NeoChat, encryption, and thanks for all the olms
Early in 2021, Carl and I were made aware of NlNet, a dutch foundation that sponsors many open source projects, and decided to apply for some funding there to expedite the development process. Fortunately, the application process at NlNet is very light-weight, so there isn’t a lot of risk involved in applying for funding. A while after sending our application, NlNet got back to us with the good news that they would indeed be funding E2EE work for NeoChat and libQuotient.
The actual development work started with creating Qt-Style bindings for libOlm, the library that provides implementations of the cryptographic functions required for implementing end-to-end encryption in matrix. Most of this work was done by Carl and is now merged into libQuotient.
Building on this foundation, we implemented support for reading and sending encrypted messages into libQuotient. This includes support for all of the different types like texts, images, files, audio and others. By integrating this into libQuotient, this is almost completely transparent to the actual application, meaning that for the most part, app developers building on top of libQuotient do not need to do extra work for supporting E2EE. There are some parts, like loading images and notifications, that will need slight adaptions from how they were implemented before supporting E2EE. If you, as an app developer, have questions about those, come talk to us in #quotient:matrix.org.
The last part of end-to-end encryption that has been implemented so far is device verification. Device verification allows users to verify that their devices are actually who they claim they are and are not subject to, for example, a man-in-the-middle attack.