Blowfish Encryption Manual » History » Version 11
Alturiak, 09/03/2018 07:05 PM
1 | 1 | johu | h1. Blowfish Encryption |
---|---|---|---|
2 | 1 | johu | |
3 | 5 | johu | * required version *>=0.7* |
4 | 4 | johu | |
5 | 2 | johu | h2. Introduction |
6 | 1 | johu | |
7 | 3 | johu | Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is *highly recommend* to *[[Client-Core_SSL_support|setup SSL]]* in case of you are not running monolithic client. |
8 | 2 | johu | |
9 | 2 | johu | !http://bugs.quassel-irc.org/attachments/304/core_deencryption.png! |
10 | 2 | johu | |
11 | 10 | Alturiak | Quassel supports ECB and CBC modes, but defaults to ECB. Using CBC, however, is highly recommended if all involved parties support it. See *"this article":https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/* for more information. |
12 | 10 | Alturiak | |
13 | 2 | johu | h2. Commands |
14 | 2 | johu | |
15 | 2 | johu | a) setting a key for a user or channel |
16 | 2 | johu | |
17 | 2 | johu | > Usage |
18 | 2 | johu | <pre><code>/setkey <nick|channel> <key></code></pre> |
19 | 2 | johu | |
20 | 10 | Alturiak | The key can be prefixed by either <code>ecb:</code> or <code>cbc:</code> to explicitly set the corresponding encryption mode. |
21 | 10 | Alturiak | > Examples |
22 | 11 | Alturiak | >> This sets the key for channel #test to 'testkey', implicitly using ECB mode: |
23 | 10 | Alturiak | <pre><code>/setkey #test testkey</code></pre> |
24 | 10 | Alturiak | |
25 | 11 | Alturiak | >> This sets the key for channel #test to 'testkey', explicitly using CBC mode: |
26 | 10 | Alturiak | <pre><code>/setkey #test cbc:testkey</code></pre> |
27 | 10 | Alturiak | |
28 | 11 | Alturiak | >> This sets the key for channel #test to 'testkey', explicitly using ECB mode: |
29 | 10 | Alturiak | <pre><code>/setkey #test ecb:testkey</code></pre> |
30 | 10 | Alturiak | |
31 | 10 | Alturiak | |
32 | 2 | johu | b) deleting a key for a user or channel |
33 | 2 | johu | |
34 | 2 | johu | > Usage |
35 | 4 | johu | <pre><code>/delkey <nick|channel></code></pre> |
36 | 7 | johu | |
37 | 7 | johu | c) show key for a user or channel (since *0.8*) |
38 | 7 | johu | |
39 | 7 | johu | > Usage |
40 | 7 | johu | <pre><code>/showkey <nick|channel></code></pre> |
41 | 8 | Anonymous | |
42 | 8 | Anonymous | d) Automatically negotiate a key with the target (DH-1080 key exchange; since *0.9.0*) |
43 | 8 | Anonymous | |
44 | 1 | johu | > Usage |
45 | 10 | Alturiak | <pre><code>/keyx <nick></code></pre> |
46 | 8 | Anonymous | |
47 | 4 | johu | h2. Build Instructions |
48 | 4 | johu | |
49 | 4 | johu | Blowfish support for Quassel depends on *"QCA":http://delta.affinix.com/qca/* (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option. |
50 | 4 | johu | |
51 | 4 | johu | bq. _..._ -DWITH_CRYPT=ON _..._ |
52 | 4 | johu | |
53 | 4 | johu | For detailed build instructions have at look "general build instructons":http://bugs.quassel-irc.org/projects/quassel-irc/wiki/#Specific-installation-instructions. |
54 | 6 | johu | |
55 | 6 | johu | h2. Troubleshooting |
56 | 6 | johu | |
57 | 9 | sjefen6 | * If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with _<code>/setkey <nick|channel> <key></code>_, you have to install *"qca-ossl":http://delta.affinix.com/qca/*. |
58 | 1 | johu | * To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl" |
59 | 10 | Alturiak | * Should you see "ERROR_NONECB" in front of incoming encrypted messages, the other side is using CBC. Set your encryption key using CBC mode (see above). |