[talk] encrypted chat server?
bcully at gmail.com
Mon May 1 08:43:19 EDT 2017
> On 29-Apr-2017, at 10:30, Isaac (.ike) Levy <ike at blackskyresearch.net> wrote:
> I'm looking to do it with some form of end to end crypto, (I don't care
> if the server itself does tls etc...), so I know client end tools are
> probably the more important thing I should dig into looking at.
> (Including iOS/Android apps.)
> - What's the state of the art for simple encrypted chat?
Mostly XMPP from where I sit, but that shouldn’t be a surprise. ChatSecure is available on iOS/Android, supports old-school OTR and OMEMO (which is what Signal uses). There’s more out there for Android, but I’m not au fait with it, and iOS’s options seem to be, at least for free, ChatSecure. On the Unix side of things, libpurple and the Pidgin clients all support OTR (including Adium), though I don’t think OMEMO. CoyIM has builds for Windows, OS X, and Linux. Everything I’ve mentioned is FOSS, which repos on GitHub if you don’t want to use the pre-packaged stuff as well.
> - Any OTR users in the house who can point me at an overview of the
> state of that tooling?
Old OTR works well, but can be kind of clumsy due to how the protocol sniffs itself. OMEMO is properly advertised, has a ton of support for different types of ciphers and can do key negotiation while one of the party’s offline. In basically every way a better protocol, but it’s more heavyweight, and doesn’t work with my client of choice (Adium), so I only really know about it from the XSF mailing list discussions.
> - Is there any way to use good old IRC for transport, or is XMPP really
> the thing?
I think you’ll have a hard time finding anything that will do end-to-end encryption with group chats. It’s being worked on in the XSF right now, but nothing seems to support it well. Apple’s solution with Messages is to basically have your device send n copies of a message, each separately encrypted, without any real server support, like you’d find with something like IRC or XMPP MUC.
> This is obviously not good for iOS/Android use, but PGP integration is
> cool, but I'd REALLY like to know if there is any chat tooling which
> could leverage SSH public keys? (Already a culture my peeps understand
> how to manage ver well…)
PGP and OMEMO are supposed to work together, but as usual that comes with the normal PGP key management issues, and I’m unsure how much client support there is. Something like SSH isn’t going to work because of the way OMEMO distributes its public keys (from what I understand, it basically pre-generates a bunch of public keys which get stored on the server, each one is single use for a given messaging session, as the keys get used, new ones get put in).
> On the server end, I'm obviously looking for a clean/reliable solution...
Good luck. Let me know if anything works out for you.
More information about the talk