Textual provides the ability to encrypt messages that it sends over IRC to add an extra layer of privacy & security when used in combination with a Secure Sockets Layer (SSL) based connection.
Textual provides support for two types of encrypted chat. The first type is group chat.
Group chat is an encrypted conversation between multiple participants inside an IRC channel. This type of encrypted chat requires that all members of the encrypted conversation know the secret passphrase ahead of time as Textual does not provide any mechanism by which the passphrase can be exchanged between multiple users.
To enable encrypted group chat for a channel: Open Channel Properties (Command I), click the tab named Encryption, and enter the passphrase that will be used for encryption in the field provided.
The second type of encrypted chat is private, peer-to-peer conversations. These occur solely within a query (also known as a private message) and are strictly between yourself and the recipient.
An automated method of exchanging keys is available for this type of encrypted chat. By opening a private message and typing the command keyx, an automated Diffie–Hellman key exchange will be initiated. This provides a secure way of exchanging keys without prior negotiations.
Alternatively, the setkey command can be provided with the desire passphrase if automated key exchange is not desired. The command delkey can then be used at any time to stop the encrypted conversation.
For the average user, encrypted chat is secure enough for exchanging conversations without the fear of the messages being read beyond those that have the passphrase. We personally do not recommend the use encrypted chat to overthrow the United States government, but in general, it works as expected.
When enabling encryption through Channel Properties or the use of the setkey command, Textual uses the ECB mode of operation by default. This is done as more IRC clients support this form of encryption out-of-the-box. However, if backwards compatibility is not a concern, then we recommend using CBC.
The use of the keyx command uses the CBC mode of operation by default in order to promote stronger encryption. This behavior can be disabled for a single session by invoking the command using the following syntax: /keyx nocbc
The mode of operation that is used can be easily toggled through the Channel Properties dialog for channels or by the use of the setkeymode command for private messages once encryption has started.
It is important to keep in mind that even though you are connected to an IRC server using SSL and sending encrypted conversations, they may still be sent through non-SSL connections. Unless an IRC networks forces all users to connect over SSL, encrypted conversations may be sent to users who are not on a secure connection. Additionally, communications between the servers of an IRC network may not be on a secure connection either.
Furthermore, depending on the cipher suite used by an IRC network, there may be known exploits in an SSL connection.
There are certainly plans to support Off-the-Record sometime in the future. However, we are unable to provide an timeline at the time that this page was edited.
No. If a channel or query (private message) has an encryption key set, then any messages sent or received will not be archived to disk. As a result, when configured to do so, Textual will not be able to playback the conversation on launch. It will also not be able to reload the history of a conversation when switching to a different style in Preference.
If a log location is defined in Preferences, then logging still occurs even if a key is set.
Sure thing. The source code for the encryption and key exchange process can be found here.