User:B42/OTR: Difference between revisions

From base48
imported>B42
No edit summary
imported>B42
No edit summary
Line 49: Line 49:
Example:
Example:
<pre>
<pre>
<alice> info
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> | Peer  | State    | Fingerprint                                  | Act | Trust        |
<*otr> | Peer  | State    | Fingerprint                                  | Act | Trust        |
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> | alice | plaintext | 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 |    | manual        |
<*otr> | bob  | plaintext | 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 |    | manual        |
<*otr> | bob  | encrypted | 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC |  *  | shared secret |
<*otr> | carol | encrypted | 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC |  *  | shared secret |
<*otr> |      |          | AEB4DEDE 5D025A1C 6A735BD5 7D82385A 7E03E21D |    | not trusted  |
<*otr> |      |          | AEB4DEDE 5D025A1C 6A735BD5 7D82385A 7E03E21D |    | not trusted  |
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> Your fingerprint: A305FE90 2B4A8038 03BF89F7 5BBD5595 4B9D209A.
<*otr> Your fingerprint: A305FE90 2B4A8038 03BF89F7 5BBD5595 4B9D209A.
</pre>
</pre>
In this example, we know one fingerprint from alice which we manually verified.
In this example, we know one fingerprint from bob which we manually verified.
We currently don't have OTR-encrypted conversation with alice. We have active
We currently don't have OTR-encrypted conversation with bob. We have active
OTR session with bob for whom we have two known fingerprints - the first one
OTR session with carol for whom we have two known fingerprints - the first one
corresponds to the bob's private key used in our current conversation and has
corresponds to the carol's private key used in our current conversation and has
been verified using the OTR shared secret authentication mechanism. We did not
been verified using the OTR shared secret authentication mechanism. We did not
verify that the other one really belongs to bob.
verify that the other one really belongs to carol.


==== trust <nick|fingerprint> ====
==== trust <nick|fingerprint> ====
If the argument is nick and we have OTR conversation with nick, their current
fingerprint is marked as trusted. You can pass the hexadecimal value directly
instead of the nick it belongs to.
You should only use this command after verifying over another channel (e.g.
phone, in person) that it is indeed the fingerprint used by your peer.
Example:
<pre>
<alice> trust bob
<*otr> [bob] Fingerprint 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 trusted!
<alice> trust 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC
<*otr> [carol] Fingerprint 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC trusted!
</pre>
==== distrust <nick|fingerprint> ====
==== distrust <nick|fingerprint> ====
This works the same way as the ''trust'' command, except that it marks the
fingerprint as not trusted.
==== finish <nick> ====
==== finish <nick> ====
==== auth <nick> <secret> ====
==== auth <nick> <secret> ====

Revision as of 11:45, 10 April 2014

This module allows you to encrypt private conversations using the OTR protocol. Several popular IRC clients support OTR (usually requiring a plugin).

For more information about OTR, see:

Installing

The module source is available at https://github.com/mmilata/znc-otr. You can download a [https://github.com/mmilata/znc-otr/archive/master/znc-otr-master.tar.gz tarball] directly if you don't want to use git. Once you have the source code, follow the instructions for compiling and loading ZNC modules.

Usage

To request OTR-encrypted conversation with someone, send them the message ?OTR? in a private conversation. If the request succeeds the module informs you about it and requests that you authenticate the other side if you haven't previously done so.

The module is controlled by sending commands to the *otr nick. The commands are listed below.

Please note that otr is a network module meaning that if your account has multiple IRC networks then each has its own instance of the module and its own *otr nick.

Commands

help

Prints the table of available commands together with their short description.

info

Shows the table of known fingerprints. The table has five columns:

  • Peer - nick on this network the following fingerprint belong to
  • State - the peer can be in three states:
    • plaintext - OTR not active, messages are not encrypted
    • encrypted - OTR active, private messages are encrypted
    • finished - peer finished the OTR session but we did not (using the finish command) - messages are blocked
  • Fingerprint - fingerprint of the private key used by the peer some time in the past
  • Act - if OTR is active for this nick, asterisk denotes the fingerprint corresponding to the private key used
  • Trust - whether the fingerprint is trusted:
    • not trusted - default state for new unknown fingerprint
    • manual - fingerprint set as trusted using the trust command
    • shared secret - fingerprint set as trusted using the auth or authq command

Example: 

<alice> info
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> | Peer  | State     | Fingerprint                                  | Act | Trust         |
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> | bob   | plaintext | 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 |     | manual        |
<*otr> | carol | encrypted | 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC |  *  | shared secret |
<*otr> |       |           | AEB4DEDE 5D025A1C 6A735BD5 7D82385A 7E03E21D |     | not trusted   |
<*otr> +-------+-----------+----------------------------------------------+-----+---------------+
<*otr> Your fingerprint: A305FE90 2B4A8038 03BF89F7 5BBD5595 4B9D209A.

In this example, we know one fingerprint from bob which we manually verified. We currently don't have OTR-encrypted conversation with bob. We have active OTR session with carol for whom we have two known fingerprints - the first one corresponds to the carol's private key used in our current conversation and has been verified using the OTR shared secret authentication mechanism. We did not verify that the other one really belongs to carol.

trust <nick|fingerprint>

If the argument is nick and we have OTR conversation with nick, their current fingerprint is marked as trusted. You can pass the hexadecimal value directly instead of the nick it belongs to.

You should only use this command after verifying over another channel (e.g. phone, in person) that it is indeed the fingerprint used by your peer.

Example: 

<alice> trust bob
<*otr> [bob] Fingerprint 94A1353B 60A58E73 82CE8999 CBBD7B92 5E9EBB87 trusted!
<alice> trust 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC
<*otr> [carol] Fingerprint 378A8445 3FC3933C 73C917C8 BFE4C18B 5CE65CFC trusted!

distrust <nick|fingerprint>

This works the same way as the trust command, except that it marks the fingerprint as not trusted.

finish <nick>

auth <nick> <secret>

authq <nick> <[question]> <secret>

authabort <nick>

genkey [--overwrite]

Security considerations

  • use it on client if possible
  • ssl
  • logging
  • admin/sole user

Bugs

broken clients - finish & ?OTR?

Retrieved from "https://wiki.base48.cz/w/index.php?title=User:B42/OTR&oldid=3136"