Blowfish Encryption Manual » History » Version 14
Alturiak, 09/04/2018 09:16 PM
| 1 | 1 | johu | h1. Blowfish Encryption |
|---|---|---|---|
| 2 | 1 | johu | |
| 3 | 5 | johu | * required version *>=0.7* |
| 4 | 4 | johu | |
| 5 | 2 | johu | h2. Introduction |
| 6 | 1 | johu | |
| 7 | 3 | johu | Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is *highly recommend* to *[[Client-Core_SSL_support|setup SSL]]* in case of you are not running monolithic client. |
| 8 | 2 | johu | |
| 9 | 2 | johu | !http://bugs.quassel-irc.org/attachments/304/core_deencryption.png! |
| 10 | 2 | johu | |
| 11 | 13 | Alturiak | Quassel supports ECB and CBC modes (default is ECB in versions <0.13 and CBC in versions >=0.13). Using CBC, however, is highly recommended if all involved parties support it. See *"this article":https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/* for more information. |
| 12 | 10 | Alturiak | |
| 13 | 2 | johu | h2. Commands |
| 14 | 2 | johu | |
| 15 | 2 | johu | a) setting a key for a user or channel |
| 16 | 2 | johu | |
| 17 | 2 | johu | > Usage |
| 18 | 2 | johu | <pre><code>/setkey <nick|channel> <key></code></pre> |
| 19 | 2 | johu | |
| 20 | 10 | Alturiak | The key can be prefixed by either <code>ecb:</code> or <code>cbc:</code> to explicitly set the corresponding encryption mode. |
| 21 | 10 | Alturiak | > Examples |
| 22 | 14 | Alturiak | >> This sets the key for channel #test to 'testkey', implicitly using the above-mentioned default-mode: |
| 23 | 10 | Alturiak | <pre><code>/setkey #test testkey</code></pre> |
| 24 | 10 | Alturiak | |
| 25 | 11 | Alturiak | >> This sets the key for channel #test to 'testkey', explicitly using CBC mode: |
| 26 | 10 | Alturiak | <pre><code>/setkey #test cbc:testkey</code></pre> |
| 27 | 10 | Alturiak | |
| 28 | 11 | Alturiak | >> This sets the key for channel #test to 'testkey', explicitly using ECB mode: |
| 29 | 10 | Alturiak | <pre><code>/setkey #test ecb:testkey</code></pre> |
| 30 | 10 | Alturiak | |
| 31 | 10 | Alturiak | |
| 32 | 2 | johu | b) deleting a key for a user or channel |
| 33 | 2 | johu | |
| 34 | 2 | johu | > Usage |
| 35 | 4 | johu | <pre><code>/delkey <nick|channel></code></pre> |
| 36 | 7 | johu | |
| 37 | 7 | johu | c) show key for a user or channel (since *0.8*) |
| 38 | 7 | johu | |
| 39 | 7 | johu | > Usage |
| 40 | 7 | johu | <pre><code>/showkey <nick|channel></code></pre> |
| 41 | 8 | Anonymous | |
| 42 | 8 | Anonymous | d) Automatically negotiate a key with the target (DH-1080 key exchange; since *0.9.0*) |
| 43 | 8 | Anonymous | |
| 44 | 1 | johu | > Usage |
| 45 | 10 | Alturiak | <pre><code>/keyx <nick></code></pre> |
| 46 | 8 | Anonymous | |
| 47 | 4 | johu | h2. Build Instructions |
| 48 | 4 | johu | |
| 49 | 4 | johu | Blowfish support for Quassel depends on *"QCA":http://delta.affinix.com/qca/* (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option. |
| 50 | 4 | johu | |
| 51 | 4 | johu | bq. _..._ -DWITH_CRYPT=ON _..._ |
| 52 | 4 | johu | |
| 53 | 4 | johu | For detailed build instructions have at look "general build instructons":http://bugs.quassel-irc.org/projects/quassel-irc/wiki/#Specific-installation-instructions. |
| 54 | 6 | johu | |
| 55 | 6 | johu | h2. Troubleshooting |
| 56 | 6 | johu | |
| 57 | 9 | sjefen6 | * If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with _<code>/setkey <nick|channel> <key></code>_, you have to install *"qca-ossl":http://delta.affinix.com/qca/*. |
| 58 | 1 | johu | * To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl" |
| 59 | 12 | Alturiak | * Should you see "ERROR_NONECB" in front of incoming encrypted messages, the sender is using CBC while you're using ECB mode. Set your encryption key using CBC mode (see above). |