diff --git a/chat_core.py b/chat_core.py index 29deec3..0431685 100644 --- a/chat_core.py +++ b/chat_core.py @@ -1568,6 +1568,23 @@ class ChatClient: self._cache_key = derive_self_encryption_key(ed_priv) self._local_key = derive_local_storage_key(ed_priv) self._load_verification_stores() + + # Import verification state transferred from the authorizing + # device (optional — absent when paired from an older client) + vc_raw = keys_data.get("verified_contacts") + if vc_raw: + try: + self._verified_contacts = json.loads(vc_raw) + _save_verified_contacts(email, self._verified_contacts, self._local_key) + except (json.JSONDecodeError, TypeError): + pass + kik_raw = keys_data.get("known_identity_keys") + if kik_raw: + try: + self._known_identity_keys = json.loads(kik_raw) + _save_known_identity_keys(email, self._known_identity_keys, self._local_key) + except (json.JSONDecodeError, TypeError): + pass self._pairing_temp_private_key = None self._pairing_fingerprint = "" self._pairing_code = "" @@ -1618,6 +1635,14 @@ class ChatClient: "identity_private": serialize_ed25519_private_raw(self.identity_private).hex(), } + # Carry the TOFU registry + manual verifications so a contact verified on + # this device stays verified on the new one (these stores are local and + # would otherwise start empty). Receivers ignore unknown fields. + if self._verified_contacts: + keys_data["verified_contacts"] = json.dumps(self._verified_contacts) + if self._known_identity_keys: + keys_data["known_identity_keys"] = json.dumps(self._known_identity_keys) + # Send keys to the new device first. Re-encrypting history can take a # while on large accounts; doing it before pairing_send can make a valid # code expire during authorization.