Blowfish Encryption

  • required version >=0.7


Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is highly recommend to setup SSL in case of you are not running monolithic client.

Quassel supports ECB and CBC modes (default is ECB in versions <0.13 and CBC in versions >=0.13). Using CBC, however, is highly recommended if all involved parties support it. See this article for more information.


a) setting a key for a user or channel


/setkey <nick|channel> <key>

The key can be prefixed by either ecb: or cbc: to explicitly set the corresponding encryption mode.


This sets the key for channel #test to 'testkey', implicitly using the above-mentioned default-mode:

/setkey #test testkey

This sets the key for channel #test to 'testkey', explicitly using CBC mode:

/setkey #test cbc:testkey

This sets the key for channel #test to 'testkey', explicitly using ECB mode:

/setkey #test ecb:testkey

b) deleting a key for a user or channel


/delkey <nick|channel>

c) show key for a user or channel (since 0.8)


/showkey <nick|channel>

d) Automatically negotiate a key with the target (DH-1080 key exchange; since 0.9.0)


/keyx <nick>

Build Instructions

Blowfish support for Quassel depends on QCA (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option.


For detailed build instructions have at look general build instructons.


  • If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with /setkey <nick|channel> <key>, you have to install qca-ossl.
  • To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl"
  • Should you see "ERROR_NONECB" in front of incoming encrypted messages, the sender is using CBC while you're using ECB mode. Set your encryption key using CBC mode (see above).