Project

General

Profile

Blowfish Encryption Manual » History » Version 11

Alturiak, 09/03/2018 07:05 PM

1 1 johu
h1. Blowfish Encryption
2 1 johu
3 5 johu
* required version *>=0.7*
4 4 johu
5 2 johu
h2. Introduction
6 1 johu
7 3 johu
Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is *highly recommend* to *[[Client-Core_SSL_support|setup SSL]]* in case of you are not running monolithic client.
8 2 johu
9 2 johu
!http://bugs.quassel-irc.org/attachments/304/core_deencryption.png!
10 2 johu
11 10 Alturiak
Quassel supports ECB and CBC modes, but defaults to ECB. Using CBC, however, is highly recommended if all involved parties support it. See *"this article":https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/* for more information.
12 10 Alturiak
13 2 johu
h2. Commands
14 2 johu
15 2 johu
a) setting a key for a user or channel 
16 2 johu
17 2 johu
> Usage
18 2 johu
<pre><code>/setkey <nick|channel> <key></code></pre>
19 2 johu
20 10 Alturiak
The key can be prefixed by either <code>ecb:</code> or <code>cbc:</code> to explicitly set the corresponding encryption mode.
21 10 Alturiak
> Examples
22 11 Alturiak
>> This sets the key for channel #test to 'testkey', implicitly using ECB mode:
23 10 Alturiak
<pre><code>/setkey #test testkey</code></pre>
24 10 Alturiak
25 11 Alturiak
>> This sets the key for channel #test to 'testkey', explicitly using CBC mode:
26 10 Alturiak
<pre><code>/setkey #test cbc:testkey</code></pre>
27 10 Alturiak
28 11 Alturiak
>> This sets the key for channel #test to 'testkey', explicitly using ECB mode:
29 10 Alturiak
<pre><code>/setkey #test ecb:testkey</code></pre>
30 10 Alturiak
31 10 Alturiak
32 2 johu
b) deleting a key for a user or channel
33 2 johu
34 2 johu
> Usage
35 4 johu
<pre><code>/delkey <nick|channel></code></pre>
36 7 johu
37 7 johu
c) show key for a user or channel (since *0.8*)
38 7 johu
39 7 johu
> Usage
40 7 johu
<pre><code>/showkey <nick|channel></code></pre>
41 8 Anonymous
42 8 Anonymous
d) Automatically negotiate a key with the target (DH-1080 key exchange; since *0.9.0*)
43 8 Anonymous
44 1 johu
> Usage
45 10 Alturiak
<pre><code>/keyx <nick></code></pre>
46 8 Anonymous
47 4 johu
h2. Build Instructions
48 4 johu
49 4 johu
Blowfish support for Quassel depends on *"QCA":http://delta.affinix.com/qca/* (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option. 
50 4 johu
51 4 johu
bq. _..._ -DWITH_CRYPT=ON _..._
52 4 johu
53 4 johu
For detailed build instructions have at look "general build instructons":http://bugs.quassel-irc.org/projects/quassel-irc/wiki/#Specific-installation-instructions.
54 6 johu
55 6 johu
h2. Troubleshooting
56 6 johu
57 9 sjefen6
* If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with _<code>/setkey <nick|channel> <key></code>_, you have to install *"qca-ossl":http://delta.affinix.com/qca/*.
58 1 johu
* To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl"
59 10 Alturiak
* Should you see "ERROR_NONECB" in front of incoming encrypted messages, the other side is using CBC. Set your encryption key using CBC mode (see above).