Discourse Encrypt plugin

Members have suddenly encountered the following banner:


It’s part of the Discourse Encrypt plugin, installed as a test among the @staff (but there was no way to limit the test to its members). So those who searched for “paper key” found little because appears in the topic “Admins can read private messages” in the “staff” category, which the search filters out unless you belong to that group.

Now it has been tested and it works very well and is very easy to use, so it’s time to explain it.

The plugin prevents the ability that the designers of Discourse gave to Administrators to read even the private messages between users. Their purpose was to prevent inappropriate and unsupervised conversations in forums using their software (with or between minors, about terrorism, drugs, etc.).

As in this forum several staff members asked to keep the possibility of totally private messages, this plugin allows a personal message to be read only by the sender and the receiver as long as they have both enabled encryption.

Encryption is enabled by generating for one time only a so called paper key going to Preferences, Security and pressing “Generate Paper Key”:


Close the window displaying the key and that’'s it. Writing a personal message (after pressing on a user’s name) the usual message window will appear, BUT with a closed green padlock:


Instead, an open grey padlock indicate that sender or receiver did not activate encryption yet. The sender will be able to send the message anyway, but unencrypted and therefore readable by administrators.

As always, you can leave your feedback or questions here.

Ok. Someone got the idea to send me a private message (encrypted). So… I guess I have to get somewhat interested in this “paper key” thing. But… Here is what I get:Capture d’écran 2021-09-26 à 15.18.46
No option to generate a paper key… maybe I did already click that button, out of sheer indifference hahaha… but then how do I find that key? I tried all my ‘devices’ to see which one I might have ‘activated’, but all of those display the same message about the said device not being activated lol.
So yeah…

Yes, I had a similar issue

@Miguel any advice ^?

As I understand it the only way to recover would be to regenerate the key and this would lose any messages already sent. Actually if the initial key was lost the message is already lost as the key is needed to decrypt it (as that’s the whole point :grinning_face_with_smiling_eyes:)

Don’t know a good solution - it’s probably better if we could disable encryption by default and user can enable if they care , then they would also be in a mode to store the paper key properly. Vs just wanting to read a message , it’s easy to not store the key or not realize you need to store it …

Hi. Although I am dealing with some issues that require my attention and so I have not yet been able to respond to some messages (although I have been reading when I could), I did want to take a moment to ask @geoffrey AND @Srinath :

  1. Do you remember generating the paper key by going to Preferences, Security and pressing “Generate Paper Key”, as I showed in my first post?

  2. If you did, did you save it in a txt as I believe it is recommended? (but I forgot to indicate it in my post). It’s a series of words, like these (I deleted my last one, no problem):


  1. Even if you did not copy an save your paper key, you should be able to:

a) In Preferences export the encryption key pair and import it where you (@geoffrey) showed that it’s offered.


b) OR, in Preferences press “Activate another device” and follow the instructions.


I took the opportunity to enter with my cell phone to preferences (device that I never activate to send and receive encrypted messages), to see what it shows. Look:


Note that it says that I have encryption enabled because it detects that my user did generate a paper key (on my PC). This is where (in the device not yet activated) you should type or copy and paste that key (generated in an enabled device, where evidently you have generated a paper key once).

  1. @claudiu: as far as I understand encryption is disabled by default, because if a user never generates ANY key (does not follow the steps of my first post in ANY device) he will always send and receive unencrypted messages.

I remember getting this message as well despite not generating the key pair. I think I ended up solving it by using another device but I don’t remember the exact steps I took, I just thought I’d mention that the plug-in behaves as if you’ve done something even if you haven’t touched it.

@miguel There was no option to export a paper key (as you can see in my screenshot), nor to activate another device (since none of my devices were activated).
So I deactivated encryption (and lost that message i was trying to read, sorry to the person who sent it), and activated encryption again.
Then it was very straighforward to generate a key, save it, and activate my other device.
I am now positive that I didn’t do any of that the first time, as I was quite surprised this time… and amused by the list generated (which includes the words SILLY STUFF hahaha).
So it does appear, as @emp said, that you can find yourself in that situation of having never generated a key, and yet it implying that you have.

OK. So it may then be that @Srinath and @emp have not generated either -even inadvertently- the paper key before on any device, and that the plugin has a problem. We will have to keep an eye on it.

However, it’s good that you were able to get it to work, regardless of the lost message. Let see how @Srinath did.

1 Like