Project

General

Profile

Blowfish Encryption Manual » History » Version 11

« Previous - Version 11/14 (diff) - Next » - Current version
Alturiak, 09/03/2018 07:05 PM


Blowfish Encryption

  • required version >=0.7

Introduction

Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is highly recommend to setup SSL in case of you are not running monolithic client.

Quassel supports ECB and CBC modes, but defaults to ECB. Using CBC, however, is highly recommended if all involved parties support it. See this article for more information.

Commands

a) setting a key for a user or channel

Usage

/setkey <nick|channel> <key>

The key can be prefixed by either ecb: or cbc: to explicitly set the corresponding encryption mode.

Examples

This sets the key for channel #test to 'testkey', implicitly using ECB mode:

/setkey #test testkey

This sets the key for channel #test to 'testkey', explicitly using CBC mode:

/setkey #test cbc:testkey

This sets the key for channel #test to 'testkey', explicitly using ECB mode:

/setkey #test ecb:testkey

b) deleting a key for a user or channel

Usage

/delkey <nick|channel>

c) show key for a user or channel (since 0.8)

Usage

/showkey <nick|channel>

d) Automatically negotiate a key with the target (DH-1080 key exchange; since 0.9.0)

Usage

/keyx <nick>

Build Instructions

Blowfish support for Quassel depends on QCA (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option.

... -DWITH_CRYPT=ON ...

For detailed build instructions have at look general build instructons.

Troubleshooting

  • If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with /setkey <nick|channel> <key>, you have to install qca-ossl.
  • To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl"
  • Should you see "ERROR_NONECB" in front of incoming encrypted messages, the other side is using CBC. Set your encryption key using CBC mode (see above).