Internet Relay Chat (IRC) with Off the Record (OTR) Encryption Background

More and more, governments and corporations attempt to read your personnel network communications. From the illegal wiretaps by National Security Agency (NSA) to Sweden’s new law requiring all network traffic orginating to or from Sweden be archived, no one is safe. A recent study even showed one out of every three system administrators viewed resources, including your private data, to which they were not allowed access. Being these individuals have access to the network path, network based encryption can not be the only answer (think MitM attacks). Fortunately, Off-the-Record (OTR) messaging provides a solution around this issue.

OTR provides four major points to help ensure private conversations: encryption, authentication, deniability and perfect forward secrecy. This page discusses these points in greater detail. Most people associate OTR with instant messaging (IM). However, IRC is also capable of using OTR. Currently there are two options which allow OTR over IRC. The first is Pidgin. The second is irssi.

Installation and Configuration Pidgin

The first step is to download the latest version of pidgin from pidgin homepage. Then download theOff-the-Record Messaging plugin for pidgin.

Installing Plugins

Windows

1. Download, and if necessary, extract the .dll file.
2. Move the resulting file to %APPDATA%\.purple\plugins

Now when you open the Plugins dialog in Pidgin or Finch, the plugin should show up.

Unix/Linux

1. Download, and if necessary, extract the .so file.
2. Move the resulting file to ~/.purple/plugins

Now when you open the Plugins dialog in Pidgin or Finch, the plugin should show up.

Connecting to IRC

To start using IRC through Pidgin, click “Add…” at the “Welcome to Pidgin!” screen. The “Add…” option can also be found under “Accounts” (Ctrl+A) and then “Manage Accounts”.

Make sure your settings are the same as the ones in the image below, your username and password should be your IRC nick and password.

Click “Save” and Pidgin will connect to our IRC.

If u get “Unable to validate certificate”, this means certificate is self singed and you have to download and add it to option Tools->Certificates in Pidgin. Download our clearnet IRCD certificate irc.cyberguerrilla.cert Download our Tor IRCD certificate 6dvj6v5imhny3anf-onion.cert Go to pidgin’s Tools->Certificates dialog, you can Add this certificate you just downloaded there.

Next, open a chat with someone you wish to communicate privately with. Under the “OTR” tab select “Start private conversation”. Pidgin and OTR will start a private encrypted communication between you and the individual you are chatting with (Note: Both individuals must be using OTR). Next, in order to confirm that you are in fact having an encrypted conversation with the individual you think you are (not someone pretending to be them), you must set up OTR authentication. This can be done by clicking on the “OTR” tab and then clicking “Authenticate buddy”. After choosing the option to authenticate your buddy, OTR will give you three options for authentication. For this example we have chosen the “Manual footprint verification” option, but you are free to choose whatever you want. Think of your OTR footprint like an identification number. By checking to make sure the OTR footprint is correct, you can make sure you are in fact talking to the right person, and not someone trying to trick you to get information. And you’re done! You can now enjoy privately chatting over IRC Connecting to I2P’s internal IRC Note: You must have installed I2P and had it running for around 24 hours before this will work. See on how to create a tunnel to go on the IRC through I2P To connect to the I2P internal IRC server, simply make sure that your settings are the same as the ones in the picture below, except the sections for username and password should be what you choose to be identified with on the I2P IRC. Obviously, your username should not be something that can be tied to your real identity.

Installation and Configuration Irssi

The first step is to download irssi and the latest version of irssi-otr from irssi-otr homepage. The software author offers downloads via both HTTP and git. Download the latest version through your preferred method. Make sure you have the required packages installed: libotr, glib, irssi, cmake, pkg-config, python and wget. The INSTALL file details the requirements for these packages.

The below example demonstrates how to install irssi-otr downloaded via HTTP. If you downloaded irssi-otr with git, you do not need the “-DIRSSIOTR_VERSION” option in the “cmake” line. Make sure to put the appropriate version number.

Once you have irssi-otr installed you need to load the module in irssi. This is accomplished by running a “/load otr” in the irssi interface. The first time you load OTR you need to create a OTR key. You do this by running the command “/otr genkey ” where “nick” is your IRC nickname and “irc.domain.xyz” is the IRC server’s fully qualified domain name. You confirm the creation of the key by looking in ~/irssi/otr/otr.key. After this, you simply need to write something in the chat room, wait 10 seconds and your communications should become secure. The README covers these commands and others. It is highly recommended you read this document and understand it before deploying irssi-otr.