Requesting to add a feature to change Public Key(Address)

[absolutep]

Is your feature request related to a problem? Please describe.

Public key(user ID or address) never changes.

Does not matter how many times, oneself deletes the folder or does clean uninstall/re-install.

Basically, it attaches to one's computer hampering the anonymity of a user.

Describe the solution you'd like

1. Time bound automatic generation of new Public key(user ID or address).
2. Provide a button that can be used manually to reset/change Public key(user ID or address).

Describe alternatives you've considered

Below screenshots describe how it should work.

Part 1 - Here we can see a time bound automatic generation of new Public key(user ID or address).

Part 2 - Manually, used the button to change/generate new Public key(user ID or address).

Additional context

A different issue, gave rise to a discussion, which led to this feature request.
Original discussion = #6764

[absolutep]

Requesting Tribler team to look into this please

[absolutep]

Any update?

[drew2a]

@absolutep hi, thank you for the request.

This request by itself is a viable addition to the Tribler.

However, not everything that you mentioned in the issue is true.

This is a false sentence:

Public key(user ID or address) never changes.
Does not matter how many times, oneself deletes the folder or does clean uninstall/re-install.

You can repeat the following experiment:

1. Run Tribler
2. Check the public key
3. Remove the Tribler's folder
4. Run Tribler
5. Check the public key

Here is experiment's results for macOS:

1. Run Tribler
2. Check the public key

   ~/.Tribler
   ➜ hexdump 7.10/ecpub_multichain.pem 
   0000000 9a8b 0ef2 7d5f c251 f633 841d b916 f40f
   0000010 784f 10b2 0b1d bec4 d0da 233a 3daa 4470
   0000020

3. Remove the Tribler's folder

   ➜ rm -rf 7.10

4. Run Tribler
5. Check the public key

   ➜ hexdump 7.10/ecpub_multichain.pem  
   0000000 25df ac8a d526 e85e 7cde 0d91 0d47 2ae4
   0000010 7b8a 69e9 66d5 81f6 fe3e 34ba 6c13 39f2
   0000020

So, the public key has been changed.

Also, please, take a look at the source code. Here is the place where the key's logic is implemented:

tribler/src/tribler/core/components/key/key_component.py

Lines 27 to 36 in c8ecb65

	@staticmethod
	def load_or_create(private_key_path: Path, public_key_path: Path = None) -> LibNaCLSK:
	if private_key_path.exists():
	return LibNaCLSK(private_key_path.read_bytes())
	key = LibNaCLSK()
	private_key_path.write_bytes(key.key.sk + key.key.seed)
	if public_key_path:
	public_key_path.write_bytes(key.key.pk)
	return key

[absolutep]

@drew2a thanks for replying.

I followed your method and here is the result.

1. BEFORE
   

2. AFTER
   

3. BEFORE
   

4. AFTER
   

THE REASON WHY CONFUSION AROSE WAS THAT -

the starting 20 characters in the Key ID(image 1 & 2) are same, which I assumed was never possible since, all characters will be generated randomly.

My question now - Is there any specific reason for that?

[qstokkink]

There is a specific reason. The first 20 bytes capture the key curve that the key material was generated for. All public keys generated using Curve25519 are prefixed with the string "LibNaCLPK:". You can see this yourself by decoding the hexadecimal notation:

>>> from binascii import unhexlify
>>> unhexlify("4c69624e61434c504b3a")
b'LibNaCLPK:'

The random key material starts after this prefix. If you're interested, what follows are two strings of random key material for encryption and verification (you can find the exact specification here).

[absolutep]

Thanks so much for the reply.

So, I hope as a layman, I am 0.1% right here,

b"LibNaCLPK:" ( computer code defining specific value for protocol usage) + self.key.pk (randomly generated key which is assigned for the device) + self.veri.vk (verification by the device & device marked)

Reasons I want to learn & thus throwing wild assumptions out here :-

1. I want to know if my ISP can crack me using the general key or more specifically the first 20 characters of the general key. (not using VPN at the moment, testing newer tribler version).

2. The reason I was asking for this is because - during channel privacy discussion - I think drewa2 (or some contributor cannot remember the name) mentioned that the channels are marked with the public key of the user - so that will prevent users from uploading content of illegal nature. So, in this regards my further question is - do the first 20 characters play a role here?

3. There are several channels already available on Tribler, does subscribing to them marks my computer with the help of first 20 characters (specifically) ?

[qstokkink]

The answer to all three of your questions is "no". There really is nothing special about these 20 bytes, it essentially exposes as much as "This machine is using Tribler!".

The long and short of your ISP's ability to fingerprint your Tribler is that they can see both plaintext and ciphertext. The ciphertext is used for anonymization of your downloads and allows your ISP to see that you are part of an anonymization network (not if you're downloading and not what you're downloading). Here's the main point: (at the time of writing this) all other Tribler communication is plaintext and tied to your public key. Like you already said, the plaintext includes all channel features. If you dislike that, you can either (1) disable the channel feature entirely and/or (2) remove your Tribler state directory between Tribler launches to remove your public key.

[absolutep]

So, the solution to change Public Key(Address) is :- to completely reset Tribler each & every-time you want to change the key.

How to reset Tribler - https://www.tribler.org/faq.html

Although, a button or options in settings would be desirable as shown in photos, until then closing this as the question was somewhat answered.