1
|
1 |
[[!meta title="MCabber OpenPGP support"]] |
|
2 |
|
|
3 |
[[!toc]] |
|
4 |
|
|
5 |
MCabber supports OpenPGP by implementing the [[!xep 0027]] protocol. When used, |
|
6 |
status messages (presence) are signed and message bodies can be encrypted. |
|
7 |
|
|
8 |
When a client supports OpenPGP, it signs presences (status messages). This is |
|
9 |
the only way for a client to advertise its support of PGP. Messages are |
|
10 |
encrypted when sent to such clients. |
|
11 |
|
|
12 |
There is currently no indication of whether the message being sent will be |
|
13 |
encrypted (or is there?) It is also unknown what happens when a message is |
|
14 |
sent to a client with multiple active resources, when not all of them support |
|
15 |
encryption or if they use different keys (please document). |
|
16 |
|
|
17 |
MCabber supports OpenPGP since version 0.9.0. This page explains how to set it |
|
18 |
up. |
|
19 |
|
|
20 |
# Building mcabber with OpenPGP support |
|
21 |
|
|
22 |
Note: You need `libgpgme` > 1.0.0 (for example, `libgpgme11` & `libgpgme11-dev` |
|
23 |
in Debian) to build mcabber with OpenPGP support. |
|
24 |
|
|
25 |
# Enabling OpenPGP |
|
26 |
|
|
27 |
Once mcabber is built with PGP support, you will have to set it up. |
|
28 |
|
|
29 |
In the configuration file, enable `pgp` and set `pgp_private_key` to your key |
|
30 |
id. Your key id can be found with the following command: |
|
31 |
|
|
32 |
gpg --list-keys --keyid-format long your_name |
|
33 |
|
|
34 |
Example (in `$HOME/.mcabber/mcabberrc`): |
|
35 |
|
|
36 |
set pgp = 1 |
|
37 |
set pgp_private_key = "E3E6A9C1A6A013D3" |
|
38 |
|
|
39 |
# Encrypting messages |
|
40 |
|
|
41 |
Now when you start mcabber, it should ask for your passphrase (unless you put |
|
42 |
it in your configuration file or you use `gpg-agent`). |
|
43 |
|
|
44 |
If you want to know if a contact is using PGP, select the contact and use |
|
45 |
`/info`. If (s)he is, it should display something like |
|
46 |
|
|
47 |
PGP key id: E2C4C9A1601A5A4 |
|
48 |
Last PGP signature: unknown |
|
49 |
|
|
50 |
The signature is "unknown", because we don't have the contact's key. We could |
|
51 |
get it with `gpg`, for example. |
|
52 |
|
|
53 |
gpg --recv-keys E2C4C9A1601A5A4 |
|
54 |
|
|
55 |
Then, wait for the next presence message. |
|
56 |
|
|
57 |
If the contact has your key and you have their key, you should have |
|
58 |
bidirectional encrypted messages. |
|
59 |
|
|
60 |
# Per-contact settings |
|
61 |
|
|
62 |
You can provide a PGP key to be used for a given Jabber user or disable PGP on |
|
63 |
a per-account basis, using the command `/pgp`. If you provide a KeyId for a |
|
64 |
contact, it will be compared to the key the contact uses to sign their |
|
65 |
presence/messages and it will be used for all outgoing encrypted messages (by |
|
66 |
default, mcabber will use the contact signature's key). |
|
67 |
|
|
68 |
/pgp disable foo@bar.org |
|
69 |
/pgp setkey bar@foo.net C9940A9BB0B92210 |
|
70 |
|
|
71 |
The command `/pgp` can be used in the configuration file (without the leading /). |
|
72 |
|
|
73 |
Example (in `$HOME/.mcabber/mcabberrc`): |
|
74 |
|
|
75 |
pgp disable foo@bar.org |
|
76 |
pgp setkey bar@foo.net C9940A9BB0B92210 |
|
77 |
|