Bug 501352 - Old certificate used when calculating verification key
Summary: Old certificate used when calculating verification key
Status: REPORTED
Alias: None
Product: kdeconnect
Classification: Applications
Component: android-application (other bugs)
Version First Reported In: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Albert Vaca Cintora
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-11 12:26 UTC by Daniel Landau
Modified: 2025-03-11 12:26 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Landau 2025-03-11 12:26:17 UTC 
SUMMARY

The verification key shown is wrong when the other device has been paired before, but has since changed certificate.

STEPS TO REPRODUCE
1. Pair a device
2. Change certificate/key on the other device
3. Perhaps restart KDE Connect Android (not sure if required)
4. KDE Connect Android now shows the device as remembered device currently unavailable
5. Unpair it
6. Now it shows up in Available devices and you can pair it but the verification key is wrong.

You can force stop and restart KDE Connect Android at this point, and the verification key is correct.

I don't have 100% conclusive proof that it's the other side certificate, but IMO that's a very plausible reason for the effect I'm seeing.