Encrypted Chat with Textual


Textual provides the ability to encrypt messages that it sends over IRC to add an extra layer of privacy & security when used in combination with a Secure Sockets Layer (SSL) based connection.

How does it work?

Encrypted Group Chat

Textual provides support for two types of encrypted chat. The first type is group chat.

Group chat is an encrypted conversation between multiple participants inside an IRC channel. This type of encrypted chat requires that all members of the encrypted conversation know the secret passphrase ahead of time as Textual does not provide any mechanism by which the passphrase can be exchanged between multiple users.

To enable encrypted group chat for a channel: Open Channel Properties (Command I), click the tab named Encryption, and enter the passphrase that will be used for encryption in the field provided.

Encrypted Private Chat

The second type of encrypted chat is private, peer-to-peer conversations. These occur solely within a query (also known as a private message) and are strictly between yourself and the recipient.

An automated method of exchanging keys is available for this type of encrypted chat. By opening a private message and typing the command keyx, an automated Diffie–Hellman key exchange will be initiated. This provides a secure way of exchanging keys without prior negotiations.

Alternatively, the setkey command can be provided with the desire passphrase if automated key exchange is not desired. The command delkey can then be used at any time to stop the encrypted conversation.

How secure is encrypted chat?

For the average user, encrypted chat is secure enough for exchanging conversations without the fear of the messages being read beyond those that have the passphrase. We personally do not recommend the use encrypted chat to overthrow the United States government, but in general, it works as expected.

Textual provides support for two modes of operation for encryption: Electronic Codebook (ECB) and Cipher-block Chaining (CBC) (with random initialization vector).

When enabling encryption through Channel Properties or the use of the setkey command, Textual uses the ECB mode of operation by default. This is done as more IRC clients support this form of encryption out-of-the-box. However, if backwards compatibility is not a concern, then we recommend using CBC.

The use of the keyx command uses the CBC mode of operation by default in order to promote stronger encryption. This behavior can be disabled for a single session by invoking the command using the following syntax: /keyx nocbc

The mode of operation that is used can be easily toggled through the Channel Properties dialog for channels or by the use of the setkeymode command for private messages once encryption has started.

Are there any security considerations?

It is important to keep in mind that even though you are connected to an IRC server using SSL and sending encrypted conversations, they may still be sent through non-SSL connections. Unless an IRC networks forces all users to connect over SSL, encrypted conversations may be sent to users who are not on a secure connection. Additionally, communications between the servers of an IRC network may not be on a secure connection either.

Furthermore, depending on the cipher suite used by an IRC network, there may be known exploits in an SSL connection.

What is actually encrypted?

Regular, plain-text messages, actions (me command), notices (notice command), and the setting of channel topics.

Can I send unencrypted chatter when encrypted chat is enabled?

Yes, the commands umsg, ume, unotice can be used to send unencrypted chatter when encrypted chat is enabled.

Are there any plans for Off-the-Record (OTR) encryption support?

There are certainly plans to support Off-the-Record sometime in the future. However, we are unable to provide an timeline at the time that this page was edited.

Are encrypted conversations stored anywhere on disk?

No. If a channel or query (private message) has an encryption key set, then any messages sent or received will not be archived to disk. As a result, when configured to do so, Textual will not be able to playback the conversation on launch. It will also not be able to reload the history of a conversation when switching to a different style in Preference.

If a log location is defined in Preferences, then logging still occurs even if a key is set.

I don't trust you. Can I audit the encryption system?

Sure thing. The source code for the encryption and key exchange process can be found here.

Last modified: March 01, 2015

The contents of this webpage are released into the Public Domain for unlimited distribution.