Need help understanding the flow of the app

[ngocphamm]

I'm using latest version 0.6.2, on macOS 15.3.1. This is what I was doing.

1. Start gurk. There is a QR code for me to link. ~/Library/Application Support/gurk folder is created with signal-db folder with a few files in it. There's no default config file created at that point.
2. I link the device. Now there's gurk.toml file created at the aforementioned location.
3. gurk.toml does not have passphrase part (expected).
4. There is a db file under ~/Library/Application Support/gurk/signal-db
5. Try to open the db file with TablePlus. It says the file is encrypted. I don't know what it's encrypted with. Also try with sqlite3 db but it doesn't show anything at all with .tables.

With that, I have a few questions

1. So if I don't know how to make the gurk.toml file, and I want the app to create a default one for me, I need to link first? It means if I want to add a passphrase to the config file, I will essentially need to link twice?
2. What is the signal-db/db file encrypted with when there's no passphrase set?

Please let me know if you need more information.

[boxdot]

gurk has two storage databases: one for the signal cryptographic keys and sessions, another for messages. They are split. The former is using sled. This is what you see in ~/Library/Application Support/gurk/signal-db. This is not a sqlite database. But we are migrating it to sqlite in whisperfish/presage#301.

The second store was as a quick and dirty solution (for historical reason). It was just a json file. Now, we are using sqlite for that.

Unfortunately, due to a bug, the generated config file does not enable the sqlite store (fixed on main). You need to put in the config.

[sqlite]
enabled = true

If you specify a secret there too, the database will be encrypted.

We have a feature planned which will allow to get the secret from cli/env or maybe keychain instead of the config. Otherwise, the config cannot be stored in the dotfiles. And there are also security concerns about storing the secret there at all.

Now to your questions:

1. Currently, you have always to create the configuration first.
2. signal-db/db is also encrypted, but as I said it will be replaced by sqlite anyways.

[ngocphamm]

@boxdot Thanks for the answer! I'm still a little confused, though.

1. So what is the signal-db/db file for? And what is it encrypted with, when I don't have any encryption/passphrase set yet?
2. Where is the JSON file for messages?

And I'm referring to this release mentioning the passphrase for encryption, just in case this is all confusing. https://github.com/boxdot/gurk-rs/releases/tag/v0.5.0

[boxdot]

1. signal-db (the whole folder) is a sled database containing the signal sessions (see https://github.com/whisperfish/presage/tree/main/presage-store-sled). It is encrypted with https://github.com/whisperfish/presage/tree/main/presage-store-cipher when the passphrase is set. When it is not set, it is also not encrypted.
2. Due to the bug I mentioned before, most likely in ~/.gurk.data.json.

[ngocphamm]

@boxdot Thanks a lot for explaining. It's clear now!