Description
Currently if Bob scans a SecureJoin QR code and has no Alice's key corresponding to the encoded fingerprint, he sends Alice an unencrypted vc-request with INVITENUMBER to request the key from Alice. This is the only unencrypted message in SecureJoin protocol that requires special handling by chatmail filter that otherwise does not allow unencrypted messages (the other exception is MDNs, but with #5175 merged it can be removed).
A way to fix this would be to include the same keydata as we include in Autocrypt header in the QR code if it is small enough. Then if Bob does not currently have an Autocrypt key for Alice, he can use this keydata from the QR code. For backwards compatibility we should still keep the fingerprint.
I have tested with ed25519 keys, QR code can be generated with qrencode. It is more dense than our typical QR codes, so scanning may be more difficult and we may need to (re)move the avatar that we currently overlay on top of the QR code. qrencode-encoded image with added &keydata= in the end works with the current Delta Chat, keydata is properly ignored.
Including keydata in the QR code could simplify expiring QR codes (#5126) as only AUTH token will expire and INVITENUMBER is not used at all, so Bob can still scan the QR-code later and send the first message encrypted, while Alice does not need to worry about someone using old INVITENUMBER to request the key and monitor Alice's online presence.
As a first step I suggest adding a feature flag settable via config table to start including keydata if it is small enough. The limit should be large enough to include all keys generated by Delta Chat but not too large so QR code remains readable and not extremely dense or impossible to generate if huge keys are used. With this feature flag we can already make automated tests and start rolling out releases that can read this keydata and use it to skip vc-request.
As a second step we can enable this feature flag so clients actually start generating this QR codes. There is no need to wait for too long as feature is backwards-compatible, one release apart is enough.
Once enough clients support this, we can change chatmail to stop accepting any non-encrypted mails at all.
There might be security implications of accepting the Autocrypt key from a QR code claiming that it is a key for some email address without ever receiving a message with this email address. It seems relatively safe if we have no existing Autocrypt key for the contact, but otherwise I think we should not overwrite Autocrypt key currently in use. We should probably also postpone moving the key to verified slot until we receive any encrypted (+signed) message from Alice, if possible this key should not be saved anywhere at all and only used to send vc-request-with-auth. We are immediately encrypting AUTH token to this key as the next step, but if attacker controls the QR code then attacker also knows AUTH token encoded in this QR code.