Encrypted instant messaging with Jabber and GnuPG

Last edited

Protect your pricacy with GnuPG

GnuPG protects the content but not the metadata

GnuPG, sometimes called OpenPGP has been around for many years. It encrypts your messages, both email and jabber. The encryption of GnuPG is secure. When your keysize is sufficient it is general considered to be practically unbreakable.

However, what GnuPG does not do is hide the people you are communicating with. This means that parties which can monitor your network traffic can still see with what ip addresses you have connections.

Debian offer several Jabber clients with encryption support

With Debian you can choose from several Jabber clients, like

  • MCabber
  • Gajim
  • Psi

You have to have a GnuPG/OpenPGP key

If you have not used GnuPG before, you will have to generate a key. Debian provide some excelent information on this, see

You have to have a GnuPG/OpenPGP key of your buddies

You will need to have the public key of the people with whom you want to set up secure communication.

First you have to import the public keys of the people you want to set up secure communication. Get their public key and import them with gpg --import . If their key is on the keyservers then you can do a gpg --recv-keys .

After this set the trust value for each imported key:

gpg --edit-key <key id>

Encrypted messaging with MCabber

MCabber is a console Jabber client. The advantages of a console client are:

  • Lightweight
  • Can be used over ssh
  • Can be run in GNU Screen

Setting up MCabber

After installing with ```apt-get install mcabber''' the config file for MCabber needs to be made. Create a directory ~/.mcabber with permissions 700 and gunzip the example rc-file from /usr/share/doc/mcabber/examples/ into this directory.

Edit this file and change the following lines.

set jid = <your jabber id>
set password = <your jabber password>
set pgp = 1
set pgp_private_key = "<your private pgp key>"
set pgp_passphrase = "<the password to unlock your private key>"

After this, start MCabber and see if everything works out fine.

Encrypted messaging with MCabber

Start MCabber.

For each person create an association with their public key:

/pgp setkey <buddy jabber id> <keyid>
/pgp enable <buddy jabber id>

Check the settings with:

/pgp info <buddy jabber id>

Now you can start communicating in a secure way.

Recognizing secure communication

There is a small but important difference in the presentation of the messages:

03-01 16:32 <~= received encrypted message
03-01 16:33 <== received plain text message
03-01 16:34 -~> send encrypted message
03-01 16:35 -~> send plain text message

The difference is the use of the tilde character ( ~ ) in the lines.

Encrypted messaging with Gajim

Using encryption in Psi is quite simple.

Start with importing the gpg keys of your buddies into your GnuPG keyring, like described above. Then start Gajim.

From the main menu, choose Edit - Accounts. Open the tab "Personal Information". Here you can choose your private key.

Choose a buddy from the list of buddies. Right click on the buddy. Now a menu opens, choose "Manage Contact - Asign OpenPGP key". Choose the right public key for this buddy.

Now open a chat window with this budy. The bottom of this window shows a row of icons. The right icon shows a menu of advanced options. Here you have the option "Toggle OpenPGP Encryption". After choosing this option, you will have setup secure communication.

Encrypted messaging with Psi

Using encryption in Psi is quite simple.

Again, start with importing the gpg keys of your buddies into your GnuPG keyring. Then start Psi.

Choose a buddy from the buddylist in Psi and open a chat window. In the right corner click on the downward poiting triangle. This opens a menu. Click on "Toggle encryption".

Psi will ask you to choose the proper key.

From this moment on you will have secure communication with this buddy. Psi will notify this with the line "Encryption Enabled" in your chat window.