Blowfish Encryption Manual » History » Version 12
« Previous -
Version 12/14
(diff) -
Next » -
Current version
Alturiak, 09/03/2018 07:06 PM
Blowfish Encryption¶
- required version >=0.7
Introduction¶
Blowfish can be used to encrypt messages between 2 persons in query, messages in channel and the topic. In Quassel all messages will be de-/encrypted on core. So it is highly recommend to setup SSL in case of you are not running monolithic client.
Quassel supports ECB and CBC modes, but defaults to ECB. Using CBC, however, is highly recommended if all involved parties support it. See this article for more information.
Commands¶
a) setting a key for a user or channel
Usage
/setkey <nick|channel> <key>
The key can be prefixed by either ecb:
or cbc:
to explicitly set the corresponding encryption mode.
Examples
This sets the key for channel #test to 'testkey', implicitly using ECB mode:
/setkey #test testkey
This sets the key for channel #test to 'testkey', explicitly using CBC mode:
/setkey #test cbc:testkey
This sets the key for channel #test to 'testkey', explicitly using ECB mode:
/setkey #test ecb:testkey
b) deleting a key for a user or channel
Usage
/delkey <nick|channel>
c) show key for a user or channel (since 0.8)
Usage
/showkey <nick|channel>
d) Automatically negotiate a key with the target (DH-1080 key exchange; since 0.9.0)
Usage
/keyx <nick>
Build Instructions¶
Blowfish support for Quassel depends on QCA (Qt Cryptographic Architecture) library. It is needed to compile your core/monolithic client with crypt compile option.
... -DWITH_CRYPT=ON ...
For detailed build instructions have at look general build instructons.
Troubleshooting¶
- If Quassel crashes (like #1045) when tries to send a message to a <nick|channel> where a blowfish encryption key has been set with
/setkey <nick|channel> <key>
, you have to install qca-ossl. - To use blowfish in debian you might need the "libqca2-plugin-ossl" package. "sudo apt-get install libqca2-plugin-ossl"
- Should you see "ERROR_NONECB" in front of incoming encrypted messages, the sender is using CBC while you're using ECB mode. Set your encryption key using CBC mode (see above).