Encrypted Chat with Textual

Wiki Home

Textual provides the ability to encrypt messages that it sends over IRC to provided an added layer of privacy. When used in combination with a Secure Sockets Layer (SSL) connection, encrypted chat can help protect users who wish to keep their conversations private.

How does it work?

There are two types of encrypted chat that Textual supports.

The first type is group chat. Group chat is an encrypted conversation between multiple participants inside an IRC channel. This type of encrypted chat requires that all members of the encrypted conversation know the secret passphrase ahead of time as Textual does not provide any mechanism by which the passphrase can be exchanged between multiple users.

To enable encrypted group chat for a channel: Press the keys Command I (letter i) to open Channel Properties. In the window that appears, browse to the Encryption tab and enter the passphrase that will be used for encryption.


The second type of encrypted chat is private, peer-to-peer conversations. These occur solely within a query (also known as a private message) and are strictly between yourself and the recipient.

An automated method of exchanging keys is available for this type of encrypted chat. By opening a private message and typing the command keyx an automated Diffie–Hellman key exchange will be initiated. This provides a secure way of exchanging keys without prior negotiations.

Alternatively, the setkey command can be provided with the desire passphrase if automated key exchange is not desired. The command delkey can then be used at any time to stop the encrypted conversation.

How secure is encrypted chat?

For the average user, encrypted chat is secure enough for exchanging conversations without the fear of the messages being read beyond those that have the passphrase. We personally do not recommend to use encrypted chat to overthrow the United States government, but in general, it works as expected.

Textual uses Blowfish ECB encryption for encrypted chat. This type of encryption is in use because it is a commonly accepted form of encryption amongst other IRC clients.

It is important to keep in mind that even though you are connected to an IRC server using SSL and sending encrypted conversations, they may still be sent through non-SSL connections. Unless an IRC networks forces all users to connect over SSL, encrypted conversations may be sent to users who are not on a secure connection. Additionally, communications between the servers of an IRC network may not be on a secure connection either.

Furthermore, depending on the cipher suite used by an IRC network, there may be known exploits in an SSL connection.

The current encryption system that Textual provides should NOT be used for anything more than casual conversations due to these potential holes in security.

What is actually encrypted?

Regular, plain-text messages, actions (me command), notices (notice command), and the setting of channel topics.

Can I send unencrypted chatter when encrypted chat is enabled?

Yes, the commands umsg, ume, unotice can be used to send unencrypted chatter when encrypted chat is enabled.

Are there any plans for Off-the-Record (OTR) encryption support?

There are certainly plans to support Off-the-Record sometime in the future. However, we are unable to provide an actual timeline at the time that this page was edited.

Are encrypted conversations cached anywhere on disk?

No. If a channel or query (private message) has an encryption key set, then any messages sent or received will not be archived to disk. As a result, when configured to do so, Textual will not be able to playback the conversation on launch. It will also not be able to reload the history of a conversation when switching to a different style in Preference.

If a log location is defined in Preferences, then logging still occurs even if a key is set.

I don't trust you. Can I audit the encryption system?

Sure thing. The actual source code for the encryption and key exchange process can be found here.


 
Last modified: April 22, 2014


The contents of this webpage are released into the Public Domain for unlimited distribution.