?);
-        assert_eq!(context2.get_config(Config::ConfiguredAddr).await?, None);
-
-        Ok(())
-    }
-
    /// This is a regression test for
    /// https://github.com/deltachat/deltachat-android/issues/2263
    /// where the config cache wasn't reset properly after a backup.
--- a/src/imex/key_transfer.rs
+++ b/src/imex/key_transfer.rs
@@ -0,0 +1,363 @@
+//! # Key transfer via Autocrypt Setup Message.
+use std::io::BufReader;
+
+use anyhow::{Result, bail, ensure};
+
+use crate::blob::BlobObject;
+use crate::chat::{self, ChatId};
+use crate::config::Config;
+use crate::constants::{ASM_BODY, ASM_SUBJECT};
+use crate::contact::ContactId;
+use crate::context::Context;
+use crate::imex::set_self_key;
+use crate::key::{DcKey, load_self_secret_key};
+use crate::message::{Message, MsgId, Viewtype};
+use crate::mimeparser::SystemMessage;
+use crate::param::Param;
+use crate::pgp;
+use crate::tools::open_file_std;
+
+/// Initiates key transfer via Autocrypt Setup Message.
+///
+/// Returns setup code.
+pub async fn initiate_key_transfer(context: &Context) -> Result<String> {
+    let setup_code = create_setup_code(context);
+    /* this may require a keypair to be created. this may take a second ... */
+    let setup_file_content = render_setup_file(context, &setup_code).await?;
+    /* encrypting may also take a while ... */
+    let setup_file_blob = BlobObject::create_and_deduplicate_from_bytes(
+        context,
+        setup_file_content.as_bytes(),
+        "autocrypt-setup-message.html",
+    )?;
+
+    let chat_id = ChatId::create_for_contact(context, ContactId::SELF).await?;
+    let mut msg = Message::new(Viewtype::File);
+    msg.param.set(Param::File, setup_file_blob.as_name());
+    msg.param
+        .set(Param::Filename, "autocrypt-setup-message.html");
+    msg.subject = ASM_SUBJECT.to_owned();
+    msg.param
+        .set(Param::MimeType, "application/autocrypt-setup");
+    msg.param.set_cmd(SystemMessage::AutocryptSetupMessage);
+    msg.force_plaintext();
+    msg.param.set_int(Param::SkipAutocrypt, 1);
+
+    // Enable BCC-self, because transferring a key
+    // means we have a multi-device setup.
+    context.set_config_bool(Config::BccSelf, true).await?;
+
+    chat::send_msg(context, chat_id, &mut msg).await?;
+    Ok(setup_code)
+}
+
+/// Continue key transfer via Autocrypt Setup Message.
+///
+/// `msg_id` is the ID of the received Autocrypt Setup Message.
+/// `setup_code` is the code entered by the user.
+pub async fn continue_key_transfer(
+    context: &Context,
+    msg_id: MsgId,
+    setup_code: &str,
+) -> Result<()> {
+    ensure!(!msg_id.is_special(), "wrong id");
+
+    let msg = Message::load_from_db(context, msg_id).await?;
+    ensure!(
+        msg.is_setupmessage(),
+        "Message is no Autocrypt Setup Message."
+    );
+
+    if let Some(filename) = msg.get_file(context) {
+        let file = open_file_std(context, filename)?;
+        let sc = normalize_setup_code(setup_code);
+        let armored_key = decrypt_setup_file(&sc, BufReader::new(file)).await?;
+        set_self_key(context, &armored_key).await?;
+        context.set_config_bool(Config::BccSelf, true).await?;
+
+        Ok(())
+    } else {
+        bail!("Message is no Autocrypt Setup Message.");
+    }
+}
+
+/// Renders HTML body of a setup file message.
+///
+/// The `passphrase` must be at least 2 characters long.
+pub async fn render_setup_file(context: &Context, passphrase: &str) -> Result<String> {
+    let passphrase_begin = if let Some(passphrase_begin) = passphrase.get(..2) {
+        passphrase_begin
+    } else {
+        bail!("Passphrase must be at least 2 chars long.");
+    };
+    let private_key = load_self_secret_key(context).await?;
+    let ac_headers = Some(("Autocrypt-Prefer-Encrypt", "mutual"));
+    let private_key_asc = private_key.to_asc(ac_headers);
+    let encr = pgp::symm_encrypt_autocrypt_setup(passphrase, private_key_asc.into_bytes())
+        .await?
+        .replace('\n', "\r\n");
+
+    let replacement = format!(
+        concat!(
+            "-----BEGIN PGP MESSAGE-----\r\n",
+            "Passphrase-Format: numeric9x4\r\n",
+            "Passphrase-Begin: {}"
+        ),
+        passphrase_begin
+    );
+    let pgp_msg = encr.replace("-----BEGIN PGP MESSAGE-----", &replacement);
+
+    let msg_subj = ASM_SUBJECT;
+    let msg_body = ASM_BODY.to_string();
+    let msg_body_html = msg_body.replace('\r', "").replace('\n', "<br>");
+    Ok(format!(
+        concat!(
+            "<!DOCTYPE html>\r\n",
+            "<html>\r\n",
+            "  <head>\r\n",
+            "    <title>{}</title>\r\n",
+            "  </head>\r\n",
+            "  <body>\r\n",
+            "    <h1>{}</h1>\r\n",
+            "    <p>{}</p>\r\n",
+            "    <pre>\r\n{}\r\n</pre>\r\n",
+            "  </body>\r\n",
+            "</html>\r\n"
+        ),
+        msg_subj, msg_subj, msg_body_html, pgp_msg
+    ))
+}
+
+/// Creates a new setup code for Autocrypt Setup Message.
+#[expect(clippy::arithmetic_side_effects)]
+fn create_setup_code(_context: &Context) -> String {
+    let mut random_val: u16;
+    let mut ret = String::new();
+
+    for i in 0..9 {
+        loop {
+            random_val = rand::random();
+            if random_val as usize <= 60000 {
+                break;
+            }
+        }
+        random_val = (random_val as usize % 10000) as u16;
+        ret += &format!(
+            "{}{:04}",
+            if 0 != i { "-" } else { "" },
+            random_val as usize
+        );
+    }
+
+    ret
+}
+
+async fn decrypt_setup_file<T: std::fmt::Debug + std::io::BufRead + Send + 'static>(
+    passphrase: &str,
+    file: T,
+) -> Result<String> {
+    let plain_bytes = pgp::symm_decrypt(passphrase, file).await?;
+    let plain_text = std::string::String::from_utf8(plain_bytes)?;
+
+    Ok(plain_text)
+}
+
+fn normalize_setup_code(s: &str) -> String {
+    let mut out = String::new();
+    for c in s.chars() {
+        if c.is_ascii_digit() {
+            out.push(c);
+            if let 4 | 9 | 14 | 19 | 24 | 29 | 34 | 39 = out.len() {
+                out += "-"
+            }
+        }
+    }
+    out
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    use crate::pgp::{HEADER_AUTOCRYPT, HEADER_SETUPCODE, split_armored_data};
+    use crate::receive_imf::receive_imf;
+    use crate::test_utils::{TestContext, TestContextManager};
+    use ::pgp::armor::BlockType;
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_render_setup_file() {
+        let t = TestContext::new_alice().await;
+        let msg = render_setup_file(&t, "hello").await.unwrap();
+        println!("{}", &msg);
+        // Check some substrings, indicating things got substituted.
+        assert!(msg.contains("<title>Autocrypt Setup Message</title"));
+        assert!(msg.contains("<h1>Autocrypt Setup Message</h1>"));
+        assert!(msg.contains("<p>This is the Autocrypt Setup Message used to"));
+        assert!(msg.contains("-----BEGIN PGP MESSAGE-----\r\n"));
+        assert!(msg.contains("Passphrase-Format: numeric9x4\r\n"));
+        assert!(msg.contains("Passphrase-Begin: he\r\n"));
+        assert!(msg.contains("-----END PGP MESSAGE-----\r\n"));
+
+        for line in msg.rsplit_terminator('\n') {
+            assert!(line.ends_with('\r'));
+        }
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_render_setup_file_newline_replace() {
+        let t = TestContext::new_alice().await;
+        let msg = render_setup_file(&t, "pw").await.unwrap();
+        println!("{}", &msg);
+        assert!(msg.contains("<p>This is the Autocrypt Setup Message used to transfer your end-to-end setup between clients.<br>"));
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_create_setup_code() {
+        let t = TestContext::new().await;
+        let setupcode = create_setup_code(&t);
+        assert_eq!(setupcode.len(), 44);
+        assert_eq!(setupcode.chars().nth(4).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(9).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(14).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(19).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(24).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(29).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(34).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(39).unwrap(), '-');
+    }
+
+    #[test]
+    fn test_normalize_setup_code() {
+        let norm = normalize_setup_code("123422343234423452346234723482349234");
+        assert_eq!(norm, "1234-2234-3234-4234-5234-6234-7234-8234-9234");
+
+        let norm =
+            normalize_setup_code("\t1 2 3422343234- foo bar-- 423-45 2 34 6234723482349234      ");
+        assert_eq!(norm, "1234-2234-3234-4234-5234-6234-7234-8234-9234");
+    }
+
+    /* S_EM_SETUPFILE is a AES-256 symm. encrypted setup message created by Enigmail
+    with an "encrypted session key", see RFC 4880.  The code is in S_EM_SETUPCODE */
+    const S_EM_SETUPCODE: &str = "1742-0185-6197-1303-7016-8412-3581-4441-0597";
+    const S_EM_SETUPFILE: &str = include_str!("../../test-data/message/stress.txt");
+
+    // Autocrypt Setup Message payload "encrypted" with plaintext algorithm.
+    const S_PLAINTEXT_SETUPFILE: &str =
+        include_str!("../../test-data/message/plaintext-autocrypt-setup.txt");
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_split_and_decrypt() {
+        let buf_1 = S_EM_SETUPFILE.as_bytes().to_vec();
+        let (typ, headers, base64) = split_armored_data(&buf_1).unwrap();
+        assert_eq!(typ, BlockType::Message);
+        assert!(S_EM_SETUPCODE.starts_with(headers.get(HEADER_SETUPCODE).unwrap()));
+        assert!(!headers.contains_key(HEADER_AUTOCRYPT));
+
+        assert!(!base64.is_empty());
+
+        let setup_file = S_EM_SETUPFILE;
+        let decrypted = decrypt_setup_file(S_EM_SETUPCODE, setup_file.as_bytes())
+            .await
+            .unwrap();
+
+        let (typ, headers, _base64) = split_armored_data(decrypted.as_bytes()).unwrap();
+
+        assert_eq!(typ, BlockType::PrivateKey);
+        assert_eq!(headers.get(HEADER_AUTOCRYPT), Some(&"mutual".to_string()));
+        assert!(!headers.contains_key(HEADER_SETUPCODE));
+    }
+
+    /// Tests that Autocrypt Setup Message encrypted with "plaintext" algorithm cannot be
+    /// decrypted.
+    ///
+    /// According to <https://datatracker.ietf.org/doc/html/rfc4880#section-13.4>
+    /// "Implementations MUST NOT use plaintext in Symmetrically Encrypted Data packets".
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_decrypt_plaintext_autocrypt_setup_message() {
+        let setup_file = S_PLAINTEXT_SETUPFILE;
+        let incorrect_setupcode = "0000-0000-0000-0000-0000-0000-0000-0000-0000";
+        assert!(
+            decrypt_setup_file(incorrect_setupcode, setup_file.as_bytes(),)
+                .await
+                .is_err()
+        );
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_key_transfer() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = &tcm.alice().await;
+
+        tcm.section("Alice sends Autocrypt setup message");
+        alice.set_config(Config::BccSelf, Some("0")).await?;
+        let setup_code = initiate_key_transfer(alice).await?;
+
+        // Test that sending Autocrypt Setup Message enables `bcc_self`.
+        assert_eq!(alice.get_config_bool(Config::BccSelf).await?, true);
+
+        // Get Autocrypt Setup Message.
+        let sent = alice.pop_sent_msg().await;
+
+        tcm.section("Alice sets up a second device");
+        let alice2 = &tcm.unconfigured().await;
+        alice2.set_name("alice2");
+        alice2.configure_addr("alice@example.org").await;
+        alice2.recv_msg(&sent).await;
+        let msg = alice2.get_last_msg().await;
+        assert!(msg.is_setupmessage());
+        assert_eq!(crate::key::load_self_secret_keyring(alice2).await?.len(), 0);
+
+        // Transfer the key.
+        tcm.section("Alice imports a key from Autocrypt Setup Message");
+        alice2.set_config(Config::BccSelf, Some("0")).await?;
+        continue_key_transfer(alice2, msg.id, &setup_code).await?;
+        assert_eq!(alice2.get_config_bool(Config::BccSelf).await?, true);
+        assert_eq!(crate::key::load_self_secret_keyring(alice2).await?.len(), 1);
+
+        // Alice sends a message to self from the new device.
+        let sent = alice2.send_text(msg.chat_id, "Test").await;
+        let rcvd_msg = alice.recv_msg(&sent).await;
+        assert_eq!(rcvd_msg.get_text(), "Test");
+
+        Ok(())
+    }
+
+    /// Tests that Autocrypt Setup Messages is only clickable if it is self-sent.
+    /// This prevents Bob from tricking Alice into changing the key
+    /// by sending her an Autocrypt Setup Message as long as Alice's server
+    /// does not allow to forge the `From:` header.
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_key_transfer_non_self_sent() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = tcm.alice().await;
+        let bob = tcm.bob().await;
+
+        let _setup_code = initiate_key_transfer(&alice).await?;
+
+        // Get Autocrypt Setup Message.
+        let sent = alice.pop_sent_msg().await;
+
+        let rcvd = bob.recv_msg(&sent).await;
+        assert!(!rcvd.is_setupmessage());
+
+        Ok(())
+    }
+
+    /// Tests reception of Autocrypt Setup Message from K-9 6.802.
+    ///
+    /// Unlike Autocrypt Setup Message sent by Delta Chat,
+    /// this message does not contain `Autocrypt-Prefer-Encrypt` header.
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_key_transfer_k_9() -> Result<()> {
+        let t = &TestContext::new().await;
+        t.configure_addr("autocrypt@nine.testrun.org").await;
+
+        let raw = include_bytes!("../../test-data/message/k-9-autocrypt-setup-message.eml");
+        let received = receive_imf(t, raw, false).await?.unwrap();
+
+        let setup_code = "0655-9868-8252-5455-4232-5158-1237-5333-2638";
+        continue_key_transfer(t, *received.msg_ids.last().unwrap(), setup_code).await?;
+
+        Ok(())
+    }
+}
--- a/src/imex/transfer.rs
+++ b/src/imex/transfer.rs
@@ -467,32 +467,6 @@ mod tests {
        }
    }

-    /// Tests that trying to accidentally overwrite a profile
-    /// that is in use will fail.
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_cant_overwrite_profile_in_use() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let ctx0 = &tcm.alice().await;
-        let ctx1 = &tcm.bob().await;
-
-        // Prepare to transfer backup.
-        let provider = BackupProvider::prepare(ctx0).await?;
-
-        // Try to overwrite an existing profile.
-        let err = get_backup(ctx1, provider.qr()).await.unwrap_err();
-        assert!(format!("{err:#}").contains("Cannot import backups to accounts in use"));
-
-        // ctx0 is supposed to also finish, and emit an error:
-        provider.await.unwrap();
-        ctx0.evtracker
-            .get_matching(|e| matches!(e, EventType::Error(_)))
-            .await;
-
-        assert_eq!(ctx1.get_primary_self_addr().await?, "bob@example.net");
-
-        Ok(())
-    }
-
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_drop_provider() {
        let mut tcm = TestContextManager::new();
--- a/src/internals_for_benches.rs
+++ b/src/internals_for_benches.rs
@@ -10,12 +10,13 @@ use crate::key;
 use crate::key::DcKey;
 use crate::mimeparser::MimeMessage;
 use crate::pgp;
+use crate::pgp::KeyPair;

 pub fn key_from_asc(data: &str) -> Result<key::SignedSecretKey> {
    key::SignedSecretKey::from_asc(data)
 }

-pub async fn store_self_keypair(context: &Context, keypair: &key::SignedSecretKey) -> Result<()> {
+pub async fn store_self_keypair(context: &Context, keypair: &KeyPair) -> Result<()> {
    key::store_self_keypair(context, keypair).await
 }

@@ -28,7 +29,7 @@ pub async fn save_broadcast_secret(context: &Context, chat_id: ChatId, secret: &
    crate::chat::save_broadcast_secret(context, chat_id, secret).await
 }

-pub fn create_dummy_keypair(addr: &str) -> Result<key::SignedSecretKey> {
+pub fn create_dummy_keypair(addr: &str) -> Result<KeyPair> {
    pgp::create_keypair(EmailAddress::new(addr)?)
 }

--- a/src/key.rs
+++ b/src/key.rs
@@ -7,23 +7,16 @@ use std::io::Cursor;
 use anyhow::{Context as _, Result, bail, ensure};
 use base64::Engine as _;
 use deltachat_contact_tools::EmailAddress;
-use pgp::composed::{Deserializable, SignedKeyDetails};
+use pgp::composed::Deserializable;
 pub use pgp::composed::{SignedPublicKey, SignedSecretKey};
-use pgp::crypto::aead::AeadAlgorithm;
-use pgp::crypto::hash::HashAlgorithm;
-use pgp::crypto::sym::SymmetricKeyAlgorithm;
-use pgp::packet::{
-    Features, KeyFlags, Notation, PacketTrait as _, SignatureConfig, SignatureType, Subpacket,
-    SubpacketData,
-};
 use pgp::ser::Serialize;
-use pgp::types::{CompressionAlgorithm, KeyDetails, KeyVersion};
-use rand_old::thread_rng;
+use pgp::types::{KeyDetails, KeyId};
 use tokio::runtime::Handle;

 use crate::context::Context;
 use crate::events::EventType;
 use crate::log::LogExt;
+use crate::pgp::KeyPair;
 use crate::tools::{self, time_elapsed};

 /// Convenience trait for working with keys.
@@ -120,155 +113,19 @@ pub trait DcKey: Serialize + Deserializable + Clone {

    /// Whether the key is private (or public).
    fn is_private() -> bool;
-}

-/// Converts secret key to public key.
-pub(crate) fn secret_key_to_public_key(
-    context: &Context,
-    mut signed_secret_key: SignedSecretKey,
-    timestamp: u32,
-    addr: &str,
-    relay_addrs: &str,
-) -> Result<SignedPublicKey> {
-    info!(context, "Converting secret key to public key.");
-    let timestamp = pgp::types::Timestamp::from_secs(timestamp);
-
-    // Subpackets that we want to share between DKS and User ID signature.
-    let common_subpackets = || -> Result<Vec<Subpacket>> {
-        let keyflags = {
-            let mut keyflags = KeyFlags::default();
-            keyflags.set_certify(true);
-            keyflags.set_sign(true);
-            keyflags
-        };
-        let features = {
-            let mut features = Features::default();
-            features.set_seipd_v1(true);
-            features.set_seipd_v2(true);
-            features
-        };
-
-        Ok(vec![
-            Subpacket::regular(SubpacketData::SignatureCreationTime(timestamp))?,
-            Subpacket::regular(SubpacketData::IssuerFingerprint(
-                signed_secret_key.fingerprint(),
-            ))?,
-            Subpacket::regular(SubpacketData::KeyFlags(keyflags))?,
-            Subpacket::regular(SubpacketData::Features(features))?,
-            Subpacket::regular(SubpacketData::PreferredSymmetricAlgorithms(smallvec![
-                SymmetricKeyAlgorithm::AES256,
-                SymmetricKeyAlgorithm::AES192,
-                SymmetricKeyAlgorithm::AES128
-            ]))?,
-            Subpacket::regular(SubpacketData::PreferredHashAlgorithms(smallvec![
-                HashAlgorithm::Sha256,
-                HashAlgorithm::Sha384,
-                HashAlgorithm::Sha512,
-                HashAlgorithm::Sha224,
-            ]))?,
-            Subpacket::regular(SubpacketData::PreferredCompressionAlgorithms(smallvec![
-                CompressionAlgorithm::ZLIB,
-                CompressionAlgorithm::ZIP,
-            ]))?,
-            Subpacket::regular(SubpacketData::PreferredAeadAlgorithms(smallvec![(
-                SymmetricKeyAlgorithm::AES256,
-                AeadAlgorithm::Ocb
-            )]))?,
-            Subpacket::regular(SubpacketData::IsPrimary(true))?,
-        ])
-    };
-
-    // RFC 4880 required that Transferrable Public Key (aka OpenPGP Certificate)
-    // contains at least one User ID:
-    // <https://www.rfc-editor.org/rfc/rfc4880#section-11.1>
-    // RFC 9580 does not require User ID even for V4 certificates anymore:
-    // <https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-version-4-certifica>
-    //
-    // We do not use and do not expect User ID in any keys,
-    // but nevertheless include User ID in V4 keys for compatibility with clients that follow RFC 4880.
-    // RFC 9580 also recommends including User ID into V4 keys:
-    // <https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.10-8>
-    //
-    // We do not support keys older than V4 and are not going
-    // to include User ID in newer V6 keys as all clients that support V6
-    // should support keys without User ID.
-    let users = if signed_secret_key.version() == KeyVersion::V4 {
-        let user_id = format!("<{addr}>");
-
-        let mut rng = thread_rng();
-        // Self-signature is a "positive certification",
-        // see <https://www.ietf.org/archive/id/draft-gallagher-openpgp-signatures-02.html#name-certification-signature-typ>.
-        let mut user_id_signature_config = SignatureConfig::from_key(
-            &mut rng,
-            &signed_secret_key.primary_key,
-            SignatureType::CertPositive,
-        )?;
-        user_id_signature_config.hashed_subpackets = common_subpackets()?;
-        user_id_signature_config.unhashed_subpackets = vec![Subpacket::regular(
-            SubpacketData::IssuerKeyId(signed_secret_key.legacy_key_id()),
-        )?];
-        let user_id_packet =
-            pgp::packet::UserId::from_str(pgp::types::PacketHeaderVersion::New, &user_id)?;
-        let signature = user_id_signature_config.sign_certification(
-            &signed_secret_key.primary_key,
-            &signed_secret_key.primary_key.public_key(),
-            &pgp::types::Password::empty(),
-            user_id_packet.tag(),
-            &user_id_packet,
-        )?;
-        vec![user_id_packet.into_signed(signature)]
-    } else {
-        vec![]
-    };
-
-    let direct_signatures = {
-        let mut rng = thread_rng();
-        let mut direct_key_signature_config = SignatureConfig::from_key(
-            &mut rng,
-            &signed_secret_key.primary_key,
-            SignatureType::Key,
-        )?;
-        direct_key_signature_config.hashed_subpackets = common_subpackets()?;
-        let notation = Notation {
-            readable: true,
-            name: "relays@chatmail.at".into(),
-            value: relay_addrs.to_string().into(),
-        };
-        direct_key_signature_config
-            .hashed_subpackets
-            .push(Subpacket::regular(SubpacketData::Notation(notation))?);
-        let direct_key_signature = direct_key_signature_config.sign_key(
-            &signed_secret_key.primary_key,
-            &pgp::types::Password::empty(),
-            signed_secret_key.primary_key.public_key(),
-        )?;
-        vec![direct_key_signature]
-    };
-
-    signed_secret_key.details = SignedKeyDetails {
-        revocation_signatures: vec![],
-        direct_signatures,
-        users,
-        user_attributes: vec![],
-    };
-
-    Ok(signed_secret_key.to_public_key())
+    /// Returns the OpenPGP Key ID.
+    fn key_id(&self) -> KeyId;
 }

 /// Attempts to load own public key.
 ///
-/// Returns `None` if no secret key is generated yet.
+/// Returns `None` if no key is generated yet.
 pub(crate) async fn load_self_public_key_opt(context: &Context) -> Result<Option<SignedPublicKey>> {
-    let mut lock = context.self_public_key.lock().await;
-
-    if let Some(ref public_key) = *lock {
-        return Ok(Some(public_key.clone()));
-    }
-
-    let Some(secret_key_bytes) = context
+    let Some(public_key_bytes) = context
        .sql
        .query_row_optional(
-            "SELECT private_key
+            "SELECT public_key
             FROM keypairs
             WHERE id=(SELECT value FROM config WHERE keyname='key_id')",
            (),
@@ -281,27 +138,8 @@ pub(crate) async fn load_self_public_key_opt(context: &Context) -> Result<Option
    else {
        return Ok(None);
    };
-    let signed_secret_key = SignedSecretKey::from_slice(&secret_key_bytes)?;
-    let timestamp = context
-        .sql
-        .query_get_value::<u32>(
-            "SELECT MAX(timestamp)
-             FROM (SELECT add_timestamp AS timestamp
-                   FROM transports
-                   UNION ALL
-                   SELECT remove_timestamp AS timestamp
-                   FROM removed_transports)",
-            (),
-        )
-        .await?
-        .context("No transports configured")?;
-    let addr = context.get_primary_self_addr().await?;
-    let all_addrs = context.get_published_self_addrs().await?.join(",");
-    let signed_public_key =
-        secret_key_to_public_key(context, signed_secret_key, timestamp, &addr, &all_addrs)?;
-    *lock = Some(signed_public_key.clone());
-
-    Ok(Some(signed_public_key))
+    let public_key = SignedPublicKey::from_slice(&public_key_bytes)?;
+    Ok(Some(public_key))
 }

 /// Loads own public key.
@@ -311,11 +149,8 @@ pub(crate) async fn load_self_public_key(context: &Context) -> Result<SignedPubl
    match load_self_public_key_opt(context).await? {
        Some(public_key) => Ok(public_key),
        None => {
-            generate_keypair(context).await?;
-            let public_key = load_self_public_key_opt(context)
-                .await?
-                .context("Secret key generated, but public key cannot be created")?;
-            Ok(public_key)
+            let keypair = generate_keypair(context).await?;
+            Ok(keypair.public)
        }
    }
 }
@@ -380,8 +215,8 @@ pub(crate) async fn load_self_secret_key(context: &Context) -> Result<SignedSecr
    match private_key {
        Some(bytes) => SignedSecretKey::from_slice(&bytes),
        None => {
-            let secret = generate_keypair(context).await?;
-            Ok(secret)
+            let keypair = generate_keypair(context).await?;
+            Ok(keypair.secret)
        }
    }
 }
@@ -427,6 +262,10 @@ impl DcKey for SignedPublicKey {
    fn dc_fingerprint(&self) -> Fingerprint {
        self.fingerprint().into()
    }
+
+    fn key_id(&self) -> KeyId {
+        KeyDetails::legacy_key_id(self)
+    }
 }

 impl DcKey for SignedSecretKey {
@@ -450,12 +289,16 @@ impl DcKey for SignedSecretKey {
    fn dc_fingerprint(&self) -> Fingerprint {
        self.fingerprint().into()
    }
+
+    fn key_id(&self) -> KeyId {
+        KeyDetails::legacy_key_id(&**self)
+    }
 }

-async fn generate_keypair(context: &Context) -> Result<SignedSecretKey> {
+async fn generate_keypair(context: &Context) -> Result<KeyPair> {
    let addr = context.get_primary_self_addr().await?;
    let addr = EmailAddress::new(&addr)?;
-    let _public_key_guard = context.self_public_key.lock().await;
+    let _guard = context.generating_key_mutex.lock().await;

    // Check if the key appeared while we were waiting on the lock.
    match load_keypair(context).await? {
@@ -478,52 +321,51 @@ async fn generate_keypair(context: &Context) -> Result<SignedSecretKey> {
    }
 }

-pub(crate) async fn load_keypair(context: &Context) -> Result<Option<SignedSecretKey>> {
+pub(crate) async fn load_keypair(context: &Context) -> Result<Option<KeyPair>> {
    let res = context
        .sql
        .query_row_optional(
-            "SELECT private_key
-                 FROM keypairs
-                 WHERE id=(SELECT value FROM config WHERE keyname='key_id')",
+            "SELECT public_key, private_key
+             FROM keypairs
+             WHERE id=(SELECT value FROM config WHERE keyname='key_id')",
            (),
            |row| {
-                let sec_bytes: Vec<u8> = row.get(0)?;
-                Ok(sec_bytes)
+                let pub_bytes: Vec<u8> = row.get(0)?;
+                let sec_bytes: Vec<u8> = row.get(1)?;
+                Ok((pub_bytes, sec_bytes))
            },
        )
        .await?;

-    let signed_secret_key = if let Some(sec_bytes) = res {
-        Some(SignedSecretKey::from_slice(&sec_bytes)?)
+    Ok(if let Some((pub_bytes, sec_bytes)) = res {
+        Some(KeyPair {
+            public: SignedPublicKey::from_slice(&pub_bytes)?,
+            secret: SignedSecretKey::from_slice(&sec_bytes)?,
+        })
    } else {
        None
-    };
-
-    Ok(signed_secret_key)
+    })
 }

-/// Stores own keypair in the database and sets it as a default.
+/// Store the keypair as an owned keypair for addr in the database.
 ///
-/// Fails if we already have a key, so it is not possible to
-/// have more than one key for new setups. Existing setups
-/// may still have more than one key for compatibility.
-pub(crate) async fn store_self_keypair(
-    context: &Context,
-    signed_secret_key: &SignedSecretKey,
-) -> Result<()> {
-    // This public key is stored in the database
-    // only for backwards compatibility.
-    //
-    // It should not be used e.g. in Autocrypt headers or vCards.
-    // Use `secret_key_to_public_key()` function instead,
-    // which adds relay list to the signature.
-    let signed_public_key = signed_secret_key.to_public_key();
+/// This will save the keypair as keys for the given address.  The
+/// "self" here refers to the fact that this DC instance owns the
+/// keypair.  Usually `addr` will be [Config::ConfiguredAddr].
+///
+/// If either the public or private keys are already present in the
+/// database, this entry will be removed first regardless of the
+/// address associated with it.  Practically this means saving the
+/// same key again overwrites it.
+///
+/// [Config::ConfiguredAddr]: crate::config::Config::ConfiguredAddr
+pub(crate) async fn store_self_keypair(context: &Context, keypair: &KeyPair) -> Result<()> {
    let mut config_cache_lock = context.sql.config_cache.write().await;
    let new_key_id = context
        .sql
        .transaction(|transaction| {
-            let public_key = DcKey::to_bytes(&signed_public_key);
-            let secret_key = DcKey::to_bytes(signed_secret_key);
+            let public_key = DcKey::to_bytes(&keypair.public);
+            let secret_key = DcKey::to_bytes(&keypair.secret);

            // private_key and public_key columns
            // are UNIQUE since migration 107,
@@ -561,7 +403,9 @@ pub(crate) async fn store_self_keypair(
 /// Use import/export APIs instead.
 pub async fn preconfigure_keypair(context: &Context, secret_data: &str) -> Result<()> {
    let secret = SignedSecretKey::from_asc(secret_data)?;
-    store_self_keypair(context, &secret).await?;
+    let public = secret.to_public_key();
+    let keypair = KeyPair { public, secret };
+    store_self_keypair(context, &keypair).await?;
    Ok(())
 }

@@ -640,7 +484,7 @@ mod tests {
    use crate::config::Config;
    use crate::test_utils::{TestContext, alice_keypair};

-    static KEYPAIR: LazyLock<SignedSecretKey> = LazyLock::new(alice_keypair);
+    static KEYPAIR: LazyLock<KeyPair> = LazyLock::new(alice_keypair);

    #[test]
    fn test_from_armored_string() {
@@ -710,12 +554,12 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD

    #[test]
    fn test_asc_roundtrip() {
-        let key = KEYPAIR.clone().to_public_key();
+        let key = KEYPAIR.public.clone();
        let asc = key.to_asc(Some(("spam", "ham")));
        let key2 = SignedPublicKey::from_asc(&asc).unwrap();
        assert_eq!(key, key2);

-        let key = KEYPAIR.clone();
+        let key = KEYPAIR.secret.clone();
        let asc = key.to_asc(Some(("spam", "ham")));
        let key2 = SignedSecretKey::from_asc(&asc).unwrap();
        assert_eq!(key, key2);
@@ -723,8 +567,8 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD

    #[test]
    fn test_from_slice_roundtrip() {
-        let private_key = KEYPAIR.clone();
-        let public_key = KEYPAIR.clone().to_public_key();
+        let public_key = KEYPAIR.public.clone();
+        let private_key = KEYPAIR.secret.clone();

        let binary = DcKey::to_bytes(&public_key);
        let public_key2 = SignedPublicKey::from_slice(&binary).expect("invalid public key");
@@ -756,7 +600,8 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD
    /// this resulted in various number of garbage
    /// octets at the end of the key, starting from 3 octets,
    /// but possibly 4 or 5 and maybe more octets
-    /// if the key is imported multiple times.
+    /// if the key is imported or transferred
+    /// using Autocrypt Setup Message multiple times.
    #[test]
    fn test_ignore_trailing_garbage() {
        // Test several variants of garbage.
@@ -765,7 +610,7 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD
            b"\x02\xfc\xaa".as_slice(),
            b"\x01\x02\x03\x04\x05".as_slice(),
        ] {
-            let private_key = KEYPAIR.clone();
+            let private_key = KEYPAIR.secret.clone();

            let mut binary = DcKey::to_bytes(&private_key);
            binary.extend(garbage);
@@ -779,7 +624,7 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD

    #[test]
    fn test_base64_roundtrip() {
-        let key = KEYPAIR.clone().to_public_key();
+        let key = KEYPAIR.public.clone();
        let base64 = key.to_base64();
        let key2 = SignedPublicKey::from_base64(&base64).unwrap();
        assert_eq!(key, key2);
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -79,16 +79,6 @@ pub struct EnteredServerLoginParam {
    pub password: String,
 }

-/// A transport, as shown in the "relays" list in the UI.
-#[derive(Debug)]
-pub struct TransportListEntry {
-    /// The login data entered by the user.
-    pub param: EnteredLoginParam,
-    /// Whether this transport is set to 'unpublished'.
-    /// See [`Context::set_transport_unpublished`] for details.
-    pub is_unpublished: bool,
-}
-
 /// Login parameters entered by the user.
 #[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct EnteredLoginParam {
--- a/src/message.rs
+++ b/src/message.rs
@@ -30,6 +30,7 @@ use crate::location::delete_poi_location;
 use crate::log::warn;
 use crate::mimeparser::{SystemMessage, parse_message_id};
 use crate::param::{Param, Params};
+use crate::pgp::split_armored_data;
 use crate::reaction::get_msg_reactions;
 use crate::sql;
 use crate::summary::Summary;
@@ -1058,6 +1059,34 @@ impl Message {
        cmd != SystemMessage::Unknown
    }

+    /// Returns true if the message is an Autocrypt Setup Message.
+    pub fn is_setupmessage(&self) -> bool {
+        if self.viewtype != Viewtype::File {
+            return false;
+        }
+
+        self.param.get_cmd() == SystemMessage::AutocryptSetupMessage
+    }
+
+    /// Returns the first characters of the setup code.
+    ///
+    /// This is used to pre-fill the first entry field of the setup code.
+    pub async fn get_setupcodebegin(&self, context: &Context) -> Option<String> {
+        if !self.is_setupmessage() {
+            return None;
+        }
+
+        if let Some(filename) = self.get_file(context)
+            && let Ok(ref buf) = read_file(context, &filename).await
+            && let Ok((typ, headers, _)) = split_armored_data(buf)
+            && typ == pgp::armor::BlockType::Message
+        {
+            return headers.get(crate::pgp::HEADER_SETUPCODE).cloned();
+        }
+
+        None
+    }
+
    /// Sets or unsets message text.
    pub fn set_text(&mut self, text: String) {
        self.text = text;
@@ -1905,22 +1934,10 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
            // We also don't send read receipts for contact requests.
            // Read receipts will not be sent even after accepting the chat.
            let to_id = if curr_blocked == Blocked::Not
-                && !curr_hidden
                && curr_param.get_bool(Param::WantsMdn).unwrap_or_default()
                && curr_param.get_cmd() == SystemMessage::Unknown
                && context.should_send_mdns().await?
            {
-                // Clear WantsMdn to not handle a MDN twice
-                // if the state later is InFresh again as markfresh_chat() was called.
-                // BccSelf MDN messages in the next branch may be sent twice for syncing.
-                context
-                    .sql
-                    .execute(
-                        "UPDATE msgs SET param=? WHERE id=?",
-                        (curr_param.clone().remove(Param::WantsMdn).to_string(), id),
-                    )
-                    .await
-                    .context("failed to clear WantsMdn")?;
                Some(curr_from_id)
            } else if context.get_config_bool(Config::BccSelf).await? {
                Some(ContactId::SELF)
@@ -1938,7 +1955,6 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
                    .context("failed to insert into smtp_mdns")?;
                context.scheduler.interrupt_smtp().await;
            }
-
            if !curr_hidden {
                updated_chat_ids.insert(curr_chat_id);
            }
@@ -2051,22 +2067,6 @@ pub(crate) async fn set_msg_failed(
    Ok(())
 }

-/// Inserts a tombstone into `msgs` table
-/// to prevent downloading the same message in the future.
-///
-/// Returns tombstone database row ID.
-pub(crate) async fn insert_tombstone(context: &Context, rfc724_mid: &str) -> Result<MsgId> {
-    let row_id = context
-        .sql
-        .insert(
-            "INSERT INTO msgs(rfc724_mid, chat_id) VALUES (?,?)",
-            (rfc724_mid, DC_CHAT_ID_TRASH),
-        )
-        .await?;
-    let msg_id = MsgId::new(u32::try_from(row_id)?);
-    Ok(msg_id)
-}
-
 /// The number of messages assigned to unblocked chats
 pub async fn get_unblocked_msg_cnt(context: &Context) -> usize {
    match context
--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -17,7 +17,8 @@ use crate::aheader::{Aheader, EncryptPreference};
 use crate::blob::BlobObject;
 use crate::chat::{self, Chat, PARAM_BROADCAST_SECRET, load_broadcast_secret};
 use crate::config::Config;
-use crate::constants::{BROADCAST_INCOMPATIBILITY_MSG, Chattype, DC_FROM_HANDSHAKE};
+use crate::constants::{ASM_SUBJECT, BROADCAST_INCOMPATIBILITY_MSG};
+use crate::constants::{Chattype, DC_FROM_HANDSHAKE};
 use crate::contact::{Contact, ContactId, Origin};
 use crate::context::Context;
 use crate::download::PostMsgMetadata;
@@ -32,7 +33,7 @@ use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{SystemMessage, is_hidden};
 use crate::param::Param;
 use crate::peer_channels::{create_iroh_header, get_iroh_topic_for_msg};
-use crate::pgp::{SeipdVersion, addresses_from_public_key};
+use crate::pgp::SeipdVersion;
 use crate::simplify::escape_message_footer_marks;
 use crate::stock_str;
 use crate::tools::{
@@ -273,13 +274,10 @@ impl MimeFactory {
                .await?
                .context("Can't send member addition/removal: missing key")?;

-            let public_key = SignedPublicKey::from_slice(&public_key_bytes)?;
-
-            let relays =
-                addresses_from_public_key(&public_key).unwrap_or_else(|| vec![addr.clone()]);
-            recipients.extend(relays);
+            recipients.push(addr.clone());
            to.push((authname, addr.clone()));

+            let public_key = SignedPublicKey::from_slice(&public_key_bytes)?;
            encryption_pubkeys = Some(vec![(addr, public_key)]);
        } else {
            let email_to_remove = if msg.param.get_cmd() == SystemMessage::MemberRemovedFromGroup {
@@ -356,23 +354,9 @@ impl MimeFactory {
                                false => "".to_string(),
                            };
                            if add_timestamp >= remove_timestamp {
-                                let relays = if let Some(public_key) = public_key_opt {
-                                    let addrs = addresses_from_public_key(&public_key);
-                                    keys.push((addr.clone(), public_key));
-                                    addrs
-                                } else if id != ContactId::SELF && !should_encrypt_symmetrically(&msg, &chat) {
-                                    missing_key_addresses.insert(addr.clone());
-                                    if is_encrypted {
-                                        warn!(context, "Missing key for {addr}");
-                                    }
-                                    None
-                                } else {
-                                    None
-                                }.unwrap_or_else(|| vec![addr.clone()]);
-
                                if !recipients_contain_addr(&to, &addr) {
                                    if id != ContactId::SELF {
-                                        recipients.extend(relays);
+                                        recipients.push(addr.clone());
                                    }
                                    if !undisclosed_recipients {
                                        to.push((name, addr.clone()));
@@ -383,38 +367,42 @@ impl MimeFactory {
                                            } else if id == ContactId::SELF {
                                                member_fingerprints.push(self_fingerprint.to_string());
                                            } else {
-                                                ensure_and_debug_assert!(member_fingerprints.is_empty(), "If some member is a key-contact, all other members should be key-contacts too");
+                                                ensure_and_debug_assert!(member_fingerprints.is_empty(), "If some past member is a key-contact, all other past members should be key-contacts too");
                                            }
                                        }
                                        member_timestamps.push(add_timestamp);
                                    }
                                }
                                recipient_ids.insert(id);
+
+                                if let Some(public_key) = public_key_opt {
+                                    keys.push((addr.clone(), public_key))
+                                } else if id != ContactId::SELF && !should_encrypt_symmetrically(&msg, &chat) {
+                                    missing_key_addresses.insert(addr.clone());
+                                    if is_encrypted {
+                                        warn!(context, "Missing key for {addr}");
+                                    }
+                                }
                            } else if remove_timestamp.saturating_add(60 * 24 * 3600) > now {
                                // Row is a tombstone,
                                // member is not actually part of the group.
                                if !recipients_contain_addr(&past_members, &addr) {
                                    if let Some(email_to_remove) = email_to_remove
                                        && email_to_remove == addr {
-                                            let relays = if let Some(public_key) = public_key_opt {
-                                                let addrs = addresses_from_public_key(&public_key);
-                                                keys.push((addr.clone(), public_key));
-                                                addrs
+                                            // This is a "member removed" message,
+                                            // we need to notify removed member
+                                            // that it was removed.
+                                            if id != ContactId::SELF {
+                                                recipients.push(addr.clone());
+                                            }
+
+                                            if let Some(public_key) = public_key_opt {
+                                                keys.push((addr.clone(), public_key))
                                            } else if id != ContactId::SELF && !should_encrypt_symmetrically(&msg, &chat)  {
                                                missing_key_addresses.insert(addr.clone());
                                                if is_encrypted {
                                                    warn!(context, "Missing key for {addr}");
                                                }
-                                                None
-                                            } else {
-                                                None
-                                            }.unwrap_or_else(|| vec![addr.clone()]);
-
-                                            // This is a "member removed" message,
-                                            // we need to notify removed member
-                                            // that it was removed.
-                                            if id != ContactId::SELF {
-                                                recipients.extend(relays);
                                            }
                                        }
                                    if !undisclosed_recipients {
@@ -468,16 +456,9 @@ impl MimeFactory {
                .filter(|id| *id != ContactId::SELF)
                .collect();
            if recipient_ids.len() == 1
-                && !matches!(
-                    msg.param.get_cmd(),
-                    SystemMessage::MemberRemovedFromGroup | SystemMessage::SecurejoinMessage
-                )
-                && !matches!(chat.typ, Chattype::OutBroadcast | Chattype::InBroadcast)
+                && msg.param.get_cmd() != SystemMessage::MemberRemovedFromGroup
+                && chat.typ != Chattype::OutBroadcast
            {
-                info!(
-                    context,
-                    "Scale up origin of {} recipients to OutgoingTo.", chat.id
-                );
                ContactId::scaleup_origin(context, &recipient_ids, Origin::OutgoingTo).await?;
            }

@@ -890,6 +871,16 @@ impl MimeFactory {
                "Auto-Submitted",
                mail_builder::headers::raw::Raw::new("auto-generated".to_string()).into(),
            ));
+        } else if let Loaded::Message { msg, .. } = &self.loaded
+            && msg.param.get_cmd() == SystemMessage::SecurejoinMessage
+        {
+            let step = msg.param.get(Param::Arg).unwrap_or_default();
+            if step != "vg-request" && step != "vc-request" {
+                headers.push((
+                    "Auto-Submitted",
+                    mail_builder::headers::raw::Raw::new("auto-replied".to_string()).into(),
+                ));
+            }
        }

        if let Loaded::Message { msg, chat } = &self.loaded
@@ -958,22 +949,6 @@ impl MimeFactory {
            ));
        }

-        if self.pre_message_mode == PreMessageMode::Post {
-            headers.push((
-                "Chat-Is-Post-Message",
-                mail_builder::headers::raw::Raw::new("1").into(),
-            ));
-        } else if let PreMessageMode::Pre {
-            post_msg_rfc724_mid,
-        } = &self.pre_message_mode
-        {
-            headers.push((
-                "Chat-Post-Message-ID",
-                mail_builder::headers::message_id::MessageId::new(post_msg_rfc724_mid.clone())
-                    .into(),
-            ));
-        }
-
        let is_encrypted = self.will_be_encrypted();

        // Add ephemeral timer for non-MDN messages.
@@ -1020,29 +995,189 @@ impl MimeFactory {
            Loaded::Mdn { .. } => self.render_mdn()?,
        };

-        let HeadersByConfidentiality {
-            mut unprotected_headers,
-            hidden_headers,
-            protected_headers,
-        } = group_headers_by_confidentiality(
-            headers,
-            &self.from_addr,
-            self.timestamp,
-            is_encrypted,
-            is_securejoin_message,
-        );
+        // Split headers based on header confidentiality policy.
+
+        // Headers that must go into IMF header section.
+        //
+        // These are standard headers such as Date, In-Reply-To, References, which cannot be placed
+        // anywhere else according to the standard. Placing headers here also allows them to be fetched
+        // individually over IMAP without downloading the message body. This is why Chat-Version is
+        // placed here.
+        let mut unprotected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
+
+        // Headers that MUST NOT (only) go into IMF header section:
+        // - Large headers which may hit the header section size limit on the server, such as
+        //   Chat-User-Avatar with a base64-encoded image inside.
+        // - Headers duplicated here that servers mess up with in the IMF header section, like
+        //   Message-ID.
+        // - Nonstandard headers that should be DKIM-protected because e.g. OpenDKIM only signs
+        //   known headers.
+        //
+        // The header should be hidden from MTA
+        // by moving it either into protected part
+        // in case of encrypted mails
+        // or unprotected MIME preamble in case of unencrypted mails.
+        let mut hidden_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
+
+        // Opportunistically protected headers.
+        //
+        // These headers are placed into encrypted part *if* the message is encrypted. Place headers
+        // which are not needed before decryption (e.g. Chat-Group-Name) or are not interesting if the
+        // message cannot be decrypted (e.g. Chat-Disposition-Notification-To) here.
+        //
+        // If the message is not encrypted, these headers are placed into IMF header section, so make
+        // sure that the message will be encrypted if you place any sensitive information here.
+        let mut protected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
+
+        // MIME header <https://datatracker.ietf.org/doc/html/rfc2045>.
+        unprotected_headers.push((
+            "MIME-Version",
+            mail_builder::headers::raw::Raw::new("1.0").into(),
+        ));
+
+        if self.pre_message_mode == PreMessageMode::Post {
+            unprotected_headers.push((
+                "Chat-Is-Post-Message",
+                mail_builder::headers::raw::Raw::new("1").into(),
+            ));
+        } else if let PreMessageMode::Pre {
+            post_msg_rfc724_mid,
+        } = &self.pre_message_mode
+        {
+            protected_headers.push((
+                "Chat-Post-Message-ID",
+                mail_builder::headers::message_id::MessageId::new(post_msg_rfc724_mid.clone())
+                    .into(),
+            ));
+        }
+
+        for header @ (original_header_name, _header_value) in &headers {
+            let header_name = original_header_name.to_lowercase();
+            if header_name == "message-id" {
+                unprotected_headers.push(header.clone());
+                hidden_headers.push(header.clone());
+            } else if is_hidden(&header_name) {
+                hidden_headers.push(header.clone());
+            } else if header_name == "from" {
+                // Unencrypted securejoin messages should _not_ include the display name:
+                if is_encrypted || !is_securejoin_message {
+                    protected_headers.push(header.clone());
+                }
+
+                unprotected_headers.push((
+                    original_header_name,
+                    Address::new_address(None::<&'static str>, self.from_addr.clone()).into(),
+                ));
+            } else if header_name == "to" {
+                protected_headers.push(header.clone());
+                if is_encrypted {
+                    unprotected_headers.push(("To", hidden_recipients().into()));
+                } else {
+                    unprotected_headers.push(header.clone());
+                }
+            } else if header_name == "chat-broadcast-secret" {
+                if is_encrypted {
+                    protected_headers.push(header.clone());
+                } else {
+                    bail!("Message is unecrypted, cannot include broadcast secret");
+                }
+            } else if is_encrypted && header_name == "date" {
+                protected_headers.push(header.clone());
+
+                // Randomized date goes to unprotected header.
+                //
+                // We cannot just send "Thu, 01 Jan 1970 00:00:00 +0000"
+                // or omit the header because GMX then fails with
+                //
+                // host mx00.emig.gmx.net[212.227.15.9] said:
+                // 554-Transaction failed
+                // 554-Reject due to policy restrictions.
+                // 554 For explanation visit https://postmaster.gmx.net/en/case?...
+                // (in reply to end of DATA command)
+                //
+                // and the explanation page says
+                // "The time information deviates too much from the actual time".
+                //
+                // We also limit the range to 6 days (518400 seconds)
+                // because with a larger range we got
+                // error "500 Date header far in the past/future"
+                // which apparently originates from Symantec Messaging Gateway
+                // and means the message has a Date that is more
+                // than 7 days in the past:
+                // <https://github.com/chatmail/core/issues/7466>
+                let timestamp_offset = rand::random_range(0..518400);
+                let protected_timestamp = self.timestamp.saturating_sub(timestamp_offset);
+                let unprotected_date =
+                    chrono::DateTime::<chrono::Utc>::from_timestamp(protected_timestamp, 0)
+                        .unwrap()
+                        .to_rfc2822();
+                unprotected_headers.push((
+                    "Date",
+                    mail_builder::headers::raw::Raw::new(unprotected_date).into(),
+                ));
+            } else if is_encrypted {
+                protected_headers.push(header.clone());
+
+                match header_name.as_str() {
+                    "subject" => {
+                        unprotected_headers.push((
+                            "Subject",
+                            mail_builder::headers::raw::Raw::new("[...]").into(),
+                        ));
+                    }
+                    "in-reply-to"
+                    | "references"
+                    | "auto-submitted"
+                    | "chat-version"
+                    | "autocrypt-setup-message" => {
+                        unprotected_headers.push(header.clone());
+                    }
+                    _ => {
+                        // Other headers are removed from unprotected part.
+                    }
+                }
+            } else {
+                // Copy the header to the protected headers
+                // in case of signed-only message.
+                // If the message is not signed, this value will not be used.
+                protected_headers.push(header.clone());
+                unprotected_headers.push(header.clone())
+            }
+        }

        let use_std_header_protection = context
            .get_config_bool(Config::StdHeaderProtectionComposing)
            .await?;
        let outer_message = if let Some(encryption_pubkeys) = self.encryption_pubkeys {
-            let mut message = add_headers_to_encrypted_part(
-                message,
-                &unprotected_headers,
-                hidden_headers,
-                protected_headers,
-                use_std_header_protection,
-            );
+            // Store protected headers in the inner message.
+            let message = protected_headers
+                .into_iter()
+                .fold(message, |message, (header, value)| {
+                    message.header(header, value)
+                });
+
+            // Add hidden headers to encrypted payload.
+            let mut message: MimePart<'static> = hidden_headers
+                .into_iter()
+                .fold(message, |message, (header, value)| {
+                    message.header(header, value)
+                });
+
+            if use_std_header_protection {
+                message = unprotected_headers
+                    .iter()
+                    // Structural headers shouldn't be added as "HP-Outer". They are defined in
+                    // <https://www.rfc-editor.org/rfc/rfc9787.html#structural-header-fields>.
+                    .filter(|(name, _)| {
+                        !(name.eq_ignore_ascii_case("mime-version")
+                            || name.eq_ignore_ascii_case("content-type")
+                            || name.eq_ignore_ascii_case("content-transfer-encoding")
+                            || name.eq_ignore_ascii_case("content-disposition"))
+                    })
+                    .fold(message, |message, (name, value)| {
+                        message.header(format!("HP-Outer: {name}"), value.clone())
+                    });
+            }

            // Add gossip headers in chats with multiple recipients
            let multiple_recipients =
@@ -1133,6 +1268,21 @@ impl MimeFactory {
                }
            }

+            // Set the appropriate Content-Type for the inner message.
+            for (h, v) in &mut message.headers {
+                if h == "Content-Type"
+                    && let mail_builder::headers::HeaderType::ContentType(ct) = v
+                {
+                    let mut ct_new = ct.clone();
+                    ct_new = ct_new.attribute("protected-headers", "v1");
+                    if use_std_header_protection {
+                        ct_new = ct_new.attribute("hp", "cipher");
+                    }
+                    *ct = ct_new;
+                    break;
+                }
+            }
+
            // Disable compression for SecureJoin to ensure
            // there are no compression side channels
            // leaking information about the tokens.
@@ -1162,6 +1312,17 @@ impl MimeFactory {
                _ => None,
            };

+            // Do not anonymize OpenPGP recipients.
+            //
+            // This is disabled to avoid interoperability problems
+            // with old core versions <1.160.0 that do not support
+            // receiving messages with wildcard Key IDs:
+            // <https://github.com/chatmail/core/issues/7378>
+            //
+            // The option should be changed to true
+            // once new core versions are sufficiently deployed.
+            let anonymous_recipients = false;
+
            if context.get_config_bool(Config::TestHooks).await?
                && let Some(hook) = &*context.pre_encrypt_mime_hook.lock()
            {
@@ -1169,9 +1330,8 @@ impl MimeFactory {
            }

            let encrypted = if let Some(shared_secret) = shared_secret {
-                let sign = true;
                encrypt_helper
-                    .encrypt_symmetrically(context, &shared_secret, message, compress, sign)
+                    .encrypt_symmetrically(context, &shared_secret, message, compress)
                    .await?
            } else {
                // Asymmetric encryption
@@ -1199,12 +1359,41 @@ impl MimeFactory {
                        encryption_keyring,
                        message,
                        compress,
+                        anonymous_recipients,
                        seipd_version,
                    )
                    .await?
            };

-            wrap_encrypted_part(encrypted)
+            // XXX: additional newline is needed
+            // to pass filtermail at
+            // <https://github.com/deltachat/chatmail/blob/4d915f9800435bf13057d41af8d708abd34dbfa8/chatmaild/src/chatmaild/filtermail.py#L84-L86>:
+            let encrypted = encrypted + "\n";
+
+            // Set the appropriate Content-Type for the outer message
+            MimePart::new(
+                "multipart/encrypted; protocol=\"application/pgp-encrypted\"",
+                vec![
+                    // Autocrypt part 1
+                    MimePart::new("application/pgp-encrypted", "Version: 1\r\n").header(
+                        "Content-Description",
+                        mail_builder::headers::raw::Raw::new("PGP/MIME version identification"),
+                    ),
+                    // Autocrypt part 2
+                    MimePart::new(
+                        "application/octet-stream; name=\"encrypted.asc\"",
+                        encrypted,
+                    )
+                    .header(
+                        "Content-Description",
+                        mail_builder::headers::raw::Raw::new("OpenPGP encrypted message"),
+                    )
+                    .header(
+                        "Content-Disposition",
+                        mail_builder::headers::raw::Raw::new("inline; filename=\"encrypted.asc\";"),
+                    ),
+                ],
+            )
        } else if matches!(self.loaded, Loaded::Mdn { .. }) {
            // Never add outer multipart/mixed wrapper to MDN
            // as multipart/report Content-Type is used to recognize MDNs
@@ -1271,12 +1460,22 @@ impl MimeFactory {
            }
        };

+        // Store the unprotected headers on the outer message.
+        let outer_message = unprotected_headers
+            .into_iter()
+            .fold(outer_message, |message, (header, value)| {
+                message.header(header, value)
+            });
+
        let MimeFactory {
            last_added_location_id,
            ..
        } = self;

-        let message = render_outer_message(unprotected_headers, outer_message);
+        let mut buffer = Vec::new();
+        let cursor = Cursor::new(&mut buffer);
+        outer_message.clone().write_part(cursor).ok();
+        let message = String::from_utf8_lossy(&buffer).to_string();

        Ok(RenderedEmail {
            message,
@@ -1416,9 +1615,9 @@ impl MimeFactory {
                            .await?
                            .unwrap_or_default()
                    {
-                        placeholdertext = Some(format!("{email_to_remove} left the group."));
+                        placeholdertext = Some("I left the group.".to_string());
                    } else {
-                        placeholdertext = Some(format!("Member {email_to_remove} was removed."));
+                        placeholdertext = Some(format!("I removed member {email_to_remove}."));
                    };

                    if !email_to_remove.is_empty() {
@@ -1441,7 +1640,7 @@ impl MimeFactory {
                    let email_to_add = msg.param.get(Param::Arg).unwrap_or_default();
                    let fingerprint_to_add = msg.param.get(Param::Arg4).unwrap_or_default();

-                    placeholdertext = Some(format!("Member {email_to_add} was added."));
+                    placeholdertext = Some(format!("I added member {email_to_add}."));

                    if !email_to_add.is_empty() {
                        headers.push((
@@ -1466,7 +1665,6 @@ impl MimeFactory {
                    }
                }
                SystemMessage::GroupNameChanged => {
-                    placeholdertext = Some("Chat name changed.".to_string());
                    let old_name = msg.param.get(Param::Arg).unwrap_or_default().to_string();
                    headers.push((
                        "Chat-Group-Name-Changed",
@@ -1474,16 +1672,12 @@ impl MimeFactory {
                    ));
                }
                SystemMessage::GroupDescriptionChanged => {
-                    placeholdertext = Some(
-                        "[Chat description changed. To see this and other new features, please update the app]".to_string(),
-                    );
                    headers.push((
                        "Chat-Group-Description-Changed",
                        mail_builder::headers::text::Text::new("").into(),
                    ));
                }
                SystemMessage::GroupImageChanged => {
-                    placeholdertext = Some("Chat image changed.".to_string());
                    headers.push((
                        "Chat-Content",
                        mail_builder::headers::text::Text::new("group-avatar-changed").into(),
@@ -1495,24 +1689,7 @@ impl MimeFactory {
                        ));
                    }
                }
-                SystemMessage::Unknown => {}
-                SystemMessage::AutocryptSetupMessage => {}
-                SystemMessage::SecurejoinMessage => {}
-                SystemMessage::LocationStreamingEnabled => {}
-                SystemMessage::LocationOnly => {}
-                SystemMessage::EphemeralTimerChanged => {}
-                SystemMessage::ChatProtectionEnabled => {}
-                SystemMessage::ChatProtectionDisabled => {}
-                SystemMessage::InvalidUnencryptedMail => {}
-                SystemMessage::SecurejoinWait => {}
-                SystemMessage::SecurejoinWaitTimeout => {}
-                SystemMessage::MultiDeviceSync => {}
-                SystemMessage::WebxdcStatusUpdate => {}
-                SystemMessage::WebxdcInfoMessage => {}
-                SystemMessage::IrohNodeAddr => {}
-                SystemMessage::ChatE2ee => {}
-                SystemMessage::CallAccepted => {}
-                SystemMessage::CallEnded => {}
+                _ => {}
            }

            if command == SystemMessage::GroupDescriptionChanged
@@ -1525,7 +1702,7 @@ impl MimeFactory {
                let description = chat::get_chat_description(context, chat.id).await?;
                headers.push((
                    "Chat-Group-Description",
-                    mail_builder::headers::raw::Raw::new(b_encode(&description)).into(),
+                    mail_builder::headers::text::Text::new(description.clone()).into(),
                ));
                if let Some(ts) = chat.param.get_i64(Param::GroupDescriptionTimestamp) {
                    headers.push((
@@ -1553,15 +1730,26 @@ impl MimeFactory {
            | SystemMessage::MultiDeviceSync
            | SystemMessage::WebxdcStatusUpdate => {
                // This should prevent automatic replies,
-                // such as non-delivery reports,
-                // if the message is unencrypted.
+                // such as non-delivery reports.
                //
                // See <https://tools.ietf.org/html/rfc3834>
+                //
+                // Adding this header without encryption leaks some
+                // information about the message contents, but it can
+                // already be easily guessed from message timing and size.
                headers.push((
                    "Auto-Submitted",
                    mail_builder::headers::raw::Raw::new("auto-generated").into(),
                ));
            }
+            SystemMessage::AutocryptSetupMessage => {
+                headers.push((
+                    "Autocrypt-Setup-Message",
+                    mail_builder::headers::raw::Raw::new("v1").into(),
+                ));
+
+                placeholdertext = Some(ASM_SUBJECT.to_string());
+            }
            SystemMessage::SecurejoinMessage => {
                let step = msg.param.get(Param::Arg).unwrap_or_default();
                if !step.is_empty() {
@@ -1949,258 +2137,6 @@ impl MimeFactory {
    }
 }

-/// Stores the unprotected headers on the outer message, and renders it.
-pub(crate) fn render_outer_message(
-    unprotected_headers: Vec<(&'static str, HeaderType<'static>)>,
-    outer_message: MimePart<'static>,
-) -> String {
-    let outer_message = unprotected_headers
-        .into_iter()
-        .fold(outer_message, |message, (header, value)| {
-            message.header(header, value)
-        });
-
-    let mut buffer = Vec::new();
-    let cursor = Cursor::new(&mut buffer);
-    outer_message.clone().write_part(cursor).ok();
-    String::from_utf8_lossy(&buffer).to_string()
-}
-
-/// Takes the encrypted part, wraps it in a MimePart,
-/// and sets the appropriate Content-Type for the outer message
-pub(crate) fn wrap_encrypted_part(encrypted: String) -> MimePart<'static> {
-    // XXX: additional newline is needed
-    // to pass filtermail at
-    // <https://github.com/deltachat/chatmail/blob/4d915f9800435bf13057d41af8d708abd34dbfa8/chatmaild/src/chatmaild/filtermail.py#L84-L86>:
-    let encrypted = encrypted + "\n";
-
-    MimePart::new(
-        "multipart/encrypted; protocol=\"application/pgp-encrypted\"",
-        vec![
-            // Autocrypt part 1
-            MimePart::new("application/pgp-encrypted", "Version: 1\r\n").header(
-                "Content-Description",
-                mail_builder::headers::raw::Raw::new("PGP/MIME version identification"),
-            ),
-            // Autocrypt part 2
-            MimePart::new(
-                "application/octet-stream; name=\"encrypted.asc\"",
-                encrypted,
-            )
-            .header(
-                "Content-Description",
-                mail_builder::headers::raw::Raw::new("OpenPGP encrypted message"),
-            )
-            .header(
-                "Content-Disposition",
-                mail_builder::headers::raw::Raw::new("inline; filename=\"encrypted.asc\";"),
-            ),
-        ],
-    )
-}
-
-fn add_headers_to_encrypted_part(
-    message: MimePart<'static>,
-    unprotected_headers: &[(&'static str, HeaderType<'static>)],
-    hidden_headers: Vec<(&'static str, HeaderType<'static>)>,
-    protected_headers: Vec<(&'static str, HeaderType<'static>)>,
-    use_std_header_protection: bool,
-) -> MimePart<'static> {
-    // Store protected headers in the inner message.
-    let message = protected_headers
-        .into_iter()
-        .fold(message, |message, (header, value)| {
-            message.header(header, value)
-        });
-
-    // Add hidden headers to encrypted payload.
-    let mut message: MimePart<'static> = hidden_headers
-        .into_iter()
-        .fold(message, |message, (header, value)| {
-            message.header(header, value)
-        });
-
-    if use_std_header_protection {
-        message = unprotected_headers
-            .iter()
-            // Structural headers shouldn't be added as "HP-Outer". They are defined in
-            // <https://www.rfc-editor.org/rfc/rfc9787.html#structural-header-fields>.
-            .filter(|(name, _)| {
-                !(name.eq_ignore_ascii_case("mime-version")
-                    || name.eq_ignore_ascii_case("content-type")
-                    || name.eq_ignore_ascii_case("content-transfer-encoding")
-                    || name.eq_ignore_ascii_case("content-disposition"))
-            })
-            .fold(message, |message, (name, value)| {
-                message.header(format!("HP-Outer: {name}"), value.clone())
-            });
-    }
-
-    // Set the appropriate Content-Type for the inner message
-    for (h, v) in &mut message.headers {
-        if h == "Content-Type"
-            && let mail_builder::headers::HeaderType::ContentType(ct) = v
-        {
-            let mut ct_new = ct.clone();
-            ct_new = ct_new.attribute("protected-headers", "v1");
-            if use_std_header_protection {
-                ct_new = ct_new.attribute("hp", "cipher");
-            }
-            *ct = ct_new;
-            break;
-        }
-    }
-
-    message
-}
-
-struct HeadersByConfidentiality {
-    /// Headers that must go into IMF header section.
-    ///
-    /// These are standard headers such as Date, In-Reply-To, References, which cannot be placed
-    /// anywhere else according to the standard. Placing headers here also allows them to be fetched
-    /// individually over IMAP without downloading the message body. This is why Chat-Version is
-    /// placed here.
-    unprotected_headers: Vec<(&'static str, HeaderType<'static>)>,
-
-    /// Headers that MUST NOT (only) go into IMF header section:
-    /// - Large headers which may hit the header section size limit on the server, such as
-    ///   Chat-User-Avatar with a base64-encoded image inside.
-    /// - Headers duplicated here that servers mess up with in the IMF header section, like
-    ///   Message-ID.
-    /// - Nonstandard headers that should be DKIM-protected because e.g. OpenDKIM only signs
-    ///   known headers.
-    ///
-    /// The header should be hidden from MTA
-    /// by moving it either into protected part
-    /// in case of encrypted mails
-    /// or unprotected MIME preamble in case of unencrypted mails.
-    hidden_headers: Vec<(&'static str, HeaderType<'static>)>,
-
-    /// Opportunistically protected headers.
-    ///
-    /// These headers are placed into encrypted part *if* the message is encrypted. Place headers
-    /// which are not needed before decryption (e.g. Chat-Group-Name) or are not interesting if the
-    /// message cannot be decrypted (e.g. Chat-Disposition-Notification-To) here.
-    ///
-    /// If the message is not encrypted, these headers are placed into IMF header section, so make
-    /// sure that the message will be encrypted if you place any sensitive information here.
-    protected_headers: Vec<(&'static str, HeaderType<'static>)>,
-}
-
-/// Split headers based on header confidentiality policy.
-/// See [`HeadersByConfidentiality`] for more info.
-fn group_headers_by_confidentiality(
-    headers: Vec<(&'static str, HeaderType<'static>)>,
-    from_addr: &str,
-    timestamp: i64,
-    is_encrypted: bool,
-    is_securejoin_message: bool,
-) -> HeadersByConfidentiality {
-    let mut unprotected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
-    let mut hidden_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
-    let mut protected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
-
-    // MIME header <https://datatracker.ietf.org/doc/html/rfc2045>.
-    unprotected_headers.push((
-        "MIME-Version",
-        mail_builder::headers::raw::Raw::new("1.0").into(),
-    ));
-
-    for header @ (original_header_name, _header_value) in &headers {
-        let header_name = original_header_name.to_lowercase();
-        if header_name == "message-id" {
-            unprotected_headers.push(header.clone());
-            hidden_headers.push(header.clone());
-        } else if is_hidden(&header_name) {
-            hidden_headers.push(header.clone());
-        } else if header_name == "from" {
-            // Unencrypted securejoin messages should _not_ include the display name:
-            if is_encrypted || !is_securejoin_message {
-                protected_headers.push(header.clone());
-            }
-
-            unprotected_headers.push((
-                original_header_name,
-                Address::new_address(None::<&'static str>, from_addr.to_string()).into(),
-            ));
-        } else if header_name == "to" {
-            protected_headers.push(header.clone());
-            if is_encrypted {
-                unprotected_headers.push(("To", hidden_recipients().into()));
-            } else {
-                unprotected_headers.push(header.clone());
-            }
-        } else if header_name == "chat-broadcast-secret" {
-            if is_encrypted {
-                protected_headers.push(header.clone());
-            }
-        } else if is_encrypted && header_name == "date" {
-            protected_headers.push(header.clone());
-
-            // Randomized date goes to unprotected header.
-            //
-            // We cannot just send "Thu, 01 Jan 1970 00:00:00 +0000"
-            // or omit the header because GMX then fails with
-            //
-            // host mx00.emig.gmx.net[212.227.15.9] said:
-            // 554-Transaction failed
-            // 554-Reject due to policy restrictions.
-            // 554 For explanation visit https://postmaster.gmx.net/en/case?...
-            // (in reply to end of DATA command)
-            //
-            // and the explanation page says
-            // "The time information deviates too much from the actual time".
-            //
-            // We also limit the range to 6 days (518400 seconds)
-            // because with a larger range we got
-            // error "500 Date header far in the past/future"
-            // which apparently originates from Symantec Messaging Gateway
-            // and means the message has a Date that is more
-            // than 7 days in the past:
-            // <https://github.com/chatmail/core/issues/7466>
-            let timestamp_offset = rand::random_range(0..518400);
-            let protected_timestamp = timestamp.saturating_sub(timestamp_offset);
-            let unprotected_date =
-                chrono::DateTime::<chrono::Utc>::from_timestamp(protected_timestamp, 0)
-                    .unwrap()
-                    .to_rfc2822();
-            unprotected_headers.push((
-                "Date",
-                mail_builder::headers::raw::Raw::new(unprotected_date).into(),
-            ));
-        } else if is_encrypted {
-            protected_headers.push(header.clone());
-
-            match header_name.as_str() {
-                "subject" => {
-                    unprotected_headers.push((
-                        "Subject",
-                        mail_builder::headers::raw::Raw::new("[...]").into(),
-                    ));
-                }
-                "chat-version" | "autocrypt-setup-message" | "chat-is-post-message" => {
-                    unprotected_headers.push(header.clone());
-                }
-                _ => {
-                    // Other headers are removed from unprotected part.
-                }
-            }
-        } else {
-            // Copy the header to the protected headers
-            // in case of signed-only message.
-            // If the message is not signed, this value will not be used.
-            protected_headers.push(header.clone());
-            unprotected_headers.push(header.clone())
-        }
-    }
-    HeadersByConfidentiality {
-        unprotected_headers,
-        hidden_headers,
-        protected_headers,
-    }
-}
-
 fn hidden_recipients() -> Address<'static> {
    Address::new_group(Some("hidden-recipients".to_string()), Vec::new())
 }
@@ -2308,115 +2244,5 @@ fn b_encode(value: &str) -> String {
    )
 }

-pub(crate) async fn render_symm_encrypted_securejoin_message(
-    context: &Context,
-    step: &str,
-    rfc724_mid: &str,
-    attach_self_pubkey: bool,
-    auth: &str,
-    shared_secret: &str,
-) -> Result<String> {
-    info!(context, "Sending secure-join message {step:?}.");
-
-    let mut headers = Vec::<(&'static str, HeaderType<'static>)>::new();
-
-    let from_addr = context.get_primary_self_addr().await?;
-    let from = new_address_with_name("", from_addr.to_string());
-    headers.push(("From", from.into()));
-
-    let to: Vec<Address<'static>> = vec![hidden_recipients()];
-    headers.push((
-        "To",
-        mail_builder::headers::address::Address::new_list(to.clone()).into(),
-    ));
-
-    headers.push((
-        "Subject",
-        mail_builder::headers::text::Text::new("Secure-Join".to_string()).into(),
-    ));
-
-    let timestamp = create_smeared_timestamp(context);
-    let date = chrono::DateTime::<chrono::Utc>::from_timestamp(timestamp, 0)
-        .unwrap()
-        .to_rfc2822();
-    headers.push(("Date", mail_builder::headers::raw::Raw::new(date).into()));
-
-    headers.push((
-        "Message-ID",
-        mail_builder::headers::message_id::MessageId::new(rfc724_mid.to_string()).into(),
-    ));
-
-    // Automatic Response headers <https://www.rfc-editor.org/rfc/rfc3834>
-    if context.get_config_bool(Config::Bot).await? {
-        headers.push((
-            "Auto-Submitted",
-            mail_builder::headers::raw::Raw::new("auto-generated".to_string()).into(),
-        ));
-    }
-
-    let encrypt_helper = EncryptHelper::new(context).await?;
-
-    if attach_self_pubkey {
-        let aheader = encrypt_helper.get_aheader().to_string();
-        headers.push((
-            "Autocrypt",
-            mail_builder::headers::raw::Raw::new(aheader).into(),
-        ));
-    }
-
-    headers.push((
-        "Secure-Join",
-        mail_builder::headers::raw::Raw::new(step.to_string()).into(),
-    ));
-
-    headers.push((
-        "Secure-Join-Auth",
-        mail_builder::headers::text::Text::new(auth.to_string()).into(),
-    ));
-
-    let message: MimePart<'static> = MimePart::new("text/plain", "Secure-Join");
-
-    let is_encrypted = true;
-    let is_securejoin_message = true;
-    let HeadersByConfidentiality {
-        unprotected_headers,
-        hidden_headers,
-        protected_headers,
-    } = group_headers_by_confidentiality(
-        headers,
-        &from_addr,
-        timestamp,
-        is_encrypted,
-        is_securejoin_message,
-    );
-
-    let outer_message = {
-        let use_std_header_protection = true;
-        let message = add_headers_to_encrypted_part(
-            message,
-            &unprotected_headers,
-            hidden_headers,
-            protected_headers,
-            use_std_header_protection,
-        );
-
-        // Disable compression for SecureJoin to ensure
-        // there are no compression side channels
-        // leaking information about the tokens.
-        let compress = false;
-        // Only sign the message if we attach the pubkey.
-        let sign = attach_self_pubkey;
-        let encrypted = encrypt_helper
-            .encrypt_symmetrically(context, shared_secret, message, compress, sign)
-            .await?;
-
-        wrap_encrypted_part(encrypted)
-    };
-
-    let message = render_outer_message(unprotected_headers, outer_message);
-
-    Ok(message)
-}
-
 #[cfg(test)]
 mod mimefactory_tests;
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -6,7 +6,7 @@ use std::path::Path;
 use std::str;
 use std::str::FromStr;

-use anyhow::{Context as _, Result, bail, ensure};
+use anyhow::{Context as _, Result, bail};
 use deltachat_contact_tools::{addr_cmp, addr_normalize, sanitize_bidi_characters};
 use deltachat_derive::{FromSql, ToSql};
 use format_flowed::unformat_flowed;
@@ -19,14 +19,14 @@ use crate::blob::BlobObject;
 use crate::chat::ChatId;
 use crate::config::Config;
 use crate::constants;
-use crate::contact::{ContactId, import_public_key};
+use crate::contact::ContactId;
 use crate::context::Context;
-use crate::decrypt::{self, validate_detached_signature};
+use crate::decrypt::{try_decrypt, validate_detached_signature};
 use crate::dehtml::dehtml;
 use crate::download::PostMsgMetadata;
 use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
-use crate::key::{self, DcKey, Fingerprint, SignedPublicKey};
+use crate::key::{self, DcKey, Fingerprint, SignedPublicKey, load_self_secret_keyring};
 use crate::log::warn;
 use crate::message::{self, Message, MsgId, Viewtype, get_vcard_summary, set_msg_failed};
 use crate::param::{Param, Params};
@@ -199,9 +199,6 @@ pub enum SystemMessage {
    MemberRemovedFromGroup = 5,

    /// Autocrypt Setup Message.
-    ///
-    /// Deprecated as of 2026-03-15, such messages should not be created
-    /// but may exist in the database.
    AutocryptSetupMessage = 6,

    /// Secure-join message.
@@ -362,10 +359,10 @@ impl MimeMessage {

        // Remove headers that are allowed _only_ in the encrypted+signed part. It's ok to leave
        // them in signed-only emails, but has no value currently.
-        let encrypted = false;
-        Self::remove_secured_headers(&mut headers, &mut headers_removed, encrypted);
+        Self::remove_secured_headers(&mut headers, &mut headers_removed);

        let mut from = from.context("No from in message")?;
+        let private_keyring = load_self_secret_keyring(context).await?;

        let dkim_results = handle_authres(context, &mail, &from.addr).await?;

@@ -389,53 +386,57 @@ impl MimeMessage {

        let mail_raw; // Memory location for a possible decrypted message.
        let decrypted_msg; // Decrypted signed OpenPGP message.
-        let expected_sender_fingerprint: Option<String>;
+        let secrets: Vec<String> = context
+            .sql
+            .query_map_vec("SELECT secret FROM broadcast_secrets", (), |row| {
+                let secret: String = row.get(0)?;
+                Ok(secret)
+            })
+            .await?;

-        let (mail, is_encrypted) = match decrypt::decrypt(context, &mail).await {
-            Ok(Some((mut msg, expected_sender_fp))) => {
-                mail_raw = msg.as_data_vec().unwrap_or_default();
+        let (mail, is_encrypted) =
+            match tokio::task::block_in_place(|| try_decrypt(&mail, &private_keyring, &secrets)) {
+                Ok(Some(mut msg)) => {
+                    mail_raw = msg.as_data_vec().unwrap_or_default();

-                let decrypted_mail = mailparse::parse_mail(&mail_raw)?;
-                if std::env::var(crate::DCC_MIME_DEBUG).is_ok() {
-                    info!(
-                        context,
-                        "decrypted message mime-body:\n{}",
-                        String::from_utf8_lossy(&mail_raw),
+                    let decrypted_mail = mailparse::parse_mail(&mail_raw)?;
+                    if std::env::var(crate::DCC_MIME_DEBUG).is_ok() {
+                        info!(
+                            context,
+                            "decrypted message mime-body:\n{}",
+                            String::from_utf8_lossy(&mail_raw),
+                        );
+                    }
+
+                    decrypted_msg = Some(msg);
+
+                    timestamp_sent = Self::get_timestamp_sent(
+                        &decrypted_mail.headers,
+                        timestamp_sent,
+                        timestamp_rcvd,
                    );
+
+                    let protected_aheader_values = decrypted_mail
+                        .headers
+                        .get_all_values(HeaderDef::Autocrypt.into());
+                    if !protected_aheader_values.is_empty() {
+                        aheader_values = protected_aheader_values;
+                    }
+
+                    (Ok(decrypted_mail), true)
                }
-
-                decrypted_msg = Some(msg);
-
-                timestamp_sent = Self::get_timestamp_sent(
-                    &decrypted_mail.headers,
-                    timestamp_sent,
-                    timestamp_rcvd,
-                );
-
-                let protected_aheader_values = decrypted_mail
-                    .headers
-                    .get_all_values(HeaderDef::Autocrypt.into());
-                if !protected_aheader_values.is_empty() {
-                    aheader_values = protected_aheader_values;
+                Ok(None) => {
+                    mail_raw = Vec::new();
+                    decrypted_msg = None;
+                    (Ok(mail), false)
                }
-
-                expected_sender_fingerprint = expected_sender_fp;
-                (Ok(decrypted_mail), true)
-            }
-            Ok(None) => {
-                mail_raw = Vec::new();
-                decrypted_msg = None;
-                expected_sender_fingerprint = None;
-                (Ok(mail), false)
-            }
-            Err(err) => {
-                mail_raw = Vec::new();
-                decrypted_msg = None;
-                expected_sender_fingerprint = None;
-                warn!(context, "decryption failed: {:#}", err);
-                (Err(err), false)
-            }
-        };
+                Err(err) => {
+                    mail_raw = Vec::new();
+                    decrypted_msg = None;
+                    warn!(context, "decryption failed: {:#}", err);
+                    (Err(err), false)
+                }
+            };

        let mut autocrypt_header = None;
        if incoming {
@@ -461,9 +462,22 @@ impl MimeMessage {

        let autocrypt_fingerprint = if let Some(autocrypt_header) = &autocrypt_header {
            let fingerprint = autocrypt_header.public_key.dc_fingerprint().hex();
-            import_public_key(context, &autocrypt_header.public_key)
-                .await
-                .context("Failed to import public key from the Autocrypt header")?;
+            let inserted = context
+                .sql
+                .execute(
+                    "INSERT INTO public_keys (fingerprint, public_key)
+                                 VALUES (?, ?)
+                                 ON CONFLICT (fingerprint)
+                                 DO NOTHING",
+                    (&fingerprint, autocrypt_header.public_key.to_bytes()),
+                )
+                .await?;
+            if inserted > 0 {
+                info!(
+                    context,
+                    "Saved key with fingerprint {fingerprint} from the Autocrypt header"
+                );
+            }
            Some(fingerprint)
        } else {
            None
@@ -532,22 +546,6 @@ impl MimeMessage {
            signatures.extend(signatures_detached);
            content
        });
-
-        if let Some(expected_sender_fingerprint) = expected_sender_fingerprint {
-            ensure!(
-                !signatures.is_empty(),
-                "Unsigned message is not allowed to be encrypted with this shared secret"
-            );
-            ensure!(
-                signatures.len() == 1,
-                "Too many signatures on symm-encrypted message"
-            );
-            ensure!(
-                signatures.contains_key(&expected_sender_fingerprint.parse()?),
-                "This sender is not allowed to encrypt with this secret key"
-            );
-        }
-
        if let (Ok(mail), true) = (mail, is_encrypted) {
            if !signatures.is_empty() {
                // Unsigned "Subject" mustn't be prepended to messages shown as encrypted
@@ -611,7 +609,7 @@ impl MimeMessage {
            }
        }
        if signatures.is_empty() {
-            Self::remove_secured_headers(&mut headers, &mut headers_removed, is_encrypted);
+            Self::remove_secured_headers(&mut headers, &mut headers_removed);
        }
        if !is_encrypted {
            signatures.clear();
@@ -1649,12 +1647,24 @@ impl MimeMessage {
            }
            Ok(key) => key,
        };
-        if let Err(err) = import_public_key(context, &key).await {
-            warn!(context, "Attached PGP key import failed: {err:#}.");
+        if let Err(err) = key.verify_bindings() {
+            warn!(context, "Attached PGP key verification failed: {err:#}.");
            return Ok(false);
        }

-        info!(context, "Imported PGP key from attachment.");
+        let fingerprint = key.dc_fingerprint().hex();
+        context
+            .sql
+            .execute(
+                "INSERT INTO public_keys (fingerprint, public_key)
+                 VALUES (?, ?)
+                 ON CONFLICT (fingerprint)
+                 DO NOTHING",
+                (&fingerprint, key.to_bytes()),
+            )
+            .await?;
+
+        info!(context, "Imported PGP key {fingerprint} from attachment.");
        Ok(true)
    }

@@ -1712,37 +1722,20 @@ impl MimeMessage {
            .and_then(|msgid| parse_message_id(msgid).ok())
    }

-    /// Remove headers that are not allowed in unsigned / unencrypted messages.
-    ///
-    /// Pass `encrypted=true` parameter for an encrypted, but unsigned message.
-    /// Pass `encrypted=false` parameter for an unencrypted message.
-    /// Don't call this function if the message was encrypted and signed.
    fn remove_secured_headers(
        headers: &mut HashMap<String, String>,
        removed: &mut HashSet<String>,
-        encrypted: bool,
    ) {
        remove_header(headers, "secure-join-fingerprint", removed);
+        remove_header(headers, "secure-join-auth", removed);
        remove_header(headers, "chat-verified", removed);
        remove_header(headers, "autocrypt-gossip", removed);

-        if headers.get("secure-join") == Some(&"vc-request-pubkey".to_string()) && encrypted {
-            // vc-request-pubkey message is encrypted, but unsigned,
-            // and contains a Secure-Join-Auth header.
-            //
-            // It is unsigned in order not to leak Bob's identity to a server operator
-            // that scraped the AUTH token somewhere from the web,
-            // and because Alice anyways couldn't verify his signature at this step,
-            // because she doesn't know his public key yet.
-        } else {
-            remove_header(headers, "secure-join-auth", removed);
-
-            // Secure-Join is secured unless it is an initial "vc-request"/"vg-request".
-            if let Some(secure_join) = remove_header(headers, "secure-join", removed)
-                && (secure_join == "vc-request" || secure_join == "vg-request")
-            {
-                headers.insert("secure-join".to_string(), secure_join);
-            }
+        // Secure-Join is secured unless it is an initial "vc-request"/"vg-request".
+        if let Some(secure_join) = remove_header(headers, "secure-join", removed)
+            && (secure_join == "vc-request" || secure_join == "vg-request")
+        {
+            headers.insert("secure-join".to_string(), secure_join);
        }
    }

@@ -2163,9 +2156,17 @@ async fn parse_gossip_headers(
            continue;
        }

-        import_public_key(context, &header.public_key)
-            .await
-            .context("Failed to import Autocrypt-Gossip key")?;
+        let fingerprint = header.public_key.dc_fingerprint().hex();
+        context
+            .sql
+            .execute(
+                "INSERT INTO public_keys (fingerprint, public_key)
+                             VALUES (?, ?)
+                             ON CONFLICT (fingerprint)
+                             DO NOTHING",
+                (&fingerprint, header.public_key.to_bytes()),
+            )
+            .await?;

        let gossiped_key = GossipedKey {
            public_key: header.public_key,
@@ -2603,5 +2604,3 @@ async fn handle_ndn(

 #[cfg(test)]
 mod mimeparser_tests;
-#[cfg(test)]
-mod shared_secret_decryption_tests;
--- a/src/mimeparser/mimeparser_tests.rs
+++ b/src/mimeparser/mimeparser_tests.rs
@@ -10,7 +10,6 @@ use crate::{
    key,
    message::{MessageState, MessengerMessage},
    receive_imf::receive_imf,
-    securejoin::QrInvite,
    test_utils::{TestContext, TestContextManager},
    tools::time,
 };
@@ -2157,27 +2156,3 @@ Third alternative.
    assert_eq!(message.parts[0].typ, Viewtype::Text);
    assert_eq!(message.parts[0].msg, "Third alternative.");
 }
-
-/// Tests that loading a bobstate from an old version of Delta Chat
-/// (that doesn't have the is_v3 attribute)
-/// doesn't fail
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_load_shared_secrets_with_legacy_state() -> Result<()> {
-    let alice = &TestContext::new_alice().await;
-
-    alice.sql.execute(
-        r#"INSERT INTO bobstate (invite, next_step, chat_id)
-        VALUES ('{"Contact":{"contact_id":10,"fingerprint":[111,111,111,11,111,11,111,111,111,11,11,111,11,111,111,111,111,111,11,111],"invitenumber":"xxxxxxxxxxxxxxxxxxxxxxxx","authcode":"yyyyyyyyyyyyyyyyyyyyyyyy"}}', 0, 10)"#,
-        ()
-    ).await?;
-
-    let qr: QrInvite = alice
-        .sql
-        .query_get_value("SELECT invite FROM bobstate", ())
-        .await
-        .unwrap()
-        .unwrap();
-    assert_eq!(qr.is_v3(), false);
-
-    Ok(())
-}
--- a/src/mimeparser/shared_secret_decryption_tests.rs
+++ b/src/mimeparser/shared_secret_decryption_tests.rs
@@ -1,258 +0,0 @@
-use super::*;
-use crate::chat::{create_broadcast, load_broadcast_secret};
-use crate::constants::DC_CHAT_ID_TRASH;
-use crate::key::{load_self_secret_key, self_fingerprint};
-use crate::pgp;
-use crate::qr::{Qr, check_qr};
-use crate::receive_imf::receive_imf;
-use crate::securejoin::{get_securejoin_qr, join_securejoin};
-use crate::test_utils::{TestContext, TestContextManager};
-use anyhow::Result;
-
-/// Tests that the following attack isn't possible:
-///
-/// Eve is subscribed to a channel and wants to know whether Alice is also subscribed to it.
-/// To achieve this, Eve sends a message to Alice
-/// encrypted with the symmetric secret of this broadcast channel.
-///
-/// If Alice sends an answer (or read receipt),
-/// then Eve knows that Alice is in the broadcast channel.
-///
-/// A similar attack would be possible with auth tokens
-/// that are also used to symmetrically encrypt messages.
-///
-/// To defeat this, a message that was unexpectedly
-/// encrypted with a symmetric secret must be dropped.
-async fn test_shared_secret_decryption_ex(
-    recipient_ctx: &TestContext,
-    from_addr: &str,
-    secret_for_encryption: &str,
-    signer_ctx: Option<&TestContext>,
-    expected_error: Option<&str>,
-) -> Result<()> {
-    let plain_body = "Hello, this is a secure message.";
-    let plain_text = format!("Content-Type: text/plain; charset=utf-8\r\n\r\n{plain_body}");
-    let previous_highest_msg_id = get_highest_msg_id(recipient_ctx).await;
-
-    let signer_key = if let Some(signer_ctx) = signer_ctx {
-        Some(load_self_secret_key(signer_ctx).await?)
-    } else {
-        None
-    };
-    if let Some(signer_ctx) = signer_ctx {
-        // The recipient needs to know the signer's pubkey
-        // in order to be able to validate the pubkey:
-        recipient_ctx.add_or_lookup_contact(signer_ctx).await;
-    }
-
-    let encrypted_msg = pgp::symm_encrypt_message(
-        plain_text.as_bytes().to_vec(),
-        signer_key,
-        secret_for_encryption,
-        true,
-    )
-    .await?;
-
-    let boundary = "boundary123";
-    let rcvd_mail = format!(
-        "Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=\"{boundary}\"\n\
-         From: {from}\n\
-         To: \"hidden-recipients\": ;\n\
-         Subject: [...]\n\
-         MIME-Version: 1.0\n\
-         Message-ID: <12345@example.org>\n\
-         \n\
-         --{boundary}\n\
-         Content-Type: application/pgp-encrypted\n\
-         \n\
-         Version: 1\n\
-         \n\
-         --{boundary}\n\
-         Content-Type: application/octet-stream; name=\"encrypted.asc\"\n\
-         Content-Disposition: inline; filename=\"encrypted.asc\"\n\
-         \n\
-         {encrypted_msg}\n\
-         --{boundary}--\n",
-        from = from_addr,
-        boundary = boundary,
-        encrypted_msg = encrypted_msg
-    );
-
-    let rcvd = receive_imf(recipient_ctx, rcvd_mail.as_bytes(), false)
-        .await
-        .expect("If receive_imf() adds an error here, then Bob may be notified about the error and tell the attacker, leaking that he knows the secret")
-        .expect("A trashed message should be created, otherwise we'll unnecessarily download it again");
-
-    if let Some(error_pattern) = expected_error {
-        assert!(rcvd.chat_id == DC_CHAT_ID_TRASH);
-        assert_eq!(
-            previous_highest_msg_id,
-            get_highest_msg_id(recipient_ctx).await,
-            "receive_imf() must not add any message. Otherwise, Bob may send something about an error to the attacker, leaking that he knows the secret"
-        );
-        let EventType::Warning(warning) = recipient_ctx
-            .evtracker
-            .get_matching(|ev| matches!(ev, EventType::Warning(_)))
-            .await
-        else {
-            unreachable!()
-        };
-        assert!(warning.contains(error_pattern), "Wrong warning: {warning}");
-    } else {
-        let msg = recipient_ctx.get_last_msg().await;
-        assert_eq!(&[msg.id], rcvd.msg_ids.as_slice());
-        assert_eq!(msg.text, plain_body);
-        assert_eq!(rcvd.chat_id.is_special(), false);
-    }
-
-    Ok(())
-}
-
-async fn get_highest_msg_id(context: &Context) -> MsgId {
-    context
-        .sql
-        .query_get_value(
-            "SELECT MAX(id) FROM msgs WHERE chat_id!=?",
-            (DC_CHAT_ID_TRASH,),
-        )
-        .await
-        .unwrap()
-        .unwrap_or_default()
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_broadcast_security_attacker_signature() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let charlie = &tcm.charlie().await; // Attacker
-
-    let alice_chat_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let secret = load_broadcast_secret(alice, alice_chat_id).await?.unwrap();
-
-    let charlie_addr = charlie.get_config(Config::Addr).await?.unwrap();
-
-    test_shared_secret_decryption_ex(
-        bob,
-        &charlie_addr,
-        &secret,
-        Some(charlie),
-        Some("This sender is not allowed to encrypt with this secret key"),
-    )
-    .await
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_broadcast_security_no_signature() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let secret = load_broadcast_secret(alice, alice_chat_id).await?.unwrap();
-
-    test_shared_secret_decryption_ex(
-        bob,
-        "attacker@example.org",
-        &secret,
-        None,
-        Some("Unsigned message is not allowed to be encrypted with this shared secret"),
-    )
-    .await
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_broadcast_security_happy_path() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let secret = load_broadcast_secret(alice, alice_chat_id).await?.unwrap();
-
-    let alice_addr = alice
-        .get_config(crate::config::Config::Addr)
-        .await?
-        .unwrap();
-
-    test_shared_secret_decryption_ex(bob, &alice_addr, &secret, Some(alice), None).await
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_qr_code_security() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let charlie = &tcm.charlie().await; // Attacker
-
-    let qr = get_securejoin_qr(alice, None).await?;
-    let Qr::AskVerifyContact { authcode, .. } = check_qr(bob, &qr).await? else {
-        unreachable!()
-    };
-    // Start a securejoin process, but don't finish it:
-    join_securejoin(bob, &qr).await?;
-
-    let charlie_addr = charlie.get_config(Config::Addr).await?.unwrap();
-
-    let alice_fp = self_fingerprint(alice).await?;
-    let secret_for_encryption = format!("securejoin/{alice_fp}/{authcode}");
-    test_shared_secret_decryption_ex(
-        bob,
-        &charlie_addr,
-        &secret_for_encryption,
-        Some(charlie),
-        Some("This sender is not allowed to encrypt with this secret key"),
-    )
-    .await
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_qr_code_happy_path() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let qr = get_securejoin_qr(alice, None).await?;
-    let Qr::AskVerifyContact { authcode, .. } = check_qr(bob, &qr).await? else {
-        unreachable!()
-    };
-    // Start a securejoin process, but don't finish it:
-    join_securejoin(bob, &qr).await?;
-
-    let alice_fp = self_fingerprint(alice).await?;
-    let secret_for_encryption = format!("securejoin/{alice_fp}/{authcode}");
-    test_shared_secret_decryption_ex(
-        bob,
-        "alice@example.net",
-        &secret_for_encryption,
-        Some(alice),
-        None,
-    )
-    .await
-}
-
-/// Control: Test that the behavior is the same when the shared secret is unknown
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_unknown_secret() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    test_shared_secret_decryption_ex(
-        bob,
-        "alice@example.net",
-        "Some secret unknown to Bob",
-        Some(alice),
-        Some("Could not find symmetric secret for session key"),
-    )
-    .await
-}
--- a/src/net/tls.rs
+++ b/src/net/tls.rs
@@ -7,12 +7,8 @@ use anyhow::Result;

 use crate::net::session::SessionStream;

-use tokio_rustls::rustls;
 use tokio_rustls::rustls::client::ClientSessionStore;

-mod danger;
-use danger::NoCertificateVerification;
-
 pub async fn wrap_tls<'a>(
    strict_tls: bool,
    hostname: &str,
@@ -86,7 +82,7 @@ impl TlsSessionStore {
                .lock()
                .entry((port, alpn.to_string()))
                .or_insert_with(|| {
-                    Arc::new(rustls::client::ClientSessionMemoryCache::new(
+                    Arc::new(tokio_rustls::rustls::client::ClientSessionMemoryCache::new(
                        TLS_CACHE_SIZE,
                    ))
                }),
@@ -102,10 +98,10 @@ pub async fn wrap_rustls<'a>(
    stream: impl SessionStream + 'a,
    tls_session_store: &TlsSessionStore,
 ) -> Result<impl SessionStream + 'a> {
-    let mut root_cert_store = rustls::RootCertStore::empty();
+    let mut root_cert_store = tokio_rustls::rustls::RootCertStore::empty();
    root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());

-    let mut config = rustls::ClientConfig::builder()
+    let mut config = tokio_rustls::rustls::ClientConfig::builder()
        .with_root_certificates(root_cert_store)
        .with_no_client_auth();
    config.alpn_protocols = if alpn.is_empty() {
@@ -122,25 +118,13 @@ pub async fn wrap_rustls<'a>(
    // and are not worth increasing
    // attack surface: <https://words.filippo.io/we-need-to-talk-about-session-tickets/>.
    let resumption_store = tls_session_store.get(port, alpn);
-    let resumption = rustls::client::Resumption::store(resumption_store)
-        .tls12_resumption(rustls::client::Tls12Resumption::Disabled);
+    let resumption = tokio_rustls::rustls::client::Resumption::store(resumption_store)
+        .tls12_resumption(tokio_rustls::rustls::client::Tls12Resumption::Disabled);
    config.resumption = resumption;
    config.enable_sni = use_sni;

-    // Do not verify certificates for hostnames starting with `_`.
-    // They are used for servers with self-signed certificates, e.g. for local testing.
-    // Hostnames starting with `_` can have only self-signed TLS certificates or wildcard certificates.
-    // It is not possible to get valid non-wildcard TLS certificates because CA/Browser Forum requirements
-    // explicitly state that domains should start with a letter, digit or hyphen:
-    // https://github.com/cabforum/servercert/blob/24f38fd4765e019db8bb1a8c56bf63c7115ce0b0/docs/BR.md
-    if hostname.starts_with("_") {
-        config
-            .dangerous()
-            .set_certificate_verifier(Arc::new(NoCertificateVerification::new()));
-    }
-
    let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
-    let name = tokio_rustls::rustls::pki_types::ServerName::try_from(hostname)?.to_owned();
+    let name = rustls_pki_types::ServerName::try_from(hostname)?.to_owned();
    let tls_stream = tls.connect(name, stream).await?;
    Ok(tls_stream)
 }
--- a/src/net/tls/danger.rs
+++ b/src/net/tls/danger.rs
@@ -1,55 +0,0 @@
-//! Dangerous TLS implementation of accepting invalid certificates for Rustls.
-
-use rustls::pki_types::{CertificateDer, ServerName, UnixTime};
-use tokio_rustls::rustls;
-
-#[derive(Debug)]
-pub(super) struct NoCertificateVerification();
-
-impl NoCertificateVerification {
-    pub(super) fn new() -> Self {
-        Self()
-    }
-}
-
-impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
-    fn verify_server_cert(
-        &self,
-        _end_entity: &CertificateDer<'_>,
-        _intermediates: &[CertificateDer<'_>],
-        _server_name: &ServerName<'_>,
-        _ocsp_response: &[u8],
-        _now: UnixTime,
-    ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
-        Ok(rustls::client::danger::ServerCertVerified::assertion())
-    }
-
-    fn verify_tls12_signature(
-        &self,
-        message: &[u8],
-        cert: &CertificateDer<'_>,
-        dss: &rustls::DigitallySignedStruct,
-    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        let provider = rustls::crypto::ring::default_provider();
-        let supported_schemes = &provider.signature_verification_algorithms;
-        rustls::crypto::verify_tls12_signature(message, cert, dss, supported_schemes)
-    }
-
-    fn verify_tls13_signature(
-        &self,
-        message: &[u8],
-        cert: &CertificateDer<'_>,
-        dss: &rustls::DigitallySignedStruct,
-    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        let provider = rustls::crypto::ring::default_provider();
-        let supported_schemes = &provider.signature_verification_algorithms;
-        rustls::crypto::verify_tls13_signature(message, cert, dss, supported_schemes)
-    }
-
-    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-        let provider = rustls::crypto::ring::default_provider();
-        provider
-            .signature_verification_algorithms
-            .supported_schemes()
-    }
-}
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -1,38 +1,96 @@
 //! OpenPGP helper module using [rPGP facilities](https://github.com/rpgp/rpgp).

-use std::collections::{HashMap, HashSet};
-use std::io::Cursor;
+use std::collections::{BTreeMap, HashMap, HashSet};
+use std::io::{BufRead, Cursor};

-use anyhow::{Context as _, Result, ensure};
-use deltachat_contact_tools::{EmailAddress, may_be_valid_addr};
+use anyhow::{Context as _, Result, bail};
+use deltachat_contact_tools::EmailAddress;
+use pgp::armor::BlockType;
 use pgp::composed::{
-    ArmorOptions, Deserializable, DetachedSignature, EncryptionCaps, KeyType as PgpKeyType,
-    MessageBuilder, SecretKeyParamsBuilder, SignedKeyDetails, SignedPublicKey, SignedPublicSubKey,
-    SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig,
+    ArmorOptions, DecryptionOptions, Deserializable, DetachedSignature, EncryptionCaps,
+    KeyType as PgpKeyType, Message, MessageBuilder, SecretKeyParamsBuilder, SignedPublicKey,
+    SignedPublicSubKey, SignedSecretKey, SubkeyParamsBuilder, SubpacketConfig, TheRing,
 };
 use pgp::crypto::aead::{AeadAlgorithm, ChunkSize};
 use pgp::crypto::ecc_curve::ECCCurve;
 use pgp::crypto::hash::HashAlgorithm;
 use pgp::crypto::sym::SymmetricKeyAlgorithm;
-use pgp::packet::{Signature, SignatureConfig, SignatureType, Subpacket, SubpacketData};
+use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData};
 use pgp::types::{
-    CompressionAlgorithm, Imprint, KeyDetails, KeyVersion, Password, SignedUser, SigningKey as _,
-    StringToKey,
+    CompressionAlgorithm, KeyDetails, KeyVersion, Password, SigningKey as _, StringToKey,
 };
 use rand_old::{Rng as _, thread_rng};
-use sha2::Sha256;
 use tokio::runtime::Handle;

 use crate::key::{DcKey, Fingerprint};

+#[cfg(test)]
+pub(crate) const HEADER_AUTOCRYPT: &str = "autocrypt-prefer-encrypt";
+
+pub(crate) const HEADER_SETUPCODE: &str = "passphrase-begin";
+
 /// Preferred symmetric encryption algorithm.
 const SYMMETRIC_KEY_ALGORITHM: SymmetricKeyAlgorithm = SymmetricKeyAlgorithm::AES128;

+/// Split data from PGP Armored Data as defined in <https://tools.ietf.org/html/rfc4880#section-6.2>.
+///
+/// Returns (type, headers, base64 encoded body).
+pub fn split_armored_data(buf: &[u8]) -> Result<(BlockType, BTreeMap<String, String>, Vec<u8>)> {
+    use std::io::Read;
+
+    let cursor = Cursor::new(buf);
+    let mut dearmor = pgp::armor::Dearmor::new(cursor);
+
+    let mut bytes = Vec::with_capacity(buf.len());
+
+    dearmor.read_to_end(&mut bytes)?;
+    let typ = dearmor.typ.context("failed to parse type")?;
+
+    // normalize headers
+    let headers = dearmor
+        .headers
+        .into_iter()
+        .map(|(key, values)| {
+            (
+                key.trim().to_lowercase(),
+                values
+                    .last()
+                    .map_or_else(String::new, |s| s.trim().to_string()),
+            )
+        })
+        .collect();
+
+    Ok((typ, headers, bytes))
+}
+
+/// A PGP keypair.
+///
+/// This has it's own struct to be able to keep the public and secret
+/// keys together as they are one unit.
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub struct KeyPair {
+    /// Public key.
+    pub public: SignedPublicKey,
+
+    /// Secret key.
+    pub secret: SignedSecretKey,
+}
+
+impl KeyPair {
+    /// Creates new keypair from a secret key.
+    ///
+    /// Public key is split off the secret key.
+    pub fn new(secret: SignedSecretKey) -> Result<Self> {
+        let public = secret.to_public_key();
+        Ok(Self { public, secret })
+    }
+}
+
 /// Create a new key pair.
 ///
 /// Both secret and public key consist of signing primary key and encryption subkey
 /// as [described in the Autocrypt standard](https://autocrypt.org/level1.html#openpgp-based-key-data).
-pub(crate) fn create_keypair(addr: EmailAddress) -> Result<SignedSecretKey> {
+pub(crate) fn create_keypair(addr: EmailAddress) -> Result<KeyPair> {
    let signing_key_type = PgpKeyType::Ed25519Legacy;
    let encryption_key_type = PgpKeyType::ECDH(ECCCurve::Curve25519);

@@ -41,7 +99,6 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> Result<SignedSecretKey> {
        .key_type(signing_key_type)
        .can_certify(true)
        .can_sign(true)
-        .feature_seipd_v2(true)
        .primary_user_id(user_id)
        .passphrase(None)
        .preferred_symmetric_algorithms(smallvec![
@@ -78,7 +135,12 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> Result<SignedSecretKey> {
        .verify_bindings()
        .context("Invalid secret key generated")?;

-    Ok(secret_key)
+    let key_pair = KeyPair::new(secret_key)?;
+    key_pair
+        .public
+        .verify_bindings()
+        .context("Invalid public key generated")?;
+    Ok(key_pair)
 }

 /// Selects a subkey of the public key to use for encryption.
@@ -114,6 +176,7 @@ pub async fn pk_encrypt(
    public_keys_for_encryption: Vec<SignedPublicKey>,
    private_key_for_signing: SignedSecretKey,
    compress: bool,
+    anonymous_recipients: bool,
    seipd_version: SeipdVersion,
 ) -> Result<String> {
    Handle::current()
@@ -160,7 +223,11 @@ pub async fn pk_encrypt(
                    let mut msg = msg.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM);

                    for pkey in pkeys {
-                        msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
+                        if anonymous_recipients {
+                            msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
+                        } else {
+                            msg.encrypt_to_key(&mut rng, &pkey)?;
+                        }
                    }

                    let hash_algorithm = private_key_for_signing.hash_alg();
@@ -185,7 +252,11 @@ pub async fn pk_encrypt(
                    );

                    for pkey in pkeys {
-                        msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
+                        if anonymous_recipients {
+                            msg.encrypt_to_key_anonymous(&mut rng, &pkey)?;
+                        } else {
+                            msg.encrypt_to_key(&mut rng, &pkey)?;
+                        }
                    }

                    let hash_algorithm = private_key_for_signing.hash_alg();
@@ -249,6 +320,95 @@ pub fn pk_calc_signature(
    Ok(sig.to_armored_string(ArmorOptions::default())?)
 }

+/// Decrypts the message:
+/// - with keys from the private key keyring (passed in `private_keys_for_decryption`)
+///   if the message was asymmetrically encrypted,
+/// - with a shared secret/password (passed in `shared_secrets`),
+///   if the message was symmetrically encrypted.
+///
+/// Returns the decrypted and decompressed message.
+pub fn decrypt(
+    ctext: Vec<u8>,
+    private_keys_for_decryption: &[SignedSecretKey],
+    mut shared_secrets: &[String],
+) -> Result<pgp::composed::Message<'static>> {
+    let cursor = Cursor::new(ctext);
+    let (msg, _headers) = Message::from_armor(cursor)?;
+
+    let skeys: Vec<&SignedSecretKey> = private_keys_for_decryption.iter().collect();
+    let empty_pw = Password::empty();
+
+    let decrypt_options = DecryptionOptions::new();
+    let symmetric_encryption_res = check_symmetric_encryption(&msg);
+    if symmetric_encryption_res.is_err() {
+        shared_secrets = &[];
+    }
+
+    // We always try out all passwords here,
+    // but benchmarking (see `benches/decrypting.rs`)
+    // showed that the performance impact is negligible.
+    // We can improve this in the future if necessary.
+    let message_password: Vec<Password> = shared_secrets
+        .iter()
+        .map(|p| Password::from(p.as_str()))
+        .collect();
+    let message_password: Vec<&Password> = message_password.iter().collect();
+
+    let ring = TheRing {
+        secret_keys: skeys,
+        key_passwords: vec![&empty_pw],
+        message_password,
+        session_keys: vec![],
+        decrypt_options,
+    };
+
+    let res = msg.decrypt_the_ring(ring, true);
+
+    let (msg, _ring_result) = match res {
+        Ok(it) => it,
+        Err(err) => {
+            if let Err(reason) = symmetric_encryption_res {
+                bail!("{err:#} (Note: symmetric decryption was not tried: {reason})")
+            } else {
+                bail!("{err:#}");
+            }
+        }
+    };
+
+    // remove one layer of compression
+    let msg = msg.decompress()?;
+
+    Ok(msg)
+}
+
+/// Returns Ok(()) if we want to try symmetrically decrypting the message,
+/// and Err with a reason if symmetric decryption should not be tried.
+///
+/// A DOS attacker could send a message with a lot of encrypted session keys,
+/// all of which use a very hard-to-compute string2key algorithm.
+/// We would then try to decrypt all of the encrypted session keys
+/// with all of the known shared secrets.
+/// In order to prevent this, we do not try to symmetrically decrypt messages
+/// that use a string2key algorithm other than 'Salted'.
+fn check_symmetric_encryption(msg: &Message<'_>) -> std::result::Result<(), &'static str> {
+    let Message::Encrypted { esk, .. } = msg else {
+        return Err("not encrypted");
+    };
+
+    if esk.len() > 1 {
+        return Err("too many esks");
+    }
+
+    let [pgp::composed::Esk::SymKeyEncryptedSessionKey(esk)] = &esk[..] else {
+        return Err("not symmetrically encrypted");
+    };
+
+    match esk.s2k() {
+        Some(StringToKey::Salted { .. }) => Ok(()),
+        _ => Err("unsupported string2key algorithm"),
+    }
+}
+
 /// Returns fingerprints
 /// of all keys from the `public_keys_for_validation` keyring that
 /// have valid signatures in `msg` and corresponding intended recipient fingerprints
@@ -298,12 +458,30 @@ pub fn pk_validate(
    Ok(ret)
 }

+/// Symmetric encryption for the autocrypt setup message (ASM).
+pub async fn symm_encrypt_autocrypt_setup(passphrase: &str, plain: Vec<u8>) -> Result<String> {
+    let passphrase = Password::from(passphrase.to_string());
+
+    tokio::task::spawn_blocking(move || {
+        let mut rng = thread_rng();
+        let s2k = StringToKey::new_default(&mut rng);
+        let builder = MessageBuilder::from_bytes("", plain);
+        let mut builder = builder.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM);
+        builder.encrypt_with_password(s2k, &passphrase)?;
+
+        let encoded_msg = builder.to_armored_string(&mut rng, Default::default())?;
+
+        Ok(encoded_msg)
+    })
+    .await?
+}
+
 /// Symmetrically encrypt the message.
 /// This is used for broadcast channels and for version 2 of the Securejoin protocol.
 /// `shared secret` is the secret that will be used for symmetric encryption.
 pub async fn symm_encrypt_message(
    plain: Vec<u8>,
-    private_key_for_signing: Option<SignedSecretKey>,
+    private_key_for_signing: SignedSecretKey,
    shared_secret: &str,
    compress: bool,
 ) -> Result<String> {
@@ -326,10 +504,8 @@ pub async fn symm_encrypt_message(
        );
        msg.encrypt_with_password(&mut rng, s2k, &shared_secret)?;

-        if let Some(private_key_for_signing) = private_key_for_signing.as_deref() {
-            let hash_algorithm = private_key_for_signing.hash_alg();
-            msg.sign(private_key_for_signing, Password::empty(), hash_algorithm);
-        }
+        let hash_algorithm = private_key_for_signing.hash_alg();
+        msg.sign(&*private_key_for_signing, Password::empty(), hash_algorithm);
        if compress {
            msg.compression(CompressionAlgorithm::ZLIB);
        }
@@ -341,164 +517,21 @@ pub async fn symm_encrypt_message(
    .await?
 }

-/// Merges and minimizes OpenPGP certificates.
-///
-/// Keeps at most one direct key signature and
-/// at most one User ID with exactly one signature.
-///
-/// See <https://openpgp.dev/book/adv/certificates.html#merging>
-/// and <https://openpgp.dev/book/adv/certificates.html#certificate-minimization>.
-///
-/// `new_certificate` does not necessarily contain newer data.
-/// It may come not directly from the key owner,
-/// e.g. via protected Autocrypt header or protected attachment
-/// in a signed message, but from Autocrypt-Gossip header or a vCard.
-/// Gossiped key may be older than the one we have
-/// or even have some packets maliciously dropped
-/// (for example, all encryption subkeys dropped)
-/// or restored from some older version of the certificate.
-pub fn merge_openpgp_certificates(
-    old_certificate: SignedPublicKey,
-    new_certificate: SignedPublicKey,
-) -> Result<SignedPublicKey> {
-    old_certificate
-        .verify_bindings()
-        .context("First key cannot be verified")?;
-    new_certificate
-        .verify_bindings()
-        .context("Second key cannot be verified")?;
+/// Symmetric decryption.
+pub async fn symm_decrypt<T: BufRead + std::fmt::Debug + 'static + Send>(
+    passphrase: &str,
+    ctext: T,
+) -> Result<Vec<u8>> {
+    let passphrase = passphrase.to_string();
+    tokio::task::spawn_blocking(move || {
+        let (enc_msg, _) = Message::from_armor(ctext)?;
+        let password = Password::from(passphrase);

-    // Decompose certificates.
-    let SignedPublicKey {
-        primary_key: old_primary_key,
-        details: old_details,
-        public_subkeys: old_public_subkeys,
-    } = old_certificate;
-    let SignedPublicKey {
-        primary_key: new_primary_key,
-        details: new_details,
-        public_subkeys: _new_public_subkeys,
-    } = new_certificate;
-
-    // Public keys may be serialized differently, e.g. using old and new packet type,
-    // so we compare imprints instead of comparing the keys
-    // directly with `old_primary_key == new_primary_key`.
-    // Imprints, like fingerprints, are calculated over normalized packets.
-    // On error we print fingerprints as this is what is used in the database
-    // and what most tools show.
-    let old_imprint = old_primary_key.imprint::<Sha256>()?;
-    let new_imprint = new_primary_key.imprint::<Sha256>()?;
-    ensure!(
-        old_imprint == new_imprint,
-        "Cannot merge certificates with different primary keys {} and {}",
-        old_primary_key.fingerprint(),
-        new_primary_key.fingerprint()
-    );
-
-    // Decompose old and the new key details.
-    //
-    // Revocation signatures are currently ignored so we do not store them.
-    //
-    // User attributes are thrown away on purpose,
-    // the only defined in RFC 9580 attribute is the Image Attribute
-    // (<https://www.rfc-editor.org/rfc/rfc9580.html#section-5.12.1>
-    // which we do not use and do not want to gossip.
-    let SignedKeyDetails {
-        revocation_signatures: _old_revocation_signatures,
-        direct_signatures: old_direct_signatures,
-        users: old_users,
-        user_attributes: _old_user_attributes,
-    } = old_details;
-    let SignedKeyDetails {
-        revocation_signatures: _new_revocation_signatures,
-        direct_signatures: new_direct_signatures,
-        users: new_users,
-        user_attributes: _new_user_attributes,
-    } = new_details;
-
-    // Select at most one direct key signature, the newest one.
-    let best_direct_key_signature: Option<Signature> = old_direct_signatures
-        .into_iter()
-        .chain(new_direct_signatures)
-        .filter(|x: &Signature| x.verify_key(&old_primary_key).is_ok())
-        .max_by_key(|x: &Signature|
-            // Converting to seconds because `Ord` is not derived for `Timestamp`:
-            // <https://github.com/rpgp/rpgp/issues/737>
-            x.created().map_or(0, |ts| ts.as_secs()));
-    let direct_signatures: Vec<Signature> = best_direct_key_signature.into_iter().collect();
-
-    // Select at most one User ID.
-    //
-    // We prefer User IDs marked as primary,
-    // but will select non-primary otherwise
-    // because sometimes keys have no primary User ID,
-    // such as Alice's key in `test-data/key/alice-secret.asc`.
-    let best_user: Option<SignedUser> = old_users
-        .into_iter()
-        .chain(new_users.clone())
-        .filter_map(|SignedUser { id, signatures }| {
-            // Select the best signature for each User ID.
-            // If User ID has no valid signatures, it is filtered out.
-            let best_user_signature: Option<Signature> = signatures
-                .into_iter()
-                .filter(|signature: &Signature| {
-                    signature
-                        .verify_certification(&old_primary_key, pgp::types::Tag::UserId, &id)
-                        .is_ok()
-                })
-                .max_by_key(|signature: &Signature| {
-                    signature.created().map_or(0, |ts| ts.as_secs())
-                });
-            best_user_signature.map(|signature| (id, signature))
-        })
-        .max_by_key(|(_id, signature)| signature.created().map_or(0, |ts| ts.as_secs()))
-        .map(|(id, signature)| SignedUser {
-            id,
-            signatures: vec![signature],
-        });
-    let users: Vec<SignedUser> = best_user.into_iter().collect();
-
-    let public_subkeys = old_public_subkeys;
-
-    Ok(SignedPublicKey {
-        primary_key: old_primary_key,
-        details: SignedKeyDetails {
-            revocation_signatures: vec![],
-            direct_signatures,
-            users,
-            user_attributes: vec![],
-        },
-        public_subkeys,
+        let msg = enc_msg.decrypt_with_password(&password)?;
+        let res = msg.decompress()?.as_data_vec()?;
+        Ok(res)
    })
-}
-
-/// Returns relays addresses from the public key signature.
-///
-/// Not more than 3 relays are returned for each key.
-pub(crate) fn addresses_from_public_key(public_key: &SignedPublicKey) -> Option<Vec<String>> {
-    for signature in &public_key.details.direct_signatures {
-        // The signature should be verified already when importing the key,
-        // but we double-check here.
-        let signature_is_valid = signature.verify_key(&public_key.primary_key).is_ok();
-        debug_assert!(signature_is_valid);
-        if signature_is_valid {
-            for notation in signature.notations() {
-                if notation.name == "relays@chatmail.at"
-                    && let Ok(value) = str::from_utf8(&notation.value)
-                {
-                    return Some(
-                        value
-                            .split(",")
-                            .map(|s| s.to_string())
-                            .filter(|s| may_be_valid_addr(s))
-                            .take(3)
-                            .collect(),
-                    );
-                }
-            }
-        }
-    }
-    None
+    .await?
 }

 #[cfg(test)]
@@ -508,42 +541,14 @@ mod tests {

    use super::*;
    use crate::{
-        config::Config,
-        decrypt,
-        key::{load_self_public_key, self_fingerprint, store_self_keypair},
-        mimefactory::{render_outer_message, wrap_encrypted_part},
-        test_utils::{TestContext, TestContextManager, alice_keypair, bob_keypair},
-        token,
+        key::{load_self_public_key, load_self_secret_key},
+        test_utils::{TestContextManager, alice_keypair, bob_keypair},
    };
-    use pgp::composed::{Esk, Message};
+    use pgp::composed::Esk;
    use pgp::packet::PublicKeyEncryptedSessionKey;

-    async fn decrypt_bytes(
-        bytes: Vec<u8>,
-        private_keys_for_decryption: &[SignedSecretKey],
-        auth_tokens_for_decryption: &[String],
-    ) -> Result<pgp::composed::Message<'static>> {
-        let t = &TestContext::new().await;
-        t.set_config(Config::ConfiguredAddr, Some("alice@example.org"))
-            .await
-            .expect("Failed to configure address");
-
-        for secret in auth_tokens_for_decryption {
-            token::save(t, token::Namespace::Auth, None, secret, 0).await?;
-        }
-        let [secret_key] = private_keys_for_decryption else {
-            panic!("Only one private key is allowed anymore");
-        };
-        store_self_keypair(t, secret_key).await?;
-
-        let mime_message = wrap_encrypted_part(bytes.try_into().unwrap());
-        let rendered = render_outer_message(vec![], mime_message);
-        let parsed = mailparse::parse_mail(rendered.as_bytes())?;
-        let (decrypted, _fp) = decrypt::decrypt(t, &parsed).await?.unwrap();
-        Ok(decrypted)
-    }
-
-    async fn pk_decrypt_and_validate<'a>(
+    #[expect(clippy::type_complexity)]
+    fn pk_decrypt_and_validate<'a>(
        ctext: &'a [u8],
        private_keys_for_decryption: &'a [SignedSecretKey],
        public_keys_for_validation: &[SignedPublicKey],
@@ -552,7 +557,7 @@ mod tests {
        HashMap<Fingerprint, Vec<Fingerprint>>,
        Vec<u8>,
    )> {
-        let mut msg = decrypt_bytes(ctext.to_vec(), private_keys_for_decryption, &[]).await?;
+        let mut msg = decrypt(ctext.to_vec(), private_keys_for_decryption, &[])?;
        let content = msg.as_data_vec()?;
        let ret_signature_fingerprints =
            valid_signature_fingerprints(&msg, public_keys_for_validation);
@@ -560,11 +565,38 @@ mod tests {
        Ok((msg, ret_signature_fingerprints, content))
    }

+    #[test]
+    fn test_split_armored_data_1() {
+        let (typ, _headers, base64) = split_armored_data(
+            b"-----BEGIN PGP MESSAGE-----\nNoVal:\n\naGVsbG8gd29ybGQ=\n-----END PGP MESSAGE-----",
+        )
+        .unwrap();
+
+        assert_eq!(typ, BlockType::Message);
+        assert!(!base64.is_empty());
+        assert_eq!(
+            std::string::String::from_utf8(base64).unwrap(),
+            "hello world"
+        );
+    }
+
+    #[test]
+    fn test_split_armored_data_2() {
+        let (typ, headers, base64) = split_armored_data(
+            b"-----BEGIN PGP PRIVATE KEY BLOCK-----\nAutocrypt-Prefer-Encrypt: mutual \n\naGVsbG8gd29ybGQ=\n-----END PGP PRIVATE KEY BLOCK-----"
+        )
+            .unwrap();
+
+        assert_eq!(typ, BlockType::PrivateKey);
+        assert!(!base64.is_empty());
+        assert_eq!(headers.get(HEADER_AUTOCRYPT), Some(&"mutual".to_string()));
+    }
+
    #[test]
    fn test_create_keypair() {
        let keypair0 = create_keypair(EmailAddress::new("foo@bar.de").unwrap()).unwrap();
        let keypair1 = create_keypair(EmailAddress::new("two@zwo.de").unwrap()).unwrap();
-        assert_ne!(keypair0.public_key(), keypair1.public_key());
+        assert_ne!(keypair0.public, keypair1.public);
    }

    /// [SignedSecretKey] and [SignedPublicKey] objects
@@ -581,10 +613,10 @@ mod tests {
            let alice = alice_keypair();
            let bob = bob_keypair();
            TestKeys {
-                alice_secret: alice.clone(),
-                alice_public: alice.to_public_key(),
-                bob_secret: bob.clone(),
-                bob_public: bob.to_public_key(),
+                alice_secret: alice.secret.clone(),
+                alice_public: alice.public,
+                bob_secret: bob.secret.clone(),
+                bob_public: bob.public,
            }
        }
    }
@@ -599,6 +631,7 @@ mod tests {

    /// A ciphertext encrypted to Alice & Bob, signed by Alice.
    async fn ctext_signed() -> &'static String {
+        let anonymous_recipients = true;
        CTEXT_SIGNED
            .get_or_init(|| async {
                let keyring = vec![KEYS.alice_public.clone(), KEYS.bob_public.clone()];
@@ -609,6 +642,7 @@ mod tests {
                    keyring,
                    KEYS.alice_secret.clone(),
                    compress,
+                    anonymous_recipients,
                    SeipdVersion::V2,
                )
                .await
@@ -637,7 +671,6 @@ mod tests {
            &decrypt_keyring,
            &sig_check_keyring,
        )
-        .await
        .unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 1);
@@ -653,7 +686,6 @@ mod tests {
            &decrypt_keyring,
            &sig_check_keyring,
        )
-        .await
        .unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 1);
@@ -666,9 +698,7 @@ mod tests {
    async fn test_decrypt_no_sig_check() {
        let keyring = vec![KEYS.alice_secret.clone()];
        let (_msg, valid_signatures, content) =
-            pk_decrypt_and_validate(ctext_signed().await.as_bytes(), &keyring, &[])
-                .await
-                .unwrap();
+            pk_decrypt_and_validate(ctext_signed().await.as_bytes(), &keyring, &[]).unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 0);
    }
@@ -683,7 +713,6 @@ mod tests {
            &decrypt_keyring,
            &sig_check_keyring,
        )
-        .await
        .unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 0);
@@ -694,64 +723,57 @@ mod tests {
        let decrypt_keyring = vec![KEYS.bob_secret.clone()];
        let ctext_unsigned = include_bytes!("../test-data/message/ctext_unsigned.asc");
        let (_msg, valid_signatures, content) =
-            pk_decrypt_and_validate(ctext_unsigned, &decrypt_keyring, &[])
-                .await
-                .unwrap();
+            pk_decrypt_and_validate(ctext_unsigned, &decrypt_keyring, &[]).unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 0);
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_dont_decrypt_expensive_message_happy_path() -> Result<()> {
-        let s2k = StringToKey::Salted {
-            hash_alg: HashAlgorithm::default(),
-            salt: [1; 8],
-        };
+    async fn test_encrypt_decrypt_broadcast() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = &tcm.alice().await;
+        let bob = &tcm.bob().await;

-        test_dont_decrypt_expensive_message_ex(s2k, false, None).await
-    }
+        let plain = Vec::from(b"this is the secret message");
+        let shared_secret = "shared secret";
+        let ctext = symm_encrypt_message(
+            plain.clone(),
+            load_self_secret_key(alice).await?,
+            shared_secret,
+            true,
+        )
+        .await?;

-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_dont_decrypt_expensive_message_bad_s2k() -> Result<()> {
-        let s2k = StringToKey::new_default(&mut thread_rng()); // Default is IteratedAndSalted
+        let bob_private_keyring = crate::key::load_self_secret_keyring(bob).await?;
+        let mut decrypted = decrypt(
+            ctext.into(),
+            &bob_private_keyring,
+            &[shared_secret.to_string()],
+        )?;

-        test_dont_decrypt_expensive_message_ex(s2k, false, Some("unsupported string2key algorithm"))
-            .await
-    }
+        assert_eq!(decrypted.as_data_vec()?, plain);

-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_dont_decrypt_expensive_message_multiple_secrets() -> Result<()> {
-        let s2k = StringToKey::Salted {
-            hash_alg: HashAlgorithm::default(),
-            salt: [1; 8],
-        };
-
-        // This error message is actually not great,
-        // but grepping for it will lead to the correct code
-        test_dont_decrypt_expensive_message_ex(s2k, true, Some("decrypt_with_keys: missing key"))
-            .await
+        Ok(())
    }

    /// Test that we don't try to decrypt a message
    /// that is symmetrically encrypted
    /// with an expensive string2key algorithm
-    /// or multiple shared secrets.
-    /// This is to prevent possible DOS attacks on the app.
-    async fn test_dont_decrypt_expensive_message_ex(
-        s2k: StringToKey,
-        encrypt_twice: bool,
-        expected_error_msg: Option<&str>,
-    ) -> Result<()> {
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_dont_decrypt_expensive_message() -> Result<()> {
        let mut tcm = TestContextManager::new();
        let bob = &tcm.bob().await;

        let plain = Vec::from(b"this is the secret message");
        let shared_secret = "shared secret";
-        let bob_fp = self_fingerprint(bob).await?;

-        let shared_secret_pw = Password::from(format!("securejoin/{bob_fp}/{shared_secret}"));
+        // Create a symmetrically encrypted message
+        // with an IteratedAndSalted string2key algorithm:
+
+        let shared_secret_pw = Password::from(shared_secret.to_string());
        let msg = MessageBuilder::from_bytes("", plain);
        let mut rng = thread_rng();
+        let s2k = StringToKey::new_default(&mut rng); // Default is IteratedAndSalted

        let mut msg = msg.seipd_v2(
            &mut rng,
@@ -759,28 +781,24 @@ mod tests {
            AeadAlgorithm::Ocb,
            ChunkSize::C8KiB,
        );
-        msg.encrypt_with_password(&mut rng, s2k.clone(), &shared_secret_pw)?;
-        if encrypt_twice {
-            msg.encrypt_with_password(&mut rng, s2k, &shared_secret_pw)?;
-        }
+        msg.encrypt_with_password(&mut rng, s2k, &shared_secret_pw)?;

        let ctext = msg.to_armored_string(&mut rng, Default::default())?;

        // Trying to decrypt it should fail with a helpful error message:

        let bob_private_keyring = crate::key::load_self_secret_keyring(bob).await?;
-        let res = decrypt_bytes(
+        let error = decrypt(
            ctext.into(),
            &bob_private_keyring,
            &[shared_secret.to_string()],
        )
-        .await;
+        .unwrap_err();

-        if let Some(expected_error_msg) = expected_error_msg {
-            assert_eq!(format!("{:#}", res.unwrap_err()), expected_error_msg);
-        } else {
-            res.unwrap();
-        }
+        assert_eq!(
+            error.to_string(),
+            "missing key (Note: symmetric decryption was not tried: unsupported string2key algorithm)"
+        );

        Ok(())
    }
@@ -795,23 +813,24 @@ mod tests {
        let pk_for_encryption = load_self_public_key(alice).await?;

        // Encrypt a message, but only to self, not to Bob:
-        let compress = true;
        let ctext = pk_encrypt(
            plain,
            vec![pk_for_encryption],
            KEYS.alice_secret.clone(),
-            compress,
+            true,
+            true,
            SeipdVersion::V2,
        )
        .await?;

        // Trying to decrypt it should fail with an OK error message:
        let bob_private_keyring = crate::key::load_self_secret_keyring(bob).await?;
-        let error = decrypt_bytes(ctext.into(), &bob_private_keyring, &[])
-            .await
-            .unwrap_err();
+        let error = decrypt(ctext.into(), &bob_private_keyring, &[]).unwrap_err();

-        assert_eq!(format!("{error:#}"), "decrypt_with_keys: missing key");
+        assert_eq!(
+            error.to_string(),
+            "missing key (Note: symmetric decryption was not tried: not symmetrically encrypted)"
+        );

        Ok(())
    }
@@ -845,24 +864,4 @@ mod tests {
        }
        Ok(())
    }
-
-    #[test]
-    fn test_merge_openpgp_certificates() {
-        let alice = alice_keypair().to_public_key();
-        let bob = bob_keypair().to_public_key();
-
-        // Merging certificate with itself does not change it.
-        assert_eq!(
-            merge_openpgp_certificates(alice.clone(), alice.clone()).unwrap(),
-            alice
-        );
-        assert_eq!(
-            merge_openpgp_certificates(bob.clone(), bob.clone()).unwrap(),
-            bob
-        );
-
-        // Cannot merge certificates with different primary key.
-        assert!(merge_openpgp_certificates(alice.clone(), bob.clone()).is_err());
-        assert!(merge_openpgp_certificates(bob.clone(), alice.clone()).is_err());
-    }
 }
--- a/src/qr.rs
+++ b/src/qr.rs
@@ -61,9 +61,6 @@ pub enum Qr {

        /// Authentication code.
        authcode: String,
-
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },

    /// Ask the user whether to join the group.
@@ -85,9 +82,6 @@ pub enum Qr {

        /// Authentication code.
        authcode: String,
-
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },

    /// Ask whether to join the broadcast channel.
@@ -112,9 +106,6 @@ pub enum Qr {
        invitenumber: String,
        /// Authentication code.
        authcode: String,
-
-        /// Whether the inviter supports the new Securejoin v3 protocol
-        is_v3: bool,
    },

    /// Contact fingerprint is verified.
@@ -492,7 +483,7 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {

    let name = decode_name(&param, "n")?.unwrap_or_default();

-    let mut invitenumber = param
+    let invitenumber = param
        .get("i")
        // For historic reansons, broadcasts currently use j instead of i for the invitenumber:
        .or_else(|| param.get("j"))
@@ -510,16 +501,6 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
    let grpname = decode_name(&param, "g")?;
    let broadcast_name = decode_name(&param, "b")?;

-    let mut is_v3 = param.get("v") == Some(&"3");
-
-    if authcode.is_some() && invitenumber.is_none() {
-        // Securejoin v3 doesn't need an invitenumber.
-        // We want to remove the invitenumber and the `v=3` parameter eventually;
-        // therefore, we accept v3 QR codes without an invitenumber.
-        is_v3 = true;
-        invitenumber = Some("".to_string());
-    }
-
    if let (Some(addr), Some(invitenumber), Some(authcode)) = (&addr, invitenumber, authcode) {
        let addr = ContactAddress::new(addr)?;
        let (contact_id, _) = Contact::add_or_lookup_ex(
@@ -538,7 +519,7 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
                .await
                .with_context(|| format!("can't check if address {addr:?} is our address"))?
            {
-                if token::exists(context, token::Namespace::Auth, &authcode).await? {
+                if token::exists(context, token::Namespace::InviteNumber, &invitenumber).await? {
                    Ok(Qr::WithdrawVerifyGroup {
                        grpname,
                        grpid,
@@ -565,7 +546,6 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
                    fingerprint,
                    invitenumber,
                    authcode,
-                    is_v3,
                })
            }
        } else if let (Some(grpid), Some(name)) = (grpid, broadcast_name) {
@@ -574,7 +554,7 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
                .await
                .with_context(|| format!("Can't check if {addr:?} is our address"))?
            {
-                if token::exists(context, token::Namespace::Auth, &authcode).await? {
+                if token::exists(context, token::Namespace::InviteNumber, &invitenumber).await? {
                    Ok(Qr::WithdrawJoinBroadcast {
                        name,
                        grpid,
@@ -601,11 +581,10 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
                    fingerprint,
                    invitenumber,
                    authcode,
-                    is_v3,
                })
            }
        } else if context.is_self_addr(&addr).await? {
-            if token::exists(context, token::Namespace::Auth, &authcode).await? {
+            if token::exists(context, token::Namespace::InviteNumber, &invitenumber).await? {
                Ok(Qr::WithdrawVerifyContact {
                    contact_id,
                    fingerprint,
@@ -626,7 +605,6 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            })
        }
    } else if let Some(addr) = addr {
@@ -682,12 +660,6 @@ fn decode_account(qr: &str) -> Result<Qr> {
    let payload = qr
        .get(DCACCOUNT_SCHEME.len()..)
        .context("Invalid DCACCOUNT payload")?;
-
-    // Handle `dcaccount://...` URLs.
-    let payload = payload.strip_prefix("//").unwrap_or(payload);
-    if payload.is_empty() {
-        bail!("dcaccount payload is empty");
-    }
    if payload.starts_with("https://") {
        let url = url::Url::parse(payload).context("Invalid account URL")?;
        if url.scheme() == "https" {
@@ -701,12 +673,6 @@ fn decode_account(qr: &str) -> Result<Qr> {
            bail!("Bad scheme for account URL: {:?}.", url.scheme());
        }
    } else {
-        if payload.starts_with("/") {
-            // Handle `dcaccount:///` URL reported to have been created
-            // by Telegram link parser at
-            // <https://support.delta.chat/t/could-not-find-dns-resolutions-for-imap-993-when-adding-a-relay/4907>
-            bail!("Hostname in dcaccount URL cannot start with /");
-        }
        Ok(Qr::Account {
            domain: payload.to_string(),
        })
--- a/src/qr/dclogin_scheme.rs
+++ b/src/qr/dclogin_scheme.rs
@@ -81,14 +81,9 @@ pub(super) fn decode_login(qr: &str) -> Result<Qr> {
            .map(|(key, value)| (key.into_owned(), value.into_owned()))
            .collect();

-        let addr = percent_encoding::percent_decode_str(addr)
-            .decode_utf8()
-            .context("Address must be UTF-8")?
-            .to_string();
-
        // check if username is there
-        if !may_be_valid_addr(&addr) {
-            bail!("Invalid DCLOGIN payload: invalid username {addr:?}.");
+        if !may_be_valid_addr(addr) {
+            bail!("invalid DCLOGIN payload: invalid username E5");
        }

        // apply to result struct
@@ -205,7 +200,9 @@ pub(crate) fn login_param_from_login_qr(

 #[cfg(test)]
 mod test {
-    use super::*;
+    use anyhow::bail;
+
+    use super::{LoginOptions, decode_login};
    use crate::{login_param::EnteredCertificateChecks, provider::Socket, qr::Qr};

    macro_rules! login_options_just_pw {
@@ -228,7 +225,7 @@ mod test {
    }

    #[test]
-    fn minimal_no_options() -> Result<()> {
+    fn minimal_no_options() -> anyhow::Result<()> {
        let result = decode_login("dclogin://email@host.tld?p=123&v=1")?;
        if let Qr::Login { address, options } = result {
            assert_eq!(address, "email@host.tld".to_owned());
@@ -253,7 +250,7 @@ mod test {
        Ok(())
    }
    #[test]
-    fn minimal_no_options_no_double_slash() -> Result<()> {
+    fn minimal_no_options_no_double_slash() -> anyhow::Result<()> {
        let result = decode_login("dclogin:email@host.tld?p=123&v=1")?;
        if let Qr::Login { address, options } = result {
            assert_eq!(address, "email@host.tld".to_owned());
@@ -292,7 +289,7 @@ mod test {
    }

    #[test]
-    fn version_too_new() -> Result<()> {
+    fn version_too_new() -> anyhow::Result<()> {
        let result = decode_login("dclogin:email@host.tld/?p=123456&v=2")?;
        if let Qr::Login { options, .. } = result {
            assert_eq!(options, LoginOptions::UnsuportedVersion(2));
@@ -309,7 +306,7 @@ mod test {
    }

    #[test]
-    fn all_advanced_options() -> Result<()> {
+    fn all_advanced_options() -> anyhow::Result<()> {
        let result = decode_login(
            "dclogin:email@host.tld?p=secret&v=1&ih=imap.host.tld&ip=4000&iu=max&ipw=87654&is=ssl&ic=1&sh=mail.host.tld&sp=3000&su=max@host.tld&spw=3242HS&ss=plain&sc=3",
        )?;
@@ -339,19 +336,7 @@ mod test {
    }

    #[test]
-    fn uri_encoded_login() -> Result<()> {
-        let result = decode_login("dclogin:username@%5b192.168.1.1%5d?p=1234&v=1")?;
-        if let Qr::Login { address, options } = result {
-            assert_eq!(address, "username@[192.168.1.1]".to_owned());
-            assert_eq!(options, login_options_just_pw!("1234".to_owned()));
-        } else {
-            bail!("wrong type")
-        }
-        Ok(())
-    }
-
-    #[test]
-    fn uri_encoded_password() -> Result<()> {
+    fn uri_encoded_password() -> anyhow::Result<()> {
        let result = decode_login(
            "dclogin:email@host.tld?p=%7BDaehFl%3B%22as%40%21fhdodn5%24234%22%7B%7Dfg&v=1",
        )?;
@@ -368,7 +353,7 @@ mod test {
    }

    #[test]
-    fn email_with_plus_extension() -> Result<()> {
+    fn email_with_plus_extension() -> anyhow::Result<()> {
        let result = decode_login("dclogin:usename+extension@host?p=1234&v=1")?;
        if let Qr::Login { address, options } = result {
            assert_eq!(address, "usename+extension@host".to_owned());
@@ -380,7 +365,7 @@ mod test {
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_decode_dclogin_ipv4() -> Result<()> {
+    async fn test_decode_dclogin_ipv4() -> anyhow::Result<()> {
        let result = decode_login("dclogin://test@[127.0.0.1]?p=1234&v=1")?;
        if let Qr::Login { address, options } = result {
            assert_eq!(address, "test@[127.0.0.1]".to_owned());
@@ -392,7 +377,7 @@ mod test {
    }

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_decode_dclogin_ipv6() -> Result<()> {
+    async fn test_decode_dclogin_ipv6() -> anyhow::Result<()> {
        let result =
            decode_login("dclogin://test@[2001:0db8:85a3:0000:0000:8a2e:0370:7334]?p=1234&v=1")?;
        if let Qr::Login { address, options } = result {
--- a/src/qr/qr_tests.rs
+++ b/src/qr/qr_tests.rs
@@ -1,5 +1,3 @@
-use regex::Regex;
-
 use super::*;
 use crate::chat::{Chat, create_broadcast, create_group, get_chat_contacts};
 use crate::config::Config;
@@ -447,28 +445,9 @@ async fn test_decode_openpgp_without_addr() -> Result<()> {
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_withdraw_verifycontact_basic() -> Result<()> {
-    test_withdraw_verifycontact(false).await
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_withdraw_verifycontact_without_invite() -> Result<()> {
-    test_withdraw_verifycontact(true).await
-}
-
-async fn test_withdraw_verifycontact(remove_invite: bool) -> Result<()> {
+async fn test_withdraw_verifycontact() -> Result<()> {
    let alice = TestContext::new_alice().await;
-    let mut qr = get_securejoin_qr(&alice, None).await?;
-
-    if remove_invite {
-        // Remove the INVITENUBMER. It's not needed in Securejoin v3,
-        // but still included for backwards compatibility reasons.
-        // We want to be able to remove it in the future,
-        // therefore we test that things work without it.
-        let new_qr = Regex::new("&i=.*?&").unwrap().replace(&qr, "&");
-        assert!(new_qr != *qr);
-        qr = new_qr.to_string();
-    }
+    let qr = get_securejoin_qr(&alice, None).await?;

    // scanning own verify-contact code offers withdrawing
    assert!(matches!(
@@ -487,11 +466,6 @@ async fn test_withdraw_verifycontact(remove_invite: bool) -> Result<()> {
        check_qr(&alice, &qr).await?,
        Qr::WithdrawVerifyContact { .. }
    ));
-    // Test that removing the INVITENUMBER doesn't result in saving empty token:
-    assert_eq!(
-        token::exists(&alice, token::Namespace::InviteNumber, "").await?,
-        false
-    );

    // someone else always scans as ask-verify-contact
    let bob = TestContext::new_bob().await;
@@ -721,9 +695,7 @@ async fn test_decode_account() -> Result<()> {

    for text in [
        "DCACCOUNT:example.org",
-        "DCACCOUNT://example.org",
        "dcaccount:example.org",
-        "dcaccount://example.org",
        "DCACCOUNT:https://example.org/new_email?t=1w_7wDjgjelxeX884x96v3",
        "dcaccount:https://example.org/new_email?t=1w_7wDjgjelxeX884x96v3",
    ] {
@@ -739,21 +711,6 @@ async fn test_decode_account() -> Result<()> {
    Ok(())
 }

-/// Tests that decoding empty `dcaccount://` URL results in an error.
-/// We should not suggest trying to configure an account in this case.
-/// Such links may be created by copy-paste error or because of incorrect parsing.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_decode_empty_account() -> Result<()> {
-    let ctx = TestContext::new().await;
-
-    for text in ["DCACCOUNT:", "dcaccount:", "dcaccount://", "dcaccount:///"] {
-        let qr = check_qr(&ctx.ctx, text).await;
-        assert!(qr.is_err(), "Invalid {text:?} is parsed as dcaccount URL");
-    }
-
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_decode_tg_socks_proxy() -> Result<()> {
    let t = TestContext::new().await;
--- a/src/reaction.rs
+++ b/src/reaction.rs
@@ -393,9 +393,7 @@ mod tests {
    use crate::chatlist::Chatlist;
    use crate::config::Config;
    use crate::contact::{Contact, Origin};
-    use crate::key::{load_self_public_key, load_self_secret_key};
-    use crate::message::{MessageState, Viewtype, delete_msgs, markseen_msgs};
-    use crate::pgp::{SeipdVersion, pk_encrypt};
+    use crate::message::{MessageState, Viewtype, delete_msgs};
    use crate::receive_imf::receive_imf;
    use crate::sql::housekeeping;
    use crate::test_utils::E2EE_INFO_MSGS;
@@ -958,152 +956,4 @@ Content-Disposition: reaction\n\
        }
        Ok(())
    }
-
-    /// Tests that if reaction requests a read receipt,
-    /// no read receipt is sent when the chat is marked as noticed.
-    ///
-    /// Reactions create hidden messages in the chat,
-    /// and when marking the chat as noticed marks
-    /// such messages as seen, read receipts should never be sent
-    /// to avoid the sender of reaction from learning
-    /// that receiver opened the chat.
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_reaction_request_mdn() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let alice = &tcm.alice().await;
-        let bob = &tcm.bob().await;
-
-        let alice_chat_id = alice.create_chat_id(bob).await;
-        let alice_sent_msg = alice.send_text(alice_chat_id, "Hello!").await;
-
-        let bob_msg = bob.recv_msg(&alice_sent_msg).await;
-        bob_msg.chat_id.accept(bob).await?;
-        assert_eq!(bob_msg.state, MessageState::InFresh);
-        let bob_chat_id = bob_msg.chat_id;
-        bob_chat_id.accept(bob).await?;
-
-        markseen_msgs(bob, vec![bob_msg.id]).await?;
-        assert_eq!(
-            bob.sql
-                .count(
-                    "SELECT COUNT(*) FROM smtp_mdns WHERE from_id!=?",
-                    (ContactId::SELF,)
-                )
-                .await?,
-            1
-        );
-        bob.sql.execute("DELETE FROM smtp_mdns", ()).await?;
-
-        // Construct reaction with an MDN request.
-        // Note the `Chat-Disposition-Notification-To` header.
-        let known_id = bob_msg.rfc724_mid;
-        let new_id = "e2b6e69e-4124-4e2a-b79f-e4f1be667165@localhost";
-
-        let plain_text = format!(
-            "Content-Type: text/plain; charset=\"utf-8\"; protected-headers=\"v1\"; \r
-        hp=\"cipher\"\r
-Content-Disposition: reaction\r
-From: \"Alice\" <alice@example.org>\r
-To: \"Bob\" <bob@example.net>\r
-Subject: Message from Alice\r
-Date: Sat, 14 Mar 2026 01:02:03 +0000\r
-In-Reply-To: <{known_id}>\r
-References: <{known_id}>\r
-Chat-Version: 1.0\r
-Chat-Disposition-Notification-To: alice@example.org\r
-Message-ID: <{new_id}>\r
-HP-Outer: From: <alice@example.org>\r
-HP-Outer: To: \"hidden-recipients\": ;\r
-HP-Outer: Subject: [...]\r
-HP-Outer: Date: Sat, 14 Mar 2026 01:02:03 +0000\r
-HP-Outer: Message-ID: <{new_id}>\r
-HP-Outer: In-Reply-To: <{known_id}>\r
-HP-Outer: References: <{known_id}>\r
-HP-Outer: Chat-Version: 1.0\r
-Content-Transfer-Encoding: base64\r
-\r
-8J+RgA==\r
-"
-        );
-
-        let alice_public_key = load_self_public_key(alice).await?;
-        let bob_public_key = load_self_public_key(bob).await?;
-        let alice_secret_key = load_self_secret_key(alice).await?;
-        let public_keys_for_encryption = vec![alice_public_key, bob_public_key];
-        let compress = true;
-        let encrypted_payload = pk_encrypt(
-            plain_text.as_bytes().to_vec(),
-            public_keys_for_encryption,
-            alice_secret_key,
-            compress,
-            SeipdVersion::V2,
-        )
-        .await?;
-
-        let boundary = "boundary123";
-        let rcvd_mail = format!(
-            "From: <alice@example.org>\r
-To: \"hidden-recipients\": ;\r
-Subject: [...]\r
-Date: Sat, 14 Mar 2026 01:02:03 +0000\r
-Message-ID: <{new_id}>\r
-In-Reply-To: <{known_id}>\r
-References: <{known_id}>\r
-Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\";\r
-        boundary=\"{boundary}\"\r
-MIME-Version: 1.0\r
-\r
--{boundary}\r
-Content-Type: application/pgp-encrypted; charset=\"utf-8\"\r
-Content-Description: PGP/MIME version identification\r
-Content-Transfer-Encoding: 7bit\r
-\r
-Version: 1\r
-\r
--{boundary}\r
-Content-Type: application/octet-stream; name=\"encrypted.asc\";\r
-        charset=\"utf-8\"\r
-Content-Description: OpenPGP encrypted message\r
-Content-Disposition: inline; filename=\"encrypted.asc\";\r
-Content-Transfer-Encoding: 7bit\r
-\r
-{encrypted_payload}
--{boundary}--\r
-"
-        );
-
-        let received = receive_imf(bob, rcvd_mail.as_bytes(), false)
-            .await?
-            .unwrap();
-        let bob_hidden_msg = Message::load_from_db(bob, *received.msg_ids.last().unwrap())
-            .await
-            .unwrap();
-        assert!(bob_hidden_msg.hidden);
-        assert_eq!(bob_hidden_msg.chat_id, bob_chat_id);
-
-        // Bob does not see new message and cannot mark it as seen directly,
-        // but can mark the chat as noticed when opening it.
-        marknoticed_chat(bob, bob_chat_id).await?;
-
-        assert_eq!(
-            bob.sql
-                .count(
-                    "SELECT COUNT(*) FROM smtp_mdns WHERE from_id!=?",
-                    (ContactId::SELF,)
-                )
-                .await?,
-            0,
-            "Bob should not send MDN to Alice"
-        );
-
-        // MDN request was ignored, but reaction was not.
-        let reactions = get_msg_reactions(bob, bob_msg.id).await?;
-        assert_eq!(reactions.reactions.len(), 1);
-        assert_eq!(
-            reactions.emoji_sorted_by_frequency(),
-            vec![("👀".to_string(), 1)]
-        );
-
-        Ok(())
-    }
 }
--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -31,8 +31,7 @@ use crate::key::{
 };
 use crate::log::{LogExt as _, warn};
 use crate::message::{
-    self, Message, MessageState, MessengerMessage, MsgId, Viewtype, insert_tombstone,
-    rfc724_mid_exists,
+    self, Message, MessageState, MessengerMessage, MsgId, Viewtype, rfc724_mid_exists,
 };
 use crate::mimeparser::{
    AvatarAction, GossipedKey, MimeMessage, PreMessageMode, SystemMessage, parse_message_ids,
@@ -179,6 +178,22 @@ pub(crate) async fn receive_imf_from_inbox(
    receive_imf_inner(context, rfc724_mid, imf_raw, seen).await
 }

+/// Inserts a tombstone into `msgs` table
+/// to prevent downloading the same message in the future.
+///
+/// Returns tombstone database row ID.
+async fn insert_tombstone(context: &Context, rfc724_mid: &str) -> Result<MsgId> {
+    let row_id = context
+        .sql
+        .insert(
+            "INSERT INTO msgs(rfc724_mid, chat_id) VALUES (?,?)",
+            (rfc724_mid, DC_CHAT_ID_TRASH),
+        )
+        .await?;
+    let msg_id = MsgId::new(u32::try_from(row_id)?);
+    Ok(msg_id)
+}
+
 async fn get_to_and_past_contact_ids(
    context: &Context,
    mime_parser: &MimeMessage,
@@ -539,17 +554,9 @@ pub(crate) async fn receive_imf_inner(
            .await?
            .filter(|msg| msg.download_state() != DownloadState::Done)
        {
-            // The message was partially downloaded before.
-            match mime_parser.pre_message {
-                PreMessageMode::Post | PreMessageMode::None => {
-                    info!(context, "Message already partly in DB, replacing.");
-                    Some(msg.chat_id)
-                }
-                PreMessageMode::Pre { .. } => {
-                    info!(context, "Cannot replace pre-message with a pre-message");
-                    None
-                }
-            }
+            // the message was partially downloaded before and is fully downloaded now.
+            info!(context, "Message already partly in DB, replacing.");
+            Some(msg.chat_id)
        } else {
            // The message was already fully downloaded
            // or cannot be loaded because it is deleted.
@@ -729,7 +736,8 @@ pub(crate) async fn receive_imf_inner(

        let allow_creation = if mime_parser.decrypting_failed {
            false
-        } else if is_dc_message == MessengerMessage::No
+        } else if mime_parser.is_system_message != SystemMessage::AutocryptSetupMessage
+            && is_dc_message == MessengerMessage::No
            && !context.get_config_bool(Config::IsChatmail).await?
        {
            // the message is a classic email in a classic profile
@@ -860,10 +868,6 @@ UPDATE config SET value=? WHERE keyname='configured_addr' AND value!=?1
                if transport_changed {
                    info!(context, "Primary transport changed to {from_addr:?}.");
                    context.sql.uncache_raw_config("configured_addr").await;
-
-                    // Regenerate User ID in V4 keys.
-                    context.self_public_key.lock().await.take();
-
                    context.emit_event(EventType::TransportsModified);
                }
            } else {
@@ -1321,35 +1325,15 @@ async fn decide_chat_assignment(
    // no database row and ChatId yet.
    let mut num_recipients = 0;
    let mut has_self_addr = false;
-
-    if let Some((sender_fingerprint, intended_recipient_fingerprints)) = mime_parser
-        .signature
-        .as_ref()
-        .filter(|(_sender_fingerprint, fps)| !fps.is_empty())
-    {
-        // The message is signed and has intended recipient fingerprints.
-
-        // If the message has intended recipient fingerprint and is not trashed already,
-        // then it is intended for us.
-        has_self_addr = true;
-
-        num_recipients = intended_recipient_fingerprints
-            .iter()
-            .filter(|fp| *fp != sender_fingerprint)
-            .count();
-    } else {
-        // Message has no intended recipient fingerprints
-        // or is not signed, count the `To` field recipients.
-        for recipient in &mime_parser.recipients {
-            has_self_addr |= context.is_self_addr(&recipient.addr).await?;
-            if addr_cmp(&recipient.addr, &mime_parser.from.addr) {
-                continue;
-            }
-            num_recipients += 1;
-        }
-        if from_id != ContactId::SELF && !has_self_addr {
-            num_recipients += 1;
+    for recipient in &mime_parser.recipients {
+        has_self_addr |= context.is_self_addr(&recipient.addr).await?;
+        if addr_cmp(&recipient.addr, &mime_parser.from.addr) {
+            continue;
        }
+        num_recipients += 1;
+    }
+    if from_id != ContactId::SELF && !has_self_addr {
+        num_recipients += 1;
    }
    let mut can_be_11_chat_log = String::new();
    let mut l = |cond: bool, s: String| {
@@ -3355,13 +3339,8 @@ async fn apply_chat_name_avatar_and_description_changes(
            .is_some()
        {
            let old_name = &sanitize_single_line(old_name);
-            better_msg.get_or_insert(
-                if matches!(chat.typ, Chattype::InBroadcast | Chattype::OutBroadcast) {
-                    stock_str::msg_broadcast_name_changed(context, old_name, grpname).await
-                } else {
-                    stock_str::msg_grp_name(context, old_name, grpname, from_id).await
-                },
-            );
+            better_msg
+                .get_or_insert(stock_str::msg_grp_name(context, old_name, grpname, from_id).await);
        }
    }

@@ -3418,18 +3397,10 @@ async fn apply_chat_name_avatar_and_description_changes(
    {
        // this is just an explicit message containing the group-avatar,
        // apart from that, the group-avatar is send along with various other messages
-        better_msg.get_or_insert(
-            if matches!(chat.typ, Chattype::InBroadcast | Chattype::OutBroadcast) {
-                stock_str::msg_broadcast_img_changed(context).await
-            } else {
-                match avatar_action {
-                    AvatarAction::Delete => stock_str::msg_grp_img_deleted(context, from_id).await,
-                    AvatarAction::Change(_) => {
-                        stock_str::msg_grp_img_changed(context, from_id).await
-                    }
-                }
-            },
-        );
+        better_msg.get_or_insert(match avatar_action {
+            AvatarAction::Delete => stock_str::msg_grp_img_deleted(context, from_id).await,
+            AvatarAction::Change(_) => stock_str::msg_grp_img_changed(context, from_id).await,
+        });
    }

    if let Some(avatar_action) = &mime_parser.group_avatar {
--- a/src/scheduler.rs
+++ b/src/scheduler.rs
@@ -431,6 +431,14 @@ pub async fn convert_folder_meaning(
 }

 async fn inbox_fetch_idle(ctx: &Context, imap: &mut Imap, mut session: Session) -> Result<Session> {
+    if !ctx.get_config_bool(Config::FixIsChatmail).await? {
+        ctx.set_config_internal(
+            Config::IsChatmail,
+            crate::config::from_bool(session.is_chatmail()),
+        )
+        .await?;
+    }
+
    // Update quota no more than once a minute.
    if ctx.quota_needs_update(session.transport_id(), 60).await
        && let Err(err) = ctx.update_recent_quota(&mut session).await
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -17,17 +17,17 @@ use crate::context::Context;
 use crate::e2ee::ensure_secret_key_exists;
 use crate::events::EventType;
 use crate::headerdef::HeaderDef;
-use crate::key::{DcKey, Fingerprint, load_self_public_key, self_fingerprint};
+use crate::key::{DcKey, Fingerprint, load_self_public_key};
 use crate::log::LogExt as _;
 use crate::log::warn;
-use crate::message::{self, Message, MsgId, Viewtype};
+use crate::message::{Message, Viewtype};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::param::Param;
 use crate::qr::check_qr;
 use crate::securejoin::bob::JoinerProgress;
 use crate::sync::Sync::*;
-use crate::tools::{create_id, create_outgoing_rfc724_mid, time};
-use crate::{SecurejoinSource, mimefactory, stats};
+use crate::tools::{create_id, time};
+use crate::{SecurejoinSource, stats};
 use crate::{SecurejoinUiPath, token};

 mod bob;
@@ -127,6 +127,9 @@ pub async fn get_securejoin_qr(context: &Context, chat: Option<ChatId>) -> Resul
        None => None,
    };
    let grpid = chat.as_ref().map(|c| c.grpid.as_str());
+    let sync_token = token::lookup(context, Namespace::InviteNumber, grpid)
+        .await?
+        .is_none();
    // Invite number is used to request the inviter key.
    let invitenumber = token::lookup_or_new(context, Namespace::InviteNumber, grpid).await?;

@@ -153,10 +156,12 @@ pub async fn get_securejoin_qr(context: &Context, chat: Option<ChatId>) -> Resul
        .unwrap_or_default();

    let qr = if let Some(chat) = chat {
-        context
-            .sync_qr_code_tokens(Some(chat.grpid.as_str()))
-            .await?;
-        context.scheduler.interrupt_smtp().await;
+        if sync_token {
+            context
+                .sync_qr_code_tokens(Some(chat.grpid.as_str()))
+                .await?;
+            context.scheduler.interrupt_smtp().await;
+        }

        let chat_name = chat.get_name();
        let chat_name_shortened = shorten_name(chat_name, 25);
@@ -173,11 +178,11 @@ pub async fn get_securejoin_qr(context: &Context, chat: Option<ChatId>) -> Resul
        if chat.typ == Chattype::OutBroadcast {
            // For historic reansons, broadcasts currently use j instead of i for the invitenumber.
            format!(
-                "https://i.delta.chat/#{fingerprint}&v=3&x={grpid}&j={invitenumber}&s={auth}&a={self_addr_urlencoded}&n={self_name_urlencoded}&b={chat_name_urlencoded}",
+                "https://i.delta.chat/#{fingerprint}&x={grpid}&j={invitenumber}&s={auth}&a={self_addr_urlencoded}&n={self_name_urlencoded}&b={chat_name_urlencoded}",
            )
        } else {
            format!(
-                "https://i.delta.chat/#{fingerprint}&v=3&x={grpid}&i={invitenumber}&s={auth}&a={self_addr_urlencoded}&n={self_name_urlencoded}&g={chat_name_urlencoded}",
+                "https://i.delta.chat/#{fingerprint}&x={grpid}&i={invitenumber}&s={auth}&a={self_addr_urlencoded}&n={self_name_urlencoded}&g={chat_name_urlencoded}",
            )
        }
    } else {
@@ -185,12 +190,12 @@ pub async fn get_securejoin_qr(context: &Context, chat: Option<ChatId>) -> Resul
        let self_name_urlencoded = utf8_percent_encode(&self_name_shortened, DISALLOWED_CHARACTERS)
            .to_string()
            .replace("%20", "+");
-
-        context.sync_qr_code_tokens(None).await?;
-        context.scheduler.interrupt_smtp().await;
-
+        if sync_token {
+            context.sync_qr_code_tokens(None).await?;
+            context.scheduler.interrupt_smtp().await;
+        }
        format!(
-            "https://i.delta.chat/#{fingerprint}&v=3&i={invitenumber}&s={auth}&a={self_addr_urlencoded}&n={self_name_urlencoded}",
+            "https://i.delta.chat/#{fingerprint}&i={invitenumber}&s={auth}&a={self_addr_urlencoded}&n={self_name_urlencoded}",
        )
    };

@@ -304,9 +309,7 @@ async fn verify_sender_by_fingerprint(
    fingerprint: &Fingerprint,
    contact_id: ContactId,
 ) -> Result<bool> {
-    let Some(contact) = Contact::get_by_id_optional(context, contact_id).await? else {
-        return Ok(false);
-    };
+    let contact = Contact::get_by_id(context, contact_id).await?;
    let is_verified = contact.fingerprint().is_some_and(|fp| &fp == fingerprint);
    if is_verified {
        mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?;
@@ -343,18 +346,12 @@ pub(crate) enum HandshakeMessage {
 /// Step of Secure-Join protocol.
 #[derive(Debug, Display, PartialEq, Eq)]
 pub(crate) enum SecureJoinStep {
-    /// vc-request or vg-request; only used in legacy securejoin
+    /// vc-request or vg-request
    Request { invitenumber: String },

-    /// vc-auth-required or vg-auth-required; only used in legacy securejoin
+    /// vc-auth-required or vg-auth-required
    AuthRequired,

-    /// vc-request-pubkey; only used in securejoin v3
-    RequestPubkey,
-
-    /// vc-pubkey; only used in securejoin v3
-    Pubkey,
-
    /// vc-request-with-auth or vg-request-with-auth
    RequestWithAuth,

@@ -384,8 +381,6 @@ pub(crate) fn get_secure_join_step(mime_message: &MimeMessage) -> Option<SecureJ
        })
    } else if let Some(step) = mime_message.get_header(HeaderDef::SecureJoin) {
        match step {
-            "vc-request-pubkey" => Some(SecureJoinStep::RequestPubkey),
-            "vc-pubkey" => Some(SecureJoinStep::Pubkey),
            "vg-auth-required" | "vc-auth-required" => Some(SecureJoinStep::AuthRequired),
            "vg-request-with-auth" | "vc-request-with-auth" => {
                Some(SecureJoinStep::RequestWithAuth)
@@ -444,10 +439,7 @@ pub(crate) async fn handle_securejoin_handshake(
    // will improve security (completely unrelated to the securejoin protocol)
    // and is something we want to do in the future:
    // https://www.rfc-editor.org/rfc/rfc9580.html#name-surreptitious-forwarding
-    if !matches!(
-        step,
-        SecureJoinStep::Request { .. } | SecureJoinStep::RequestPubkey | SecureJoinStep::Pubkey
-    ) {
+    if !matches!(step, SecureJoinStep::Request { .. }) {
        let mut self_found = false;
        let self_fingerprint = load_self_public_key(context).await?.dc_fingerprint();
        for (addr, key) in &mime_message.gossiped_keys {
@@ -513,57 +505,7 @@ pub(crate) async fn handle_securejoin_handshake(
            ====             Bob - the joiner's side             =====
            ====   Step 4 in "Setup verified contact" protocol   =====
            ========================================================*/
-            bob::handle_auth_required_or_pubkey(context, mime_message).await
-        }
-        SecureJoinStep::RequestPubkey => {
-            /*========================================================
-            ====             Alice - the inviter's side          =====
-            ====   Bob requests our public key (Securejoin v3)   =====
-            ========================================================*/
-
-            debug_assert!(
-                mime_message.signature.is_none(),
-                "RequestPubkey is not supposed to be signed"
-            );
-            let Some(auth) = mime_message.get_header(HeaderDef::SecureJoinAuth) else {
-                warn!(
-                    context,
-                    "Ignoring {step} message because of missing auth code."
-                );
-                return Ok(HandshakeMessage::Ignore);
-            };
-            if !token::exists(context, token::Namespace::Auth, auth).await? {
-                warn!(context, "Secure-join denied (bad auth).");
-                return Ok(HandshakeMessage::Ignore);
-            }
-
-            let rfc724_mid = create_outgoing_rfc724_mid();
-            let addr = ContactAddress::new(&mime_message.from.addr)?;
-            let attach_self_pubkey = true;
-            let self_fp = self_fingerprint(context).await?;
-            let shared_secret = format!("securejoin/{self_fp}/{auth}");
-            let rendered_message = mimefactory::render_symm_encrypted_securejoin_message(
-                context,
-                "vc-pubkey",
-                &rfc724_mid,
-                attach_self_pubkey,
-                auth,
-                &shared_secret,
-            )
-            .await?;
-
-            let msg_id = message::insert_tombstone(context, &rfc724_mid).await?;
-            insert_into_smtp(context, &rfc724_mid, &addr, rendered_message, msg_id).await?;
-            context.scheduler.interrupt_smtp().await;
-
-            Ok(HandshakeMessage::Done)
-        }
-        SecureJoinStep::Pubkey => {
-            /*========================================================
-            ====             Bob - the joiner's side             =====
-            ====     Alice sent us her pubkey (Securejoin v3)    =====
-            ========================================================*/
-            bob::handle_auth_required_or_pubkey(context, mime_message).await
+            bob::handle_auth_required(context, mime_message).await
        }
        SecureJoinStep::RequestWithAuth => {
            /*==========================================================
@@ -644,12 +586,15 @@ pub(crate) async fn handle_securejoin_handshake(
                mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?;
            }
            contact_id.regossip_keys(context).await?;
+            ContactId::scaleup_origin(context, &[contact_id], Origin::SecurejoinInvited).await?;
            // for setup-contact, make Alice's one-to-one chat with Bob visible
            // (secure-join-information are shown in the group chat)
            if grpid.is_empty() {
                ChatId::create_for_contact(context, contact_id).await?;
            }
+            context.emit_event(EventType::ContactsChanged(Some(contact_id)));
            if let Some(joining_chat_id) = joining_chat_id {
+                // Join group.
                chat::add_contact_to_chat_ex(context, Nosync, joining_chat_id, contact_id, true)
                    .await?;

@@ -659,10 +604,6 @@ pub(crate) async fn handle_securejoin_handshake(
                    // We don't use the membership consistency algorithm for broadcast channels,
                    // so, sync the memberlist when adding a contact
                    chat.sync_contacts(context).await.log_err(context).ok();
-                } else {
-                    ContactId::scaleup_origin(context, &[contact_id], Origin::SecurejoinInvited)
-                        .await?;
-                    context.emit_event(EventType::ContactsChanged(Some(contact_id)));
                }

                inviter_progress(context, contact_id, joining_chat_id, chat.typ)?;
@@ -725,24 +666,6 @@ pub(crate) async fn handle_securejoin_handshake(
    }
 }

-async fn insert_into_smtp(
-    context: &Context,
-    rfc724_mid: &str,
-    recipient: &str,
-    rendered_message: String,
-    msg_id: MsgId,
-) -> Result<(), Error> {
-    context
-        .sql
-        .execute(
-            "INSERT INTO smtp (rfc724_mid, recipients, mime, msg_id)
-            VALUES            (?1,         ?2,         ?3,   ?4)",
-            (&rfc724_mid, &recipient, &rendered_message, msg_id),
-        )
-        .await?;
-    Ok(())
-}
-
 /// Observe self-sent Securejoin message.
 ///
 /// In a multi-device-setup, there may be other devices that "see" the handshake messages.
@@ -774,8 +697,6 @@ pub(crate) async fn observe_securejoin_on_other_device(
    match step {
        SecureJoinStep::Request { .. }
        | SecureJoinStep::AuthRequired
-        | SecureJoinStep::RequestPubkey
-        | SecureJoinStep::Pubkey
        | SecureJoinStep::Deprecated
        | SecureJoinStep::Unknown { .. } => {
            return Ok(HandshakeMessage::Ignore);
--- a/src/securejoin/bob.rs
+++ b/src/securejoin/bob.rs
@@ -5,22 +5,20 @@ use anyhow::{Context as _, Result};
 use super::HandshakeMessage;
 use super::qrinvite::QrInvite;
 use crate::chat::{self, ChatId, is_contact_in_chat};
+use crate::chatlist_events;
 use crate::constants::{Blocked, Chattype};
-use crate::contact::{Contact, Origin};
+use crate::contact::Origin;
 use crate::context::Context;
 use crate::events::EventType;
 use crate::key::self_fingerprint;
 use crate::log::LogExt;
-use crate::message::{self, Message, MsgId, Viewtype};
+use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::param::{Param, Params};
-use crate::securejoin::{
-    ContactId, encrypted_and_signed, insert_into_smtp, verify_sender_by_fingerprint,
-};
+use crate::securejoin::{ContactId, encrypted_and_signed, verify_sender_by_fingerprint};
 use crate::stock_str;
 use crate::sync::Sync::*;
-use crate::tools::{create_outgoing_rfc724_mid, smeared_time, time};
-use crate::{chatlist_events, mimefactory};
+use crate::tools::{smeared_time, time};

 /// Starts the securejoin protocol with the QR `invite`.
 ///
@@ -49,14 +47,8 @@ pub(super) async fn start_protocol(context: &Context, invite: QrInvite) -> Resul
    // receive_imf.
    let private_chat_id = private_chat_id(context, &invite).await?;

-    match invite {
-        QrInvite::Group { .. } | QrInvite::Contact { .. } => {
-            ContactId::scaleup_origin(context, &[invite.contact_id()], Origin::SecurejoinJoined)
-                .await?;
-            context.emit_event(EventType::ContactsChanged(None));
-        }
-        QrInvite::Broadcast { .. } => {}
-    }
+    ContactId::scaleup_origin(context, &[invite.contact_id()], Origin::SecurejoinJoined).await?;
+    context.emit_event(EventType::ContactsChanged(None));

    let has_key = context
        .sql
@@ -221,11 +213,11 @@ LIMIT 1
    Ok(())
 }

-/// Handles `vc-auth-required`, `vg-auth-required`, and `vc-pubkey` handshake messages.
+/// Handles `vc-auth-required` and `vg-auth-required` handshake messages.
 ///
 /// # Bob - the joiner's side
 /// ## Step 4 in the "Setup Contact protocol"
-pub(super) async fn handle_auth_required_or_pubkey(
+pub(super) async fn handle_auth_required(
    context: &Context,
    message: &MimeMessage,
 ) -> Result<HandshakeMessage> {
@@ -307,72 +299,47 @@ pub(crate) async fn send_handshake_message(
    chat_id: ChatId,
    step: BobHandshakeMsg,
 ) -> Result<()> {
-    if invite.is_v3() && matches!(step, BobHandshakeMsg::Request) {
-        // Send a minimal symmetrically-encrypted vc-request-pubkey message
-        let rfc724_mid = create_outgoing_rfc724_mid();
-        let contact = Contact::get_by_id(context, invite.contact_id()).await?;
-        let recipient = contact.get_addr();
-        let alice_fp = invite.fingerprint().hex();
-        let auth = invite.authcode();
-        let shared_secret = format!("securejoin/{alice_fp}/{auth}");
-        let attach_self_pubkey = false;
-        let rendered_message = mimefactory::render_symm_encrypted_securejoin_message(
-            context,
-            "vc-request-pubkey",
-            &rfc724_mid,
-            attach_self_pubkey,
-            auth,
-            &shared_secret,
-        )
-        .await?;
+    let mut msg = Message {
+        viewtype: Viewtype::Text,
+        text: step.body_text(invite),
+        hidden: true,
+        ..Default::default()
+    };
+    msg.param.set_cmd(SystemMessage::SecurejoinMessage);

-        let msg_id = message::insert_tombstone(context, &rfc724_mid).await?;
-        insert_into_smtp(context, &rfc724_mid, recipient, rendered_message, msg_id).await?;
-        context.scheduler.interrupt_smtp().await;
-    } else {
-        let mut msg = Message {
-            viewtype: Viewtype::Text,
-            text: step.body_text(invite),
-            hidden: true,
-            ..Default::default()
-        };
+    // Sends the step in Secure-Join header.
+    msg.param.set(Param::Arg, step.securejoin_header(invite));

-        msg.param.set_cmd(SystemMessage::SecurejoinMessage);
+    match step {
+        BobHandshakeMsg::Request => {
+            // Sends the Secure-Join-Invitenumber header in mimefactory.rs.
+            msg.param.set(Param::Arg2, invite.invitenumber());
+            msg.force_plaintext();
+        }
+        BobHandshakeMsg::RequestWithAuth => {
+            // Sends the Secure-Join-Auth header in mimefactory.rs.
+            msg.param.set(Param::Arg2, invite.authcode());
+            msg.param.set_int(Param::GuaranteeE2ee, 1);

-        // Sends the step in Secure-Join header.
-        msg.param.set(Param::Arg, step.securejoin_header(invite));
+            // Sends our own fingerprint in the Secure-Join-Fingerprint header.
+            let bob_fp = self_fingerprint(context).await?;
+            msg.param.set(Param::Arg3, bob_fp);

-        match step {
-            BobHandshakeMsg::Request => {
-                // Sends the Secure-Join-Invitenumber header in mimefactory.rs.
-                msg.param.set(Param::Arg2, invite.invitenumber());
-                msg.force_plaintext();
+            // Sends the grpid in the Secure-Join-Group header.
+            //
+            // `Secure-Join-Group` header is deprecated,
+            // but old Delta Chat core requires that Alice receives it.
+            //
+            // Previous Delta Chat core also sent `Secure-Join-Group` header
+            // in `vg-request` messages,
+            // but it was not used on the receiver.
+            if let QrInvite::Group { grpid, .. } = invite {
+                msg.param.set(Param::Arg4, grpid);
            }
-            BobHandshakeMsg::RequestWithAuth => {
-                // Sends the Secure-Join-Auth header in mimefactory.rs.
-                msg.param.set(Param::Arg2, invite.authcode());
-                msg.param.set_int(Param::GuaranteeE2ee, 1);
+        }
+    };

-                // Sends our own fingerprint in the Secure-Join-Fingerprint header.
-                let bob_fp = self_fingerprint(context).await?;
-                msg.param.set(Param::Arg3, bob_fp);
-
-                // Sends the grpid in the Secure-Join-Group header.
-                //
-                // `Secure-Join-Group` header is deprecated,
-                // but old Delta Chat core requires that Alice receives it.
-                //
-                // Previous Delta Chat core also sent `Secure-Join-Group` header
-                // in `vg-request` messages,
-                // but it was not used on the receiver.
-                if let QrInvite::Group { grpid, .. } = invite {
-                    msg.param.set(Param::Arg4, grpid);
-                }
-            }
-        };
-
-        chat::send_msg(context, chat_id, &mut msg).await?;
-    }
+    chat::send_msg(context, chat_id, &mut msg).await?;
    Ok(())
 }

--- a/src/securejoin/qrinvite.rs
+++ b/src/securejoin/qrinvite.rs
@@ -12,7 +12,7 @@ use crate::qr::Qr;

 /// Represents the data from a QR-code scan.
 ///
-/// There are methods to conveniently access fields present in all three variants.
+/// There are methods to conveniently access fields present in both variants.
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
 pub enum QrInvite {
    Contact {
@@ -20,8 +20,6 @@ pub enum QrInvite {
        fingerprint: Fingerprint,
        invitenumber: String,
        authcode: String,
-        #[serde(default)]
-        is_v3: bool,
    },
    Group {
        contact_id: ContactId,
@@ -30,8 +28,6 @@ pub enum QrInvite {
        grpid: String,
        invitenumber: String,
        authcode: String,
-        #[serde(default)]
-        is_v3: bool,
    },
    Broadcast {
        contact_id: ContactId,
@@ -40,8 +36,6 @@ pub enum QrInvite {
        grpid: String,
        invitenumber: String,
        authcode: String,
-        #[serde(default)]
-        is_v3: bool,
    },
 }

@@ -84,14 +78,6 @@ impl QrInvite {
            | Self::Broadcast { authcode, .. } => authcode,
        }
    }
-
-    pub fn is_v3(&self) -> bool {
-        match *self {
-            QrInvite::Contact { is_v3, .. } => is_v3,
-            QrInvite::Group { is_v3, .. } => is_v3,
-            QrInvite::Broadcast { is_v3, .. } => is_v3,
-        }
-    }
 }

 impl TryFrom<Qr> for QrInvite {
@@ -104,13 +90,11 @@ impl TryFrom<Qr> for QrInvite {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            } => Ok(QrInvite::Contact {
                contact_id,
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            }),
            Qr::AskVerifyGroup {
                grpname,
@@ -119,7 +103,6 @@ impl TryFrom<Qr> for QrInvite {
                fingerprint,
                invitenumber,
                authcode,
-                is_v3,
            } => Ok(QrInvite::Group {
                contact_id,
                fingerprint,
@@ -127,7 +110,6 @@ impl TryFrom<Qr> for QrInvite {
                grpid,
                invitenumber,
                authcode,
-                is_v3,
            }),
            Qr::AskJoinBroadcast {
                name,
@@ -136,7 +118,6 @@ impl TryFrom<Qr> for QrInvite {
                fingerprint,
                authcode,
                invitenumber,
-                is_v3,
            } => Ok(QrInvite::Broadcast {
                name,
                grpid,
@@ -144,7 +125,6 @@ impl TryFrom<Qr> for QrInvite {
                fingerprint,
                authcode,
                invitenumber,
-                is_v3,
            }),
            _ => bail!("Unsupported QR type"),
        }
--- a/src/securejoin/securejoin_tests.rs
+++ b/src/securejoin/securejoin_tests.rs
@@ -1,7 +1,6 @@
 use std::time::Duration;

 use deltachat_contact_tools::EmailAddress;
-use regex::Regex;

 use super::*;
 use crate::chat::{CantSendReason, add_contact_to_chat, remove_contact_from_chat};
@@ -12,10 +11,10 @@ use crate::key::self_fingerprint;
 use crate::mimeparser::{GossipedKey, SystemMessage};
 use crate::qr::Qr;
 use crate::receive_imf::receive_imf;
-use crate::stock_str::{self, messages_e2ee_info_msg};
+use crate::stock_str::{self, messages_e2e_encrypted};
 use crate::test_utils::{
    AVATAR_64x64_BYTES, AVATAR_64x64_DEDUPLICATED, TestContext, TestContextManager,
-    TimeShiftFalsePositiveNote, get_chat_msg, sync,
+    TimeShiftFalsePositiveNote, get_chat_msg,
 };
 use crate::tools::SystemTime;

@@ -28,7 +27,7 @@ enum SetupContactCase {
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_setup_contact_basic() {
+async fn test_setup_contact() {
    test_setup_contact_ex(SetupContactCase::Normal).await
 }

@@ -63,13 +62,13 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
    bob.set_config(Config::Displayname, Some("Bob Examplenet"))
        .await
        .unwrap();
-    let alice_auto_submitted_hdr: bool;
+    let alice_auto_submitted_hdr;
    match case {
        SetupContactCase::AliceIsBot => {
            alice.set_config_bool(Config::Bot, true).await.unwrap();
-            alice_auto_submitted_hdr = true;
+            alice_auto_submitted_hdr = "Auto-Submitted: auto-generated";
        }
-        _ => alice_auto_submitted_hdr = false,
+        _ => alice_auto_submitted_hdr = "Auto-Submitted: auto-replied",
    };

    assert_eq!(
@@ -109,7 +108,7 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
    let mut i = 0..msg_cnt;
    let msg = get_chat_msg(&bob, bob_chat.get_id(), i.next().unwrap(), msg_cnt).await;
    assert!(msg.is_info());
-    assert_eq!(msg.get_text(), messages_e2ee_info_msg(&bob).await);
+    assert_eq!(msg.get_text(), messages_e2e_encrypted(&bob).await);
    let msg = get_chat_msg(&bob, bob_chat.get_id(), i.next().unwrap(), msg_cnt).await;
    assert!(msg.is_info());
    assert_eq!(msg.get_text(), stock_str::securejoin_wait(&bob).await);
@@ -119,15 +118,12 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
    assert!(!sent.payload.contains("Bob Examplenet"));
    assert_eq!(sent.recipient(), EmailAddress::new(alice_addr).unwrap());
    let msg = alice.parse_msg(&sent).await;
-    assert!(msg.signature.is_none());
-    assert_eq!(
-        msg.get_header(HeaderDef::SecureJoin).unwrap(),
-        "vc-request-pubkey"
-    );
-    assert!(msg.get_header(HeaderDef::SecureJoinAuth).is_some());
+    assert!(!msg.was_encrypted());
+    assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vc-request");
+    assert!(msg.get_header(HeaderDef::SecureJoinInvitenumber).is_some());
    assert!(!msg.header_exists(HeaderDef::AutoSubmitted));

-    tcm.section("Step 3: Alice receives vc-request-pubkey, sends vc-pubkey");
+    tcm.section("Step 3: Alice receives vc-request, sends vc-auth-required");
    alice.recv_msg_trash(&sent).await;
    assert_eq!(
        Chatlist::try_load(&alice, 0, None, None)
@@ -138,14 +134,13 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
    );

    let sent = alice.pop_sent_msg().await;
-    assert_eq!(sent.payload.contains("Auto-Submitted:"), false);
+    assert!(sent.payload.contains(alice_auto_submitted_hdr));
    assert!(!sent.payload.contains("Alice Exampleorg"));
    let msg = bob.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
-    assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vc-pubkey");
    assert_eq!(
-        msg.get_header(HeaderDef::AutoSubmitted),
-        alice_auto_submitted_hdr.then_some("auto-generated")
+        msg.get_header(HeaderDef::SecureJoin).unwrap(),
+        "vc-auth-required"
    );

    let bob_chat = bob.get_chat(&alice).await;
@@ -175,6 +170,7 @@ async fn test_setup_contact_ex(case: SetupContactCase) {

    // Check Bob sent the right message.
    let sent = bob.pop_sent_msg().await;
+    assert!(sent.payload.contains("Auto-Submitted: auto-replied"));
    assert!(!sent.payload.contains("Bob Examplenet"));
    let mut msg = alice.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
@@ -250,7 +246,7 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
        let chat = alice.get_chat(&bob).await;
        let msg = get_chat_msg(&alice, chat.get_id(), 0, 1).await;
        assert!(msg.is_info());
-        let expected_text = messages_e2ee_info_msg(&alice).await;
+        let expected_text = messages_e2e_encrypted(&alice).await;
        assert_eq!(msg.get_text(), expected_text);
    }

@@ -265,10 +261,7 @@ async fn test_setup_contact_ex(case: SetupContactCase) {

    // Check Alice sent the right message to Bob.
    let sent = alice.pop_sent_msg().await;
-    assert_eq!(
-        sent.payload.contains("Auto-Submitted: auto-generated"),
-        false
-    );
+    assert!(sent.payload.contains(alice_auto_submitted_hdr));
    assert!(!sent.payload.contains("Alice Exampleorg"));
    let msg = bob.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
@@ -295,7 +288,7 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
    // The `SecurejoinWait` info message has been removed, but the e2ee notice remains.
    let msg = get_chat_msg(&bob, bob_chat.get_id(), 0, 1).await;
    assert!(msg.is_info());
-    assert_eq!(msg.get_text(), messages_e2ee_info_msg(&bob).await);
+    assert_eq!(msg.get_text(), messages_e2e_encrypted(&bob).await);
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -428,31 +421,18 @@ async fn test_setup_contact_concurrent_calls() -> Result<()> {
    assert!(!alice_id.is_special());
    assert_eq!(chat.typ, Chattype::Single);
    assert_ne!(claire_id, alice_id);
-    assert_eq!(
+    assert!(
        bob.pop_sent_msg()
            .await
            .payload()
-            .contains("alice@example.org"),
-        false // Alice's address must not be sent in cleartext
+            .contains("alice@example.org")
    );

    Ok(())
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_secure_join_group_legacy() -> Result<()> {
-    test_secure_join_group_ex(false, false).await
-}
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_secure_join_group_v3() -> Result<()> {
-    test_secure_join_group_ex(true, false).await
-}
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_secure_join_group_v3_without_invite() -> Result<()> {
-    test_secure_join_group_ex(true, true).await
-}
-
-async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()> {
+async fn test_secure_join() -> Result<()> {
    let mut tcm = TestContextManager::new();
    let alice = tcm.alice().await;
    let bob = tcm.bob().await;
@@ -464,8 +444,7 @@ async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()>
    let alice_chatid = chat::create_group(&alice, "the chat").await?;

    tcm.section("Step 1: Generate QR-code, secure-join implied by chatid");
-    let mut qr = get_securejoin_qr(&alice, Some(alice_chatid)).await.unwrap();
-    manipulate_qr(v3, remove_invite, &mut qr);
+    let qr = get_securejoin_qr(&alice, Some(alice_chatid)).await.unwrap();

    tcm.section("Step 2: Bob scans QR-code, sends vg-request");
    let bob_chatid = join_securejoin(&bob, &qr).await?;
@@ -477,20 +456,9 @@ async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()>
        EmailAddress::new("alice@example.org").unwrap()
    );
    let msg = alice.parse_msg(&sent).await;
-    assert!(msg.signature.is_none());
-    assert_eq!(
-        msg.get_header(HeaderDef::SecureJoin).unwrap(),
-        if v3 {
-            "vc-request-pubkey"
-        } else {
-            "vg-request"
-        }
-    );
-    assert_eq!(msg.get_header(HeaderDef::SecureJoinAuth).is_some(), v3);
-    assert_eq!(
-        msg.get_header(HeaderDef::SecureJoinInvitenumber).is_some(),
-        !v3
-    );
+    assert!(!msg.was_encrypted());
+    assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vg-request");
+    assert!(msg.get_header(HeaderDef::SecureJoinInvitenumber).is_some());
    assert!(!msg.header_exists(HeaderDef::AutoSubmitted));

    // Old Delta Chat core sent `Secure-Join-Group` header in `vg-request`,
@@ -501,18 +469,19 @@ async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()>
    // is only sent in `vg-request-with-auth` for compatibility.
    assert!(!msg.header_exists(HeaderDef::SecureJoinGroup));

-    tcm.section("Step 3: Alice receives vc-request-pubkey and sends vc-pubkey, or receives vg-request and sends vg-auth-required");
+    tcm.section("Step 3: Alice receives vg-request, sends vg-auth-required");
    alice.recv_msg_trash(&sent).await;

    let sent = alice.pop_sent_msg().await;
+    assert!(sent.payload.contains("Auto-Submitted: auto-replied"));
    let msg = bob.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
    assert_eq!(
        msg.get_header(HeaderDef::SecureJoin).unwrap(),
-        if v3 { "vc-pubkey" } else { "vg-auth-required" }
+        "vg-auth-required"
    );

-    tcm.section("Step 4: Bob receives vc-pubkey or vg-auth-required, sends v*-request-with-auth");
+    tcm.section("Step 4: Bob receives vg-auth-required, sends vg-request-with-auth");
    bob.recv_msg_trash(&sent).await;
    let sent = bob.pop_sent_msg().await;

@@ -542,6 +511,7 @@ async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()>
    }

    // Check Bob sent the right handshake message.
+    assert!(sent.payload.contains("Auto-Submitted: auto-replied"));
    let msg = alice.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
    assert_eq!(
@@ -605,27 +575,19 @@ async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()>
    {
        // Now Alice's chat with Bob should still be hidden, the verified message should
        // appear in the group chat.
-        if v3 {
-            assert!(
-                ChatIdBlocked::lookup_by_contact(&alice, contact_bob.id)
-                    .await?
-                    .is_none()
-            );
-        } else {
-            let chat = alice.get_chat(&bob).await;
-            assert_eq!(
-                chat.blocked,
-                Blocked::Yes,
-                "Alice's 1:1 chat with Bob is not hidden"
-            );
-        }

+        let chat = alice.get_chat(&bob).await;
+        assert_eq!(
+            chat.blocked,
+            Blocked::Yes,
+            "Alice's 1:1 chat with Bob is not hidden"
+        );
        // There should be 2 messages in the chat:
        // - The ChatProtectionEnabled message
        // - You added member bob@example.net
        let msg = get_chat_msg(&alice, alice_chatid, 0, 2).await;
        assert!(msg.is_info());
-        let expected_text = messages_e2ee_info_msg(&alice).await;
+        let expected_text = messages_e2e_encrypted(&alice).await;
        assert_eq!(msg.get_text(), expected_text);
    }

@@ -678,97 +640,6 @@ async fn test_secure_join_group_ex(v3: bool, remove_invite: bool) -> Result<()>
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_secure_join_broadcast_legacy() -> Result<()> {
-    test_secure_join_broadcast_ex(false, false).await
-}
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_secure_join_broadcast_v3() -> Result<()> {
-    test_secure_join_broadcast_ex(true, false).await
-}
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_secure_join_broadcast_v3_without_invite() -> Result<()> {
-    test_secure_join_broadcast_ex(true, true).await
-}
-
-async fn test_secure_join_broadcast_ex(v3: bool, remove_invite: bool) -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat_id = chat::create_broadcast(alice, "Channel".to_string()).await?;
-    let mut qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
-    manipulate_qr(v3, remove_invite, &mut qr);
-    let bob_chat_id = tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let sent = alice.send_text(alice_chat_id, "Hi channel").await;
-    assert!(sent.recipients.contains("bob@example.net"));
-    let rcvd = bob.recv_msg(&sent).await;
-    assert_eq!(rcvd.chat_id, bob_chat_id);
-    assert_eq!(rcvd.text, "Hi channel");
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_setup_contact_compatibility_legacy() -> Result<()> {
-    test_setup_contact_compatibility_ex(false, false).await
-}
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_setup_contact_compatibility_v3() -> Result<()> {
-    test_setup_contact_compatibility_ex(true, false).await
-}
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_setup_contact_compatibility_v3_without_invite() -> Result<()> {
-    test_setup_contact_compatibility_ex(true, true).await
-}
-
-async fn test_setup_contact_compatibility_ex(v3: bool, remove_invite: bool) -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    alice.set_config(Config::Displayname, Some("Alice")).await?;
-
-    let mut qr = get_securejoin_qr(alice, None).await?;
-    manipulate_qr(v3, remove_invite, &mut qr);
-    let bob_chat_id = tcm.exec_securejoin_qr(bob, alice, &qr).await;
-
-    let bob_chat = Chat::load_from_db(bob, bob_chat_id).await?;
-    assert_eq!(bob_chat.name, "Alice");
-    assert!(bob_chat.can_send(bob).await?);
-    assert_eq!(bob_chat.typ, Chattype::Single);
-    assert_eq!(bob_chat.id, bob.get_chat(alice).await.id);
-
-    let alice_chat = alice.get_chat(bob).await;
-    assert_eq!(alice_chat.name, "bob@example.net");
-    assert!(alice_chat.can_send(alice).await?);
-    assert_eq!(alice_chat.typ, Chattype::Single);
-
-    Ok(())
-}
-
-fn manipulate_qr(v3: bool, remove_invite: bool, qr: &mut String) {
-    if remove_invite {
-        // Remove the INVITENUBMER. It's not needed in Securejoin v3,
-        // but still included for backwards compatibility reasons.
-        // We want to be able to remove it in the future,
-        // therefore we test that things work without it.
-        let new_qr = Regex::new("&i=.*?&").unwrap().replace(qr, "&");
-        // Broadcast channels use `j` for the INVITENUMBER
-        let new_qr = Regex::new("&j=.*?&").unwrap().replace(&new_qr, "&");
-        assert!(new_qr != *qr);
-        *qr = new_qr.to_string();
-    }
-    // If `!v3`, force legacy securejoin to run by removing the &v=3 parameter.
-    // If `remove_invite`, we can also remove the v=3 parameter,
-    // because a QR with AUTH but no INVITE is obviously v3 QR code.
-    if !v3 || remove_invite {
-        let new_qr = Regex::new("&v=3").unwrap().replace(qr, "");
-        assert!(new_qr != *qr);
-        *qr = new_qr.to_string();
-    }
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_adhoc_group_no_qr() -> Result<()> {
    let alice = TestContext::new_alice().await;
@@ -911,18 +782,7 @@ async fn test_parallel_securejoin() -> Result<()> {
 /// Tests Bob scanning setup contact QR codes of Alice and Fiona
 /// concurrently.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_parallel_setup_contact_basic() -> Result<()> {
-    test_parallel_setup_contact(false).await
-}
-
-/// Tests Bob scanning setup contact QR codes of Alice and Fiona
-/// concurrently, and then deleting the Fiona contact.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_parallel_setup_contact_bob_deletes_fiona() -> Result<()> {
-    test_parallel_setup_contact(true).await
-}
-
-async fn test_parallel_setup_contact(bob_deletes_fiona_contact: bool) -> Result<()> {
+async fn test_parallel_setup_contact() -> Result<()> {
    let mut tcm = TestContextManager::new();
    let alice = &tcm.alice().await;
    let bob = &tcm.bob().await;
@@ -943,25 +803,16 @@ async fn test_parallel_setup_contact(bob_deletes_fiona_contact: bool) -> Result<
    fiona.recv_msg_trash(&sent_fiona_vc_request).await;
    let sent_fiona_vc_auth_required = fiona.pop_sent_msg().await;

+    bob.recv_msg_trash(&sent_fiona_vc_auth_required).await;
+    let sent_fiona_vc_request_with_auth = bob.pop_sent_msg().await;
+
+    fiona.recv_msg_trash(&sent_fiona_vc_request_with_auth).await;
+    let sent_fiona_vc_contact_confirm = fiona.pop_sent_msg().await;
+
+    bob.recv_msg_trash(&sent_fiona_vc_contact_confirm).await;
    let bob_fiona_contact_id = bob.add_or_lookup_contact_id(fiona).await;
-    if bob_deletes_fiona_contact {
-        bob.get_chat(fiona).await.id.delete(bob).await?;
-        Contact::delete(bob, bob_fiona_contact_id).await?;
-
-        bob.recv_msg_trash(&sent_fiona_vc_auth_required).await;
-        let sent = bob.pop_sent_msg_opt(Duration::ZERO).await;
-        assert!(sent.is_none());
-    } else {
-        bob.recv_msg_trash(&sent_fiona_vc_auth_required).await;
-        let sent_fiona_vc_request_with_auth = bob.pop_sent_msg().await;
-
-        fiona.recv_msg_trash(&sent_fiona_vc_request_with_auth).await;
-        let sent_fiona_vc_contact_confirm = fiona.pop_sent_msg().await;
-
-        bob.recv_msg_trash(&sent_fiona_vc_contact_confirm).await;
-        let bob_fiona_contact = Contact::get_by_id(bob, bob_fiona_contact_id).await.unwrap();
-        assert_eq!(bob_fiona_contact.is_verified(bob).await.unwrap(), true);
-    }
+    let bob_fiona_contact = Contact::get_by_id(bob, bob_fiona_contact_id).await.unwrap();
+    assert_eq!(bob_fiona_contact.is_verified(bob).await.unwrap(), true);

    // Alice gets online and previously started SecureJoin process finishes.
    alice.recv_msg_trash(&sent_alice_vc_request).await;
@@ -1519,68 +1370,3 @@ gU6dGXsFMe/RpRHrIAkMAaM5xkxMDRuRJDxiUdS/X+Y8

    Ok(())
 }
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_auth_token_is_synchronized() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice1 = &tcm.alice().await;
-    let alice2 = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    bob.set_config(Config::Displayname, Some("Bob")).await?;
-
-    alice1.set_config_bool(Config::SyncMsgs, true).await?;
-    alice2.set_config_bool(Config::SyncMsgs, true).await?;
-
-    // This creates first auth token:
-    let qr1 = get_securejoin_qr(alice1, None).await?;
-
-    // This creates another auth token; both of them need to be synchronized
-    let qr2 = get_securejoin_qr(alice1, None).await?;
-    sync(alice1, alice2).await;
-
-    // Note that Bob will throw away the AUTH token after sending `vc-request-with-auth`.
-    // Therefore, he will fail to decrypt the answer from Alice's second device,
-    // which leads to a "decryption failed: missing key" message in the logs.
-    // This is fine.
-    tcm.exec_securejoin_qr_multi_device(bob, &[alice1, alice2], &qr2)
-        .await;
-
-    let contacts = Contact::get_all(alice2, 0, Some("Bob")).await?;
-    assert_eq!(contacts[0], alice2.add_or_lookup_contact_id(bob).await);
-    assert_eq!(contacts.len(), 1);
-
-    let chatlist = Chatlist::try_load(alice2, 0, Some("Bob"), None).await?;
-    assert_eq!(chatlist.get_chat_id(0)?, alice2.get_chat(bob).await.id);
-    assert_eq!(chatlist.len(), 1);
-
-    for qr in [qr1, qr2] {
-        let qr = check_qr(bob, &qr).await?;
-        let qr = QrInvite::try_from(qr)?;
-        assert!(token::exists(alice2, Namespace::InviteNumber, qr.invitenumber()).await?);
-        assert!(token::exists(alice2, Namespace::Auth, qr.authcode()).await?);
-    }
-
-    // Check that alice2 only saves the invite number once:
-    let invite_count: u32 = alice2
-        .sql
-        .query_get_value(
-            "SELECT COUNT(*) FROM tokens WHERE namespc=?;",
-            (Namespace::InviteNumber,),
-        )
-        .await?
-        .unwrap();
-    assert_eq!(invite_count, 1);
-
-    // ...but knows two AUTH tokens:
-    let auth_count: u32 = alice2
-        .sql
-        .query_get_value(
-            "SELECT COUNT(*) FROM tokens WHERE namespc=?;",
-            (Namespace::Auth,),
-        )
-        .await?
-        .unwrap();
-    assert_eq!(auth_count, 2);
-
-    Ok(())
-}
--- a/src/smtp.rs
+++ b/src/smtp.rs
@@ -706,7 +706,7 @@ pub(crate) async fn add_self_recipients(
        // them. Normally the user should have a non-chatmail primary transport to send unencrypted
        // messages.
        if encrypted {
-            for addr in context.get_published_secondary_self_addrs().await? {
+            for addr in context.get_secondary_self_addrs().await? {
                recipients.push(addr);
            }
        }
--- a/src/sql.rs
+++ b/src/sql.rs
@@ -4,7 +4,7 @@ use std::collections::{HashMap, HashSet};
 use std::path::{Path, PathBuf};
 use std::time::Duration;

-use anyhow::{Context as _, Result, bail};
+use anyhow::{Context as _, Result, bail, ensure};
 use rusqlite::{Connection, OpenFlags, Row, config::DbConfig, types::ValueRef};
 use tokio::sync::RwLock;

@@ -25,7 +25,7 @@ use crate::net::http::http_cache_cleanup;
 use crate::net::prune_connection_history;
 use crate::param::{Param, Params};
 use crate::stock_str;
-use crate::tools::{SystemTime, delete_file, time};
+use crate::tools::{SystemTime, Time, delete_file, time, time_elapsed};

 /// Extension to [`rusqlite::ToSql`] trait
 /// which also includes [`Send`] and [`Sync`].
@@ -48,7 +48,7 @@ macro_rules! params_slice {
 mod migrations;
 mod pool;

-use pool::{Pool, WalCheckpointStats};
+use pool::Pool;

 /// A wrapper around the underlying Sqlite3 object.
 #[derive(Debug)]
@@ -302,7 +302,7 @@ impl Sql {
    /// otherwise allocates write connection.
    ///
    /// Returns the result of the function.
-    pub async fn call<'a, F, R>(&'a self, query_only: bool, function: F) -> Result<R>
+    async fn call<'a, F, R>(&'a self, query_only: bool, function: F) -> Result<R>
    where
        F: 'a + FnOnce(&mut Connection) -> Result<R> + Send,
        R: Send + 'static,
@@ -663,30 +663,73 @@ impl Sql {
        &self.config_cache
    }

-    /// Attempts to truncate the WAL file.
-    pub(crate) async fn wal_checkpoint(&self, context: &Context) -> Result<()> {
-        let lock = self.pool.read().await;
+    /// Runs a checkpoint operation in TRUNCATE mode, so the WAL file is truncated to 0 bytes.
+    pub(crate) async fn wal_checkpoint(context: &Context) -> Result<()> {
+        let t_start = Time::now();
+        let lock = context.sql.pool.read().await;
        let Some(pool) = lock.as_ref() else {
            // No db connections, nothing to checkpoint.
            return Ok(());
        };

-        let WalCheckpointStats {
-            total_duration,
-            writers_blocked_duration,
-            readers_blocked_duration,
-            pages_total,
-            pages_checkpointed,
-        } = pool.wal_checkpoint().await?;
+        // Do as much work as possible without blocking anybody.
+        let query_only = true;
+        let conn = pool.get(query_only).await?;
+        tokio::task::block_in_place(|| {
+            // Execute some transaction causing the WAL file to be opened so that the
+            // `wal_checkpoint()` can proceed, otherwise it fails when called the first time,
+            // see https://sqlite.org/forum/forumpost/7512d76a05268fc8.
+            conn.query_row("PRAGMA table_list", [], |_| Ok(()))?;
+            conn.query_row("PRAGMA wal_checkpoint(PASSIVE)", [], |_| Ok(()))
+        })?;
+
+        // Kick out writers.
+        const _: () = assert!(Sql::N_DB_CONNECTIONS > 1, "Deadlock possible");
+        let _write_lock = pool.write_lock().await;
+        let t_writers_blocked = Time::now();
+        // Ensure that all readers use the most recent database snapshot (are at the end of WAL) so
+        // that `wal_checkpoint(FULL)` isn't blocked. We could use `PASSIVE` as well, but it's
+        // documented poorly, https://www.sqlite.org/pragma.html#pragma_wal_checkpoint and
+        // https://www.sqlite.org/c3ref/wal_checkpoint_v2.html don't tell how it interacts with new
+        // readers.
+        let mut read_conns = Vec::with_capacity(Self::N_DB_CONNECTIONS - 1);
+        for _ in 0..(Self::N_DB_CONNECTIONS - 1) {
+            read_conns.push(pool.get(query_only).await?);
+        }
+        read_conns.clear();
+        // Checkpoint the remaining WAL pages without blocking readers.
+        let (pages_total, pages_checkpointed) = tokio::task::block_in_place(|| {
+            conn.query_row("PRAGMA wal_checkpoint(FULL)", [], |row| {
+                let pages_total: i64 = row.get(1)?;
+                let pages_checkpointed: i64 = row.get(2)?;
+                Ok((pages_total, pages_checkpointed))
+            })
+        })?;
        if pages_checkpointed < pages_total {
            warn!(
                context,
                "Cannot checkpoint whole WAL. Pages total: {pages_total}, checkpointed: {pages_checkpointed}. Make sure there are no external connections running transactions.",
            );
        }
+        // Kick out readers to avoid blocking/SQLITE_BUSY.
+        for _ in 0..(Self::N_DB_CONNECTIONS - 1) {
+            read_conns.push(pool.get(query_only).await?);
+        }
+        let t_readers_blocked = Time::now();
+        tokio::task::block_in_place(|| {
+            let blocked = conn.query_row("PRAGMA wal_checkpoint(TRUNCATE)", [], |row| {
+                let blocked: i64 = row.get(0)?;
+                Ok(blocked)
+            })?;
+            ensure!(blocked == 0);
+            Ok(())
+        })?;
        info!(
            context,
-            "wal_checkpoint: Total time: {total_duration:?}. Writers blocked for: {writers_blocked_duration:?}. Readers blocked for: {readers_blocked_duration:?}."
+            "wal_checkpoint: Total time: {:?}. Writers blocked for: {:?}. Readers blocked for: {:?}.",
+            time_elapsed(&t_start),
+            time_elapsed(&t_writers_blocked),
+            time_elapsed(&t_readers_blocked),
        );
        Ok(())
    }
@@ -785,10 +828,6 @@ async fn incremental_vacuum(context: &Context) -> Result<()> {

 /// Cleanup the account to restore some storage and optimize the database.
 pub async fn housekeeping(context: &Context) -> Result<()> {
-    let Ok(_housekeeping_lock) = context.housekeeping_mutex.try_lock() else {
-        // Housekeeping is already running in another thread, do nothing.
-        return Ok(());
-    };
    // Setting `Config::LastHousekeeping` at the beginning avoids endless loops when things do not
    // work out for whatever reason or are interrupted by the OS.
    if let Err(e) = context
@@ -843,7 +882,7 @@ pub async fn housekeeping(context: &Context) -> Result<()> {
    // bigger than 200M) and also make sure we truncate the WAL periodically. Auto-checkponting does
    // not normally truncate the WAL (unless the `journal_size_limit` pragma is set), see
    // https://www.sqlite.org/wal.html.
-    if let Err(err) = Sql::wal_checkpoint(&context.sql, context).await {
+    if let Err(err) = Sql::wal_checkpoint(context).await {
        warn!(context, "wal_checkpoint() failed: {err:#}.");
        debug_assert!(false);
    }
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 -03-19
 -02-17