Encryption
From PsiWiki
There are 2 types of encryption:
- end-to-end (e2e) encryption - Psi supports GnuPG
- client-to-server (c2s) encryption - Psi supports SSL/TLS for encrypted communication with the server
TODO: to be merged to be merged
Contents |
Setting up GnuPG
(could be moved to something like... "Helper Documents")
No matter how well designed a messaging network is, it is often possible for someone to intercept and read your messages. Although we cannot stop the possibility of someone intercepting your message, we can stop them reading it by encrypting it.
Rather than re-inventing the wheel by developing encryption especially for Psi, we use a very fine encryption program called Gnu Privacy Guard (GnuPG). GnuPG is a free replacement for Pretty Good Privacy (PGP), and suits Psi better because it runs on Windows, Mac and Linux. To use encryption in Psi, you will first need to install and configure GnuPG.
First, download and install GnuPG. The method for doing this will vary depending on your Operating System. A correct installation of GnuPG on Windows will add a registry key that tells the system where gpg.exe is located. If you cannot open a command prompt window and run gpg.exe, then you will need to ensure that the gpg.exe executable is in your PATH. Refer to your Windows manual for how to change the executable PATH.
Creating Key Pairs
(could be moved to something like... "Helper Documents")
To use GnuPG, you will need to create something called a key pair. One key is public, you give this to your friends. When they message you, Psi encrypts their messages with your public key, and you unscramble it using your private key. Never give your private key to anyone at all, ever! By keeping your private key secure, your friends are guaranteed of your identity when they chat to you. To create a key pair, use this command:
gpg --gen-key
You will be asked the length of key to create; 1024 bit is fine. You will also be asked for a passphrase. This will be the password to your private key, so you'll need to remember it! You may also be asked for a comment; this is optional. You might also like to upload your public key to the keyserver network so that your friends can automatically download it, but that's beyond the scope of this document. Read your GnuPG documentation, or download a graphical GnuPG front-end like WinPT or GPGshell.
Configuring Psi
After you have configured GnuPG you must quit and restart Psi in order for it to detect the installation. Now, click the Psi menu and select Account Setup. Choose the account you wish to use encryption with, and click the Modify button. When the Account Properties dialog appears, select the Details tab and click the Select Key button in the OpenPGP section. If this button is greyed out, make sure you have restarted Psi since installing GnuPG. Select your private key and click the OK button. You will be returned to the Account Properties dialog and prompted for your private key password.
Assigning GnuPG keys
Using Encryption
Before reading this section, you should read the Setting up Encryption chapter. It explains how to set up GnuPG for use with Psi.
encrypt button To be able to send someone encrypted messages, you need to have their public key in your GnuPG keychain. For someone to be able to send encrypted messages to you, they need to have your public key. To learn how to import and export keys, read your GnuPG documentation, or use a graphical front end like WinPT or GPGshell.
If you have the public key of the friend you wish to have an encrypted chat to, and he has yours, then you can click the encrypt icon shown in the picture on the right.
chat encrypted After clicking the button, type and send a message. You may be prompted to select your friend's public key. Choose it and click the OK button. You will see a green message in your chat window, saying that encryption has been enabled (shown on the left). The lock icon will show a closed lock with a gold glow around it, indicating that GnuPG is successfully scrambling your chats.
The example above shows a chat being encrypted. You can also encrypt regular messages by clicking the same icon in the message window.
Usage
Once set up, end-to-end encryption can be used for encrypted Chats or encrypted Messages.
