Project

General

Profile

Blowfish Encryption Manual » History » Version 13

Version 12 (Alturiak, 09/03/2018 07:06 PM) → Version 13/14 (Alturiak, 09/04/2018 09:16 PM)

h1. Blowfish Encryption

* required version *>=0.7*

h2. Introduction

Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is *highly recommend* to *[[Client-Core_SSL_support|setup SSL]]* in case of you are not running monolithic client.

!http://bugs.quassel-irc.org/attachments/304/core_deencryption.png!

Quassel supports ECB and CBC modes (default is ECB in versions <0.13 and CBC in versions >=0.13). modes, but defaults to ECB. Using CBC, however, is highly recommended if all involved parties support it. See *"this article":https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/* for more information.

h2. Commands

a) setting a key for a user or channel

> Usage
<pre><code>/setkey <nick|channel> <key></code></pre>

The key can be prefixed by either <code>ecb:</code> or <code>cbc:</code> to explicitly set the corresponding encryption mode.
> Examples
>> This sets the key for channel #test to 'testkey', implicitly using ECB mode:
<pre><code>/setkey #test testkey</code></pre>

>> This sets the key for channel #test to 'testkey', explicitly using CBC mode:
<pre><code>/setkey #test cbc:testkey</code></pre>

>> This sets the key for channel #test to 'testkey', explicitly using ECB mode:
<pre><code>/setkey #test ecb:testkey</code></pre>

b) deleting a key for a user or channel

> Usage
<pre><code>/delkey <nick|channel></code></pre>

c) show key for a user or channel (since *0.8*)

> Usage
<pre><code>/showkey <nick|channel></code></pre>

d) Automatically negotiate a key with the target (DH-1080 key exchange; since *0.9.0*)

> Usage
<pre><code>/keyx <nick></code></pre>

h2. Build Instructions

Blowfish support for Quassel depends on *"QCA":http://delta.affinix.com/qca/* (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option.

bq. _..._ -DWITH_CRYPT=ON _..._

For detailed build instructions have at look "general build instructons":http://bugs.quassel-irc.org/projects/quassel-irc/wiki/#Specific-installation-instructions.

h2. Troubleshooting

* If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with _<code>/setkey <nick|channel> <key></code>_, you have to install *"qca-ossl":http://delta.affinix.com/qca/*.
* To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl"
* Should you see "ERROR_NONECB" in front of incoming encrypted messages, the sender is using CBC while you're using ECB mode. Set your encryption key using CBC mode (see above).