OTR
From Telecomix Crypto Munitions Bureau
[edit] What is OTR encryption?
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.
Limitations:Due to limitations of the protocol, OTR does not support multi-user group chat as of 2009 or encrypted file transfers, but these may be implemented in the future. Support for encrypted audio or video is not planned.
Contents |
[edit] Encrypted Chat with OTR
There are many ways to encrypt communications over the internet. The focus here will be on encrypting some of the more common chatting protocols (AIM, Googletalk, Skype Chat, etc) with OTR encryption.
[edit] Pidgin
Pidgin (formerly named Gaim) is an open-source multi-platform instant messaging client. Pidgin supports many major chat protocols, i.e., AIM, GTalk, MSN, Yahoo, Jabber, Facebook, XMPP, IRC, ICQ etc.
Pidgin works nicely with OTR and they are easy to install on both Linux and Windows. Using Pidgin, you can install the Pidgin OTR plugin and chat the way your normally would. You have the option of letting Pidgin automatically switch to encrypted chat or to keep encryption off until you need it.
Installation on Windows: You will need to download and install Pidgin for Windows and the OTR Pidgin Windows Installer.
Installation on Linux: You can download the source tarballs from thePidgin website and the OTR download page. Pidgin and the OTR plugin are available in most Linux distribution repositories. For Ubuntu users, these packages are in the universe repository. You need to install pidgin and pidgin-otr. You can install these packages using apt by typing the following into terminal:
:~$ sudo apt-get install pidgin pidgin-otr
You might also want pidgin-extprefs, an extended preferences plugin, and pidgin-skype, a plugin for using skype.
Pidgin OTR Configurations
After Pidgin and the OTR plugin are installed, start Pidgin and add the accounts you wish to chat with. Next go to Pidgin's Plugin Preferences by clicking Tools>Plugins, accessible in the main Pidgin application window. In the pop-up window, scroll down to Off The Record Messaging and check the box to enable OTR.
Note: when first initiating a private conversation with someone else, you both need to click on the 'Not Private' box in the chat window to start a private conversation and Authenticate as buddies. To authenticate, click on the unverified box in the chat window and then click Authenticate Buddy. There will be a drop down asking how would you like to authenticate your buddy. There are a few choices but the easiest way to authenticate is by choosing Manual fingerprint identification, then click Authenticate. You and the person you are chatting with should now see Private above the text field in the chat window. That is it.
You are now chatting with end-to-end encryption. You can click on Private to end the privacy or leave it on, close the window, and the next time you chat with that person it will automatically start in Private mode. You and your friends will see normal text but Facebook and Google will see something like the following:
/H1ugNsDGj3zsA6Kf KmlnE1MAAAAAAAA AABAAAABTI+kRrr63 7Cr80xxuXXXCur5wc 3wIDKyvEAAAAA.
Note: Pidgin logs unencrypted chats on your computer. To turn logging off for OTR only, go into Pidgin's Plugin Preferences, Tools>Plugins, highlight the Off The Record Messaging Plugin and select Configure Plugin. Then check the Don't log OTR Conversations box and close.
[edit] OTR for iOS on the IPhone and IPod Touch
The ChatSecure iOS app is an open-source encrypted messaging application that uses Cypherpunks' Off-the-Record protocol to secure a communication channel over XMPP (Google Talk, Jabber, etc) or Oscar (AIM). This is currently the only Chatting program that we know about for iOS. We are currently testing this and any additional instructions or opinions will be added later.
[edit] irssi
why would anyone want to use anything but irssi? ;)
download irssi-plugin-otr or something like that (if using debian/ubuntu) and then add "LOAD otr" to ~/.irssi/startup, alternatively type "/load otr" in the terminal.
Then make a cipher key... the info how to do stuff is below:
[edit] Halp
/otr genkey nick@irc.server.com
Manually generate a key for the given account(also done on demand)
/otr auth [<nick>@<server>] <secret>
Initiate or respond to an authentication challenge
/otr authabort [<nick>@<server>]
Abort any ongoing authentication
/otr trust [<nick>@<server>]
Trust the fingerprint of the user in the current window.
You should only do this after comparing fingerprints over a secure line
/otr debug
Switch debug mode on/off
/otr contexts
List all OTR contexts along with their fingerprints and status
/otr finish [<nick>@<server>]
Finish an OTR conversation
/otr version
Display irc-otr version. Might be a git commit
Settings:
otr_policy
Comma-separated list of "<nick>@<server> <policy>" pairs. See comments
above.
otr_policy_known
Same syntax as otr_policy. Only applied where a fingerprint is
available.
otr_ignore
Conversations with nicks that match this regular expression completely
bypass libotr. It is very unlikely that you need to touch this setting,
just use the OTR policy never to prevent OTR sessions with some nicks.
otr_finishonunload
If true running OTR sessions are finished on /unload and /quit.
otr_createqueries
If true queries are automatically created for OTR log messages.
