Blowfish Encryption Manual » History » Version 10
- required version >=0.7
Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is highly recommend to setup SSL in case of you are not running monolithic client.
Quassel supports ECB and CBC modes, but defaults to ECB. Using CBC, however, is highly recommended if all involved parties support it. See this article for more information.
a) setting a key for a user or channel
/setkey <nick|channel> <key>
The key can be prefixed by either
cbc: to explicitly set the corresponding encryption mode.
This sets the key for channel #test to 'testkey', implicitly using ECB mode.
/setkey #test testkey
This sets the key for channel #test to 'testkey', explicitly using CBC mode.
/setkey #test cbc:testkey
This sets the key for channel #test to 'testkey', explicitly using ECB mode.
/setkey #test ecb:testkey
b) deleting a key for a user or channel
c) show key for a user or channel (since 0.8)
d) Automatically negotiate a key with the target (DH-1080 key exchange; since 0.9.0)
Blowfish support for Quassel depends on QCA (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option.
... -DWITH_CRYPT=ON ...
For detailed build instructions have at look general build instructons.
- If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with
/setkey <nick|channel> <key>, you have to install qca-ossl.
- To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl"
- Should you see "ERROR_NONECB" in front of incoming encrypted messages, the other side is using CBC. Set your encryption key using CBC mode (see above).