Tag Archives: kleopatra

Encrypted Messaging using OpenPGP and Psi

The simplest way to enable encrypted chat messaging with services like Google Talk, AIM, Yahoo, IRC and other messengers/protocols is to use a GNU Privacy Guard enabled-Jabber client. If you’ve never set one up before, you’ll want to follow these directions. I’ve included the configuration I prefer for Windows though my Linux setup was nearly identical.

In Windows I prefer using Gpg4win as it’s extremely easy to use and light weight. So go ahead and pick up a copy of the Windows binaries here: http://gpg4win.org/ — optionally, if you’re interested in another GnuPG you can pick one up over at http://www.gnupg.org (please keep in mind that the Miranda IM client works poorly with gpg2 packaged with Gpg4win which is why Psi is the easier alternative).

Kleopatra makes creating OpenPGP keypairs a quick and painless process. So from within the key manager create the key you’ll use with Psi. Kleo supports RSA & DSA though I prefer RSA keys 2,048 bits and larger (keeping in mind that the larger the key the longer it’ll take to encrypt and decrypt messages though with a modern system you’re not likely to notice; a larger key is obviously more secure). Export the certificate (your public key) to a location of your choice, it’ll use ASCII armor by default.

Now that you have a public key to use with a XMPP client, again, I use Psi because it’s extremely light weight and known to work well with every type of OpenPGP program out there. To download Psi visit go here: http://psi-im.org/

While you could make your own XMPP server in the future, we’ll use a pre-existing server in this article (the main reason is that it happens to have gateways to other popular chat servers).

JaIM has an amazing server which happens to be an excellent AIM Gateway. It also features a number of transports such as: AIM, Yahoo, IRC, ICQ and MSN. JaIM also features XMPP server acces (Google Talk/Misc. Jabber) in addition to its own chatrooms, SOCKS5 Bytestreams, and Prosody Lua-based servers.

JaIM Public XMPP Server

To use JaIM, be sure to check Register as JaIM supports in-client registration. Enter jaim.at as a server, turn off log message history if you want, under Details you’ll see an area for OpenPGP. Find and select your key. Under Connection enable compression, keep alive, any proxy or proxy chain information you may have, enable probe legacy SSL port, allow plaintext authentication over encrypted connections only and set encrypt connection to Always.

Upon connecting it’ll ask you for a username and password to create. Once you connect to a server you can enable encryption by clicking on the gray unlocked logo. It’ll ask for your secret passphrase, upon entering it successfully you’ll see a yellow lock logo appear next to the server of your choice.

You can find commonly used Transports (such as AIM or MSN) by clicking on the Psi Greek symbol and checking the Service Directory on the JaIM.at server. You’ll be required to set your username and password and any account profile details you desire. Some Transports work better than others. If you’re an AIM and Google Talk user, for example, you’ll find this setup to your liking. Psi will automatically import your contacts from each of the Transports you choose.

Messages you send will usually be unencrypted by default unless you choose otherwise. On the top of the message box toward the right hand side of the window you’ll see a gray lock. To enable encryption, please select the lock logo. Note that you’ll need to import other user’s public keys in order to send them messages they can decrypt (obvious but I thought it was worth noting).

Google Talk

You can either use the XMPP option using JaIM’s server (a bit out of the way for my tastes) or you can simply connect to Google Talk’s server directly. To connect directly in addition to using JaIM for your other accounts (or instead of using JaIM), go to Account Setup and add an entry for talk.google.com under Jabber ID it should read:

your.username@gmail.com

Google mistakenly doesn’t mention entering your password in the Account Setup field. If you have 2-step verification enabled on your Google account, you’ll want to enter your one time application specific password here. If you use Google with a regular password, feel free to enter that here as well so it doesn’t ask you your password every time you connect to Google Talk.

Assigning PGP Keys to Others

Simply right click on a person’s name and select Assign OpenPGP Key and enter their key accordingly.

Using the setup above you’ll be able to use Psi to video, voice and text chat with encryption enabled.