Group Encryption for Managed Groups

Adapter Specification

The adapter is augmenting the functionality of the engine by providing interfacing with list managers.The engine is managing the keys, the list managers manage the groups.

Integration With List Managers

This feature is only in scope for desktop adapters.

Switchable Backends

List managers in scope are:

  • mailman
  • exchange

The adapter will provide different list manager backends.
The details of how to interact with the list managers, along with which backend to use, will have to be provided by the app. Currently only a dummy backend is in scope.

The state of the engine and list managers have to be kept in sync.
This is achieved by the adapter exposing the group API to the application and executing the corresponding calls on both, the engine and the list manager.

Group management functions

Group management functions are part of the pEp API and are exposed to the app.

2 types:

  • group update functions
  • group query functions

Group update functions

The adapter will implement them as follows:

  1. Call the listmanager
  2. Call the engine

if 1. fails, dont do 2.
if 2. fails, revert 1.

Special case: if 1. fails with “Problem already solved” (error: group already exists) then treat as success.

Group query functions

The engine cannot be queried for group informations, therefore we need to query the list manager for existing groups and members of groups.

PEP_STATUS query_groups(PEP_SESSION session, identity_list **groups);

PEP_STATUS query_group_manager(PEP_SESSION session, pEp_identity *group, pEp_identity **manager);

PEP_STATUS query_group_members(PEP_SESSION session, pEp_identity *group, identity_list **members);

Unsolved Problems

Duplicate Invites

When adding a member to a group an invite is being sent from the list manager and the engine.
This results in duplicate invites.
Duplicate invites have to be avoided. TBD


  • not working on grouped devices, just work in the device who accepted the invite
  • Manager only see the managemnet info in one device


  • KeyReset Tests need to be in focus due to re-engineering