pidgin-encrypt-devel

[pidgin-encrypt-devel] encryption protocol

[Johannes M. <der...@gm...>]

Hi,

I'm developing a jabber client which needs to encrypt the communication 
to Pidgin.
I did not find some documentation on the protocol you use, so I tried to 
figure out how it works with the help of the XMPP-Konsole Plugin, which 
shows the Raw xmpp queries.
It seems to be straight forward. The RSA key of the peer is requested, 
before you send data to the peer. Once received, the key can be used to 
encrypt further messages. Message types like a simple message or a key 
response are denoted by a preceeding "Msg:" or "Key:".
The key request is just "Send Key". Additionally every encrypted message 
and the encryption request has the prefix "*** Encrypted with the 
Gaim-Encryption plugin : Send Key". Then there are further details like 
the nss version and the messages length.

It would be great if you could provide more details, including answers 
to the questions that piled up so far.
1.What does the string following "Msg:" mean in 
[...]Msg:S52c9223e68:R50d67243eb: Len[...]?
2.What is the next string after the lenght specification in a key 
response like [...]Len 249:yD2BV/btzekaownH6Y903lz8+w0jIMr2[,the actual 
public key]?
3.Why does my pidgin instance on linux in contrast to the instance on my 
windows machine send the whole body-tag + message in a html-Tag as well? 
(I have an older version on my linux machine, so this might be the problem)


Thanks for your help and of course for pidgin-encryption,
Johannes Müller

Re: [pidgin-encrypt-devel] encryption protocol

[Adrian K. <ad...@dr...>]

On Mon, Jan 24, 2011 at 07:05:15PM +0100, Johannes Müller wrote:

> Hi,

Hi!

> I did not find some documentation on the protocol you use, so I tried to 
> figure out how it works with the help of the XMPP-Konsole Plugin, which 
> shows the Raw xmpp queries.

Please, that's clearly the wrong approach. There's no need to deduce
something from sniffing on-wire messages. Use the source.

While you're at it: you want to google for OTR (off the record) and see
how pidgin handles it:

   http://www.cypherpunks.ca/otr/

There's some documentation available, but there's also the source.


HTH

-- 
mail: ad...@th...  	http://adi.thur.de	PGP/GPG: key via keyserver

Re: [pidgin-encrypt-devel] encryption protocol

[Johannes M. <der...@gm...>]

On 24.01.2011 19:29, Adrian Knoth wrote:
> On Mon, Jan 24, 2011 at 07:05:15PM +0100, Johannes Müller wrote:
>
>> Hi,
>
> Hi!
>
>> I did not find some documentation on the protocol you use, so I tried to
>> figure out how it works with the help of the XMPP-Konsole Plugin, which
>> shows the Raw xmpp queries.
>
> Please, that's clearly the wrong approach. There's no need to deduce
> something from sniffing on-wire messages. Use the source.
>
> While you're at it: you want to google for OTR (off the record) and see
> how pidgin handles it:
>
>     http://www.cypherpunks.ca/otr/
>
> There's some documentation available, but there's also the source.
>
>
> HTH
>

Hello

And thanks for your quick response. I will consider your suggestion and 
take a look at the source right now to get down to the details. I first 
watched the communication for a high level overview, which for me is 
simpler than diving into the code.
I think OTR is harder to support. And I want to keep it simple. On the 
other hand the authentication mechanism seems to be worthwhile. So this 
should be my long term goal. But for now I will stick with simple 
encryption, which for now meets my demands.


Thanks,
Johannes Müller