imported>B42 |
imported>B42 |
| (22 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| This module allows you to encrypt private conversations using the [https://otr.cypherpunks.ca/ OTR protocol]. Several popular [https://otr.cypherpunks.ca/software.php IRC clients] support OTR (usually requiring a plugin).
| | [http://wiki.znc.in/Otr This page has been moved to ZNC wiki.] |
| | |
| For more information about OTR, see:
| |
| * https://otr.cypherpunks.ca/
| |
| * https://otr.im/
| |
| | |
| == Installing ==
| |
| | |
| The module source is available at https://github.com/mmilata/znc-otr. You can
| |
| download a
| |
| [https://github.com/mmilata/znc-otr/archive/master/znc-otr-master.tar.gz
| |
| tarball] directly if you don't want to use git. Once you have the source code,
| |
| follow the instructions for [http://wiki.znc.in/Compiling_modules compiling]
| |
| and [http://wiki.znc.in/Modules#.28Un.29Loading_Modules loading ZNC modules].
| |
| | |
| == Usage ==
| |
| To request OTR-encrypted conversation with someone, send them the message
| |
| ''?OTR?'' in a private conversation. If the request succeeds the module informs
| |
| you about it and requests that you authenticate the other side if you haven't
| |
| previously done so.
| |
| | |
| The module is controlled by sending commands to the ''*otr'' nick. The commands
| |
| are listed below.
| |
| | |
| Please note that otr is a network module meaning that if your account has
| |
| multiple IRC networks then each has its own instance of the module and its own
| |
| ''*otr'' nick.
| |
| | |
| === Commands ===
| |
| | |
| ==== help ====
| |
| Prints the table of available commands together with their short description.
| |
| | |
| ==== info ====
| |
| Shows the table of known fingerprints. The table has five columns:
| |
| | |
| * '''Peer''' - nick on this network the following fingerprint belong to
| |
| * '''State''' - the peer can be in three states:
| |
| ** ''plaintext'' - OTR not active, messages are not encrypted
| |
| ** ''encrypted'' - OTR active, private messages are encrypted
| |
| ** ''finished'' - peer finished the OTR session but we did not (using the finish command) - messages are blocked
| |
| * '''Fingerprint''' - fingerprint of the private key used by the peer some time in the past
| |
| * '''Act''' - if OTR is active for this nick, asterisk denotes the fingerprint corresponding to the private key used
| |
| * '''Trust''' - whether the fingerprint is trusted:
| |
| ** ''not trusted'' - default state for new unknown fingerprint
| |
| ** ''manual'' - fingerprint set as trusted using the ''trust'' command
| |
| ** ''shared secret'' - fingerprint set as trusted using the ''auth'' or ''authq'' command
| |
| | |
| Example:
| |
| <pre>
| |
| <alice> info
| |
| <*otr> +-------+-----------+----------------------------------------------+-----+---------------+
| |
| <*otr> | Peer | State | Fingerprint | Act | Trust |
| |
| <*otr> +-------+-----------+----------------------------------------------+-----+---------------+
| |
| <*otr> | bob | plaintext | 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 | | manual |
| |
| <*otr> | carol | encrypted | 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC | * | shared secret |
| |
| <*otr> | | | AEB4DEDE 5D025A1C 6A735BD5 7D82385A 7E03E21D | | not trusted |
| |
| <*otr> +-------+-----------+----------------------------------------------+-----+---------------+
| |
| <*otr> Your fingerprint: A305FE90 2B4A8038 03BF89F7 5BBD5595 4B9D209A.
| |
| </pre>
| |
| In this example, we know one fingerprint from bob which we manually verified.
| |
| We currently don't have OTR-encrypted conversation with bob. We have active
| |
| OTR session with carol for whom we have two known fingerprints - the first one
| |
| corresponds to the carol's private key used in our current conversation and has
| |
| been verified using the OTR shared secret authentication mechanism. We did not | |
| verify that the other one really belongs to carol.
| |
| | |
| ==== trust <nick|fingerprint> ====
| |
| If the argument is nick and we have OTR conversation with nick, their current
| |
| fingerprint is marked as trusted. You can pass the hexadecimal value directly
| |
| instead of the nick it belongs to.
| |
| | |
| You should only use this command after verifying over another channel (e.g.
| |
| phone, in person) that it is indeed the fingerprint used by your peer.
| |
| | |
| Example:
| |
| <pre>
| |
| <alice> trust bob
| |
| <*otr> [bob] Fingerprint 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 trusted!
| |
| <alice> trust 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC
| |
| <*otr> [carol] Fingerprint 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC trusted!
| |
| </pre>
| |
| | |
| ==== distrust <nick|fingerprint> ====
| |
| This works the same way as the ''trust'' command, except that it marks the
| |
| fingerprint as not trusted.
| |
| | |
| ==== finish <nick> ====
| |
| ==== auth <nick> <secret> ====
| |
| ==== authq <nick> <[question]> <secret> ====
| |
| ==== authabort <nick> ====
| |
| ==== genkey [--overwrite] ====
| |
| | |
| == Security considerations ==
| |
| * use it on client if possible
| |
| * ssl
| |
| * logging
| |
| * admin/sole user
| |
| | |
| == Bugs ==
| |
| broken clients - finish & ?OTR?
| |
