mcabber-wiki: OpenPGP.mdwn@8c1dcfaf45a7 (annotated)

1 1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	1	[[!meta title="MCabber OpenPGP support"]]
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	2
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	3	[[!toc]]
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	4
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	5	MCabber supports OpenPGP by implementing the [[!xep 0027]] protocol. When used,
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	6	status messages (presence) are signed and message bodies can be encrypted.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	7
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	8	When a client supports OpenPGP, it signs presences (status messages). This is
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	9	the only way for a client to advertise its support of PGP. Messages are
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	10	encrypted when sent to such clients.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	11
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	12	There is currently no indication of whether the message being sent will be
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	13	encrypted (or is there?) It is also unknown what happens when a message is
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	14	sent to a client with multiple active resources, when not all of them support
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	15	encryption or if they use different keys (please document).
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	16
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	17	MCabber supports OpenPGP since version 0.9.0. This page explains how to set it
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	18	up.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	19
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	20	# Building mcabber with OpenPGP support
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	21
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	22	Note: You need `libgpgme` > 1.0.0 (for example, `libgpgme11` & `libgpgme11-dev`
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	23	in Debian) to build mcabber with OpenPGP support.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	24
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	25	# Enabling OpenPGP
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	26
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	27	Once mcabber is built with PGP support, you will have to set it up.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	28
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	29	In the configuration file, enable `pgp` and set `pgp_private_key` to your key
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	30	id. Your key id can be found with the following command:
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	31
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	32	gpg --list-keys --keyid-format long your_name
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	33
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	34	Example (in `$HOME/.mcabber/mcabberrc`):
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	35
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	36	set pgp = 1
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	37	set pgp_private_key = "E3E6A9C1A6A013D3"
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	38
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	39	# Encrypting messages
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	40
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	41	Now when you start mcabber, it should ask for your passphrase (unless you put
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	42	it in your configuration file or you use `gpg-agent`).
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	43
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	44	If you want to know if a contact is using PGP, select the contact and use
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	45	`/info`. If (s)he is, it should display something like
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	46
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	47	PGP key id: E2C4C9A1601A5A4
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	48	Last PGP signature: unknown
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	49
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	50	The signature is "unknown", because we don't have the contact's key. We could
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	51	get it with `gpg`, for example.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	52
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	53	gpg --recv-keys E2C4C9A1601A5A4
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	54
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	55	Then, wait for the next presence message.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	56
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	57	If the contact has your key and you have their key, you should have
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	58	bidirectional encrypted messages.
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	59
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	60	# Per-contact settings
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	61
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	62	You can provide a PGP key to be used for a given Jabber user or disable PGP on
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	63	a per-account basis, using the command `/pgp`. If you provide a KeyId for a
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	64	contact, it will be compared to the key the contact uses to sign their
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	65	presence/messages and it will be used for all outgoing encrypted messages (by
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	66	default, mcabber will use the contact signature's key).
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	67
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	68	/pgp disable foo@bar.org
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	69	/pgp setkey bar@foo.net C9940A9BB0B92210
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	70
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	71	The command `/pgp` can be used in the configuration file (without the leading /).
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	72
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	73	Example (in `$HOME/.mcabber/mcabberrc`):
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	74
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	75	pgp disable foo@bar.org
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	76	pgp setkey bar@foo.net C9940A9BB0B92210
1e57279b82b1 Add wiki content Myhailo Danylenko <isbear@isbear.org.ua> parents: diff changeset	77

author	Mikael Berthe <mikael@lilotux.net>
	Sun, 17 Sep 2017 12:31:09 +0200
changeset 4	8c1dcfaf45a7
parent 1	1e57279b82b1
permissions	-rw-r--r--