From: Ludovic L. <ll...@us...> - 2003-07-25 01:24:27
|
Hello list, I've just uploaded ( http://sourceforge.net/tracker/index.php?func=detail&aid=777300&group_id=235&atid=300235 ) a patch to add preliminary support for encrypted communication, compatible with Trillian SecureIM protocol. It is just a proof-of-concept. Here is the summary : ====================================================== That patch adds preliminary support for receiving Trillian's SecureIM messages (encrypted IM) over Oscar protocol. It may (or may not) work for you. Please report to the list. Current limitations : * Receive only. You'll be able to read (decrypt) encrypted messages, but you cannot send messages in encrypted form. * No UI. Always on. * Full of bugs, and assumptions about SecureIM protocol. * Seems only to work with AIM. Should work with ICQ but currently don't. * I don't know a thing about encryption. * I don't know a thing about GAIM's internals so the implementation may be a complete heresy. (and that's why I didn't add support for sending messages, I couldn't understand it enough) * You need OpenSSL compiled and installed as a library. I used version 0.9.7b ( http://www.openssl.org/source/ ) * Was developped on a Windows workstation, so the Makefiles aren't correctly updated (only Makefile.mingw). You'll have to tweak to link with OpenSSL. I don't know how. * Totally unsupported. I may never work on this again. Known Bugs : * ICQ doesn't work for me : the server doesn't transmit our ACCEPT packet to the other party. Don't know why. Either a problem with my account, or an initialisation problem. ====================================================== 4 more points : * You will need OpenSSL as noted, I don't know if there is a problem with OpenSSL license ( http://www.openssl.org/support/faq.html#LEGAL2 ) but don't really care about. * Many thanks to the Joust project ( they publish JOscar, a Java OSCAR library ) for the documentation and all the trial-and-errors work for guessing the protocol. You can find JOscar here ( http://joust.kano.net/joscar/ ), the classes that concern Trillian protocol are in 'net.kano.joscar.rvcmd.trillcrypt', there you will find some documentation. They seem very close to a working implementation. * I don't know about Cerrulean Studio's reaction. I wish to thank them for chosing a public key exchange mechanism and a public cipher, and giving hints about them on their web site. (If there were any doubts about it, I didn't reverse engineer their code nor anything like that.) Moreover they chose very standard (and easily guessable) parameters, which is a plus for interoperability. * (for those, like me, who don't really know about encryption : ) Being able to interoperate with Trillian doesn't mean that their protocol is 'weak'. It only means that they chose a public cipher, and that using the same one leads to the same results, which is a good thing. As noted, this work is totally unsupported. I wanted badly to be able to make GAIM interoperate with Trillian, so I tried my best and with great luck it seems to work. However, I'm not sure I'll improve this and maintain it as a separate patch. My best hope is that it gets included in the CVS and that an 'autoconf' master adds the '--with-trillian-secureim' option that I couldn't add. Then, people will have to add an UI to enable / disable encryption, support for sending IM (that would be so cool !), etc... Best regards, Ludovic LANGE. |