|
1 [[!meta title="MCabber OpenPGP support"]] |
|
2 |
|
3 [[!toc]] |
|
4 |
|
5 MCabber supports OpenPGP by implementing the [[!xep 0027]] protocol. When used, |
|
6 status messages (presence) are signed and message bodies can be encrypted. |
|
7 |
|
8 When a client supports OpenPGP, it signs presences (status messages). This is |
|
9 the only way for a client to advertise its support of PGP. Messages are |
|
10 encrypted when sent to such clients. |
|
11 |
|
12 There is currently no indication of whether the message being sent will be |
|
13 encrypted (or is there?) It is also unknown what happens when a message is |
|
14 sent to a client with multiple active resources, when not all of them support |
|
15 encryption or if they use different keys (please document). |
|
16 |
|
17 MCabber supports OpenPGP since version 0.9.0. This page explains how to set it |
|
18 up. |
|
19 |
|
20 # Building mcabber with OpenPGP support |
|
21 |
|
22 Note: You need `libgpgme` > 1.0.0 (for example, `libgpgme11` & `libgpgme11-dev` |
|
23 in Debian) to build mcabber with OpenPGP support. |
|
24 |
|
25 # Enabling OpenPGP |
|
26 |
|
27 Once mcabber is built with PGP support, you will have to set it up. |
|
28 |
|
29 In the configuration file, enable `pgp` and set `pgp_private_key` to your key |
|
30 id. Your key id can be found with the following command: |
|
31 |
|
32 gpg --list-keys --keyid-format long your_name |
|
33 |
|
34 Example (in `$HOME/.mcabber/mcabberrc`): |
|
35 |
|
36 set pgp = 1 |
|
37 set pgp_private_key = "E3E6A9C1A6A013D3" |
|
38 |
|
39 # Encrypting messages |
|
40 |
|
41 Now when you start mcabber, it should ask for your passphrase (unless you put |
|
42 it in your configuration file or you use `gpg-agent`). |
|
43 |
|
44 If you want to know if a contact is using PGP, select the contact and use |
|
45 `/info`. If (s)he is, it should display something like |
|
46 |
|
47 PGP key id: E2C4C9A1601A5A4 |
|
48 Last PGP signature: unknown |
|
49 |
|
50 The signature is "unknown", because we don't have the contact's key. We could |
|
51 get it with `gpg`, for example. |
|
52 |
|
53 gpg --recv-keys E2C4C9A1601A5A4 |
|
54 |
|
55 Then, wait for the next presence message. |
|
56 |
|
57 If the contact has your key and you have their key, you should have |
|
58 bidirectional encrypted messages. |
|
59 |
|
60 # Per-contact settings |
|
61 |
|
62 You can provide a PGP key to be used for a given Jabber user or disable PGP on |
|
63 a per-account basis, using the command `/pgp`. If you provide a KeyId for a |
|
64 contact, it will be compared to the key the contact uses to sign their |
|
65 presence/messages and it will be used for all outgoing encrypted messages (by |
|
66 default, mcabber will use the contact signature's key). |
|
67 |
|
68 /pgp disable foo@bar.org |
|
69 /pgp setkey bar@foo.net C9940A9BB0B92210 |
|
70 |
|
71 The command `/pgp` can be used in the configuration file (without the leading /). |
|
72 |
|
73 Example (in `$HOME/.mcabber/mcabberrc`): |
|
74 |
|
75 pgp disable foo@bar.org |
|
76 pgp setkey bar@foo.net C9940A9BB0B92210 |
|
77 |