This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Security

Gaim-Encryption: Simple encryption for instant messages

By Serge Wroclawski on October 01, 2004 (8:00:00 AM)

Share    Print    Comments   

Instant messaging is everywhere nowadays, but people who use it may be surprised to know how trivial it is to listen in on their private conversations. Snoopers can use tools like tcpdump and aimsniff to tap into the contents of the messages. But with a little free software, IMers can be secure in the knowledge their conversations are, well, secure.

Gaim is the most popular free instant messaging platform. Available for most Unix operating systems, Mac OS X, and Microsoft Windows, Gaim can connect to most IM networks, including AIM, Yahoo, MSN, and Jabber.

Gaim-Encryption is a Gaim plug-in that enables secure conversations over existing IM networks, and, like Gaim itself, Gaim-Encryption is available for most platforms. GNU/Linux users have a number of options, including non-official Debian sources, an RPM, or a tarball. Windows users can download the executable and install it normally.

After installation, you must activate Gaim-Encryption. Run Gaim, go to Tools->Preferences, Plug-ins, and enable the Gaim-Encryption plug-in by checking its button. Restart Gaim, and Gaim-Encryption will now generate a private key for each of your accounts.

Using Gaim-Encryption

Gaim-Encryption uses a public/private key mechanism similar to the one that PGP uses. When you first run Gaim-Encryption, it generates a set of keys -- essentially secret codes that others can use to communicate with you. By default, the settings for automatically finding out if another Gaim user has Gaim-Encryption is enabled, so when you first IM a person who uses Gaim-Encryption, the public keys are exchanged. From then on, the conversation between the two parties is encrypted during transport; though a snooper could see you're IMing, the message contents will be encrypted.

To ensure that the keys have been generated, go to Tools->Preferences, then Plugins->Gaim-Encryption. There you should see something that looks like this. On the left you should see your accounts, and on the right, your key fingerprints.

Key configuration

You know your conversation is encrypted by looking at the conversation window. You should see a lock icon. If the lock is locked and red, your messages are encrypted. Encrypted conversation

Every time you IM someone the first IM will be in clear text. Alternatively, you can tell Gaim-Encryption to always encrypt to a given user by selecting his name from your Buddy List and right-clicking on the preference saying "Turn auto-encrypt on."

Gaim-Encryption is an easy way to have secure online conversations with minimal effort, using existing IM protocols.

Serge Wroclawski has been a GNU/Linux user and free software advocate since 1997. He has more than five years experience doing system administration on both the small and enterprise levels. He currently works as an independent contractor in the Washington, D.C., area.

Share    Print    Comments   

Comments

on Gaim-Encryption: Simple encryption for instant messages

Note: Comments are owned by the poster. We are not responsible for their content.

The problem with Gaim-encryption

Posted by: Anonymous Coward on October 01, 2004 10:22 PM
Not sure if this writer really knows squat about Gaim - With its rapid 3 week release cycle it makes plugins also rapidly out of date. Gaim-encryption is not part of the core project - so whenever a user updates their version of Gaim, they 'lose' the Gaim-encryption plugin and need to re-install. The real problem comes from the fact that the plugin isn't updated as fast as Gaim itself. So unless you don't update Gaim as soon as the new version comes out (which everyone should do) for at least 1 week of every three week cycle you won't be able to use this plugin.
This writer is clearly a rank amateur and I hope he doesn't write for this site again.

#

Re:The problem with Gaim-encryption

Posted by: Matthew on October 01, 2004 10:47 PM
You luser... Just because Gaim comes out with a new version does not mean you have to upgrade, plus they just came out with version 1.0 and there is a gaim-encryption plugin for that. The writer knows plenty about gaim and he realizes that he does not have to upgrade when a new version of gaim comes out until he is ready. Stop trolling and get a hobby.

#

Re:The problem with Gaim-encryption

Posted by: Anonymous Coward on October 01, 2004 11:58 PM
hey 'luser' did you realize that a good portion of the fixes usually revolve around security? you stick with the 'old' version and some 'luser' will sure to 'sniff' your connection soon.

And hey who ever said trolling isn't a respectable hobby? What do you do for a hobby? Choak the chicken all day?

#

Re:The problem with Gaim-encryption

Posted by: Preston St. Pierre on October 02, 2004 02:27 AM
No, he instead learned to spell and knows to respect other people. You are an idiot. It is as simple as that. The only reason you are here is because you are too slow to get first post on Slashdot. Well, I have news for you asshole: This isn't Slashdot. Go away now, for you have been revealed.

#

Re:The problem with Gaim-encryption

Posted by: Anonymous Coward on October 01, 2004 11:13 PM
As of v1.0.0, the Gaim developers are seeking to adhere to the same plugin API for consequtive releases (as Kramlich informed a while back).

#

Kopete

Posted by: Anonymous Coward on October 02, 2004 02:50 AM
OR you could just use Kopete. This is all built in nowadays.

Psi's got it too. It's GPG all the way...

#

Why Gaim-encryption both rules and sucks

Posted by: Anonymous Coward on October 03, 2004 12:17 PM
Gaim-encryption is easy to use and a fantastic plug-in for Gaim. Unfortunately, as the article completely fails to mention, it foes not work with ANYTHING ELSE but gaim. That means you can only encrypt messages to other gaim clients. There os another emerging standard for encrypting messages using simple PGP armour.

My take on this topic? The author of gaim-encryption would have attained wider acceptance if he had stuck with convention and the author of the article did not do his homework very well.
--

#

Re:Why Gaim-encryption both rules and sucks

Posted by: Serge Wroclawski on October 05, 2004 09:01 AM
PGP is old and well established and I encourage its use for mail but it's not been very well adopted. I've gotten a number of non-geeks to use Gaim-Encryption, including those using Windows.

It's not as flexible as PGP, certainly, but let's not let the best be the enemy of the good.

#

Initial connection

Posted by: btk667 on October 04, 2004 11:08 PM
It is very important to encrypt all communication to ensure privacy and authentification. But with using GAIM, you can use AOL, ICQ, MSN and many other IM.

Gaim-encrypt module, does not encrypt the initial Username and password for a user to log into thoses system.

So anybody who listen to the communication will still be able to take the name and act as the "client". What can we do about that ?


 

#

Re:Initial connection

Posted by: Serge Wroclawski on October 05, 2004 04:51 AM
This is similar to GPG in email, the message is encrypted but not the sender nor recipient.

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya