Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

pre-shared keys keys passed out of band

Help
yea right
2006-03-28
2013-04-22
  • yea right
    yea right
    2006-03-28

    so in short.
    1. how do I generate keys so I can pass them other than having gaim do it. ie via remvoable media.
    2. how do I point gaim to removable  media for the  keys?

    I want to generate keys for people I know and give them to removeable media so when they go from machine to machine they can just point gaim to the media for keys.
    I am using windows gaim, but I assume it will work no matter version of gaim is involved as long as it has the gaim encryption plugin.

    I like the idea of using the portable version for this.

     
    • Bill Tompkins
      Bill Tompkins
      2006-03-29

      There are a few options for locating keys on removable media:

      1) If you are using the current stable releases (Gaim 1.5, Gaim-Encryption 2.38), you can tell Gaim to use an alternate directory for its config files, with the command-line '-c' option.  I'm not sure exactly how to do that with Windows off the top of my head... but I think that it is possible, using something in the "Get Info" information for the Gaim executable.  Or maybe with a shortcut that includes the extra command-line options.

      2) If you are using the Gaim 2.0 beta / Gaim-Encryption 3.0 beta, then there is a Gaim-Encryption option to set the location of the key files.  Go to the Tools/Plugins menu item, select Gaim-Encryption.  Click "Configure Plugin".  See the "Keyfile Location" box at the bottom.

      Generating keys for other people, though, really isn't necessary for secure communications using a public key cryptosystem.  What you need is to verify your buddy's key fingerprint (that he sees in his "Local keys" with what you see in your "Trusted Buddy keys".  If those are the same, you're guaranteed that the key you're using for him is the same one that he generated, and that things are secure.

      If you _really_ want to generate keys for accounts that you don't have, I would "Add" your buddy's account to your account list (and just leave the login password blank).  Then restart Gaim.  Gaim-Encryption will generate a key for that account, thinking that it is a new account for you.  The private key for that account is now in your id.priv file, the public key is in your id file.  Make two new files, and move the keys to them.  Then give them to your buddy to use as his id.priv and id files.

      Note that if your buddy uses these files that you gave him, he will be using those keys for _any_ encrypted conversation, not just with you.  And that he is now trusting that you didn't keep a copy of those keys, since you could now decrypt messages addressed to him if you did.  Really, it isn't the right way to do things.

      Now, you (or your buddy) keeping the private keys on removable media, so you can use them on different PCs, or store them securely...  that makes good sense.  But if the only reason for this is that you want to exchange something physical with your buddy to verify that there is no man-in-the-middle, just write down the key fingerprints on a piece of paper, and ask him to check them.

      -Bill