Encryption support

[anonymous]

It would be really nice to have some kind of encryption support, so conversations do not need to be transfered as plain text. Preferably compatible with other IM clients.

[anonymous]

GPG encryption, like many jabber clients support it, would be nice.

[anonymous]

Actually, this is the only feature I am missing in v1.0. Any plans on this topic yet?

[anonymous]

I'm not sure something like this would be a good idea, especially for public servers. It would be a fake sense of security as the channel to BitlBee and the place where your private PGP key would be stored wouldn't be secure.

[anonymous]

Well even if it isn't usefull for public servers, there are lots of people out there, who run bitlbee on their own machine (which is the better way to use bitlbee anyway IMHO), where it would make sense to use encryption.

[wilmer]

Yes, people asked about this before. I don't know what's the best way to do this though, if it has to be compatible with other clients. Most likely there's a different solution for every protocol, not very convenient... :-(

Won't set a milestone for now, since I have no idea when to do this... GPG integration won't be a lot of fun, probably, GPG is a pretty big dependency monster AFAIK, and I don't know how useful it is from inside a server with the GPG keys not readable from ~/.gnupg/...

[anonymous]

The reason why GPG support would be nice is that it would be compatible with other clients that support that, e.g. Gajim or Kopete.

[anonymous]

Couldn't this be implemented through a script in your favourite IRC-client? This would also solve the problem that bitlbee might not be running on the same machine as the client.

[wilmer]

It could be, and I proposed it once, but OTOH it's not really in the (client-neutral) "spirit" of BitlBee. :-)

But yes, it does have advantages when it comes to key management.

[anonymous]

I'd happily make my IRC client decrypt it, but i can't seem to find a way to get hold of the encrypted message. I'm just getting [ERROR: This message is encrypted, and you are unable to decrypt it.].

I would love to be able to do so as a workaround until bitlbee can do it itself. Any hint?

[fthieme@…]

this "Error" message is the real message content from the Jabber protocol - as a backward compatibility for clients who don't understand encryption.

So there must be a component in BitlBee who understands that the irc client sends encrypted data to jabber and wrap that in a encrypted jabber packet and vice a versa. IIRC there is a checksum generated over the whole Jabber packet, so I don't know if that approach really works...

[Jelmer Vernooij]

Now that BitlBee has plugin support, maybe this would be something that's nice to implement as a plugin?

[ph030]

Since I'm very interested in this feature, I looked around a little and found out, that centericq is capable of doing gnupg-encrypted conversation over jabber. I don't know, but maybe it's possible to have a look at their code and use it for bitlbee?

[kamagurka]

Shouldn't it be possible to just appropriate the code psi uses for its gnupg integration? The fact that bitlbee doesn't support this is the only reason I'm still using psi rather than that.

[Jelmer Vernooij]

There are no plans of implementing this at this point. If you are interested in working on it (maybe as a plugin ?) we'd be happy to assist.

[anonymous]

encryption would be really cool. best would be a plugin for all the different im's out there so we dont have trouble getting encryption working between different clients. Finally!! :P

[anonymous]

not being able of using gpg with jabber (or another messenger) is really a pain.. if i would be capable of coding i would try to help out.. but since i can't, i have to ask for official support :) are there any plans to go at it?

[lostlogic]

Anyone looked into porting pidgen-encryption (gaim-encryption) to bitlbee?

[anonymous]

pidgin-encryption is client-specific. OTR is a much better solution; Kopete and climm, in mainline, support it, and then Pidgin and irssi via plugins.

But, now that we have bitlbee-otr, it's not so much of a concern. I'd like to see it in mainline I suppose though; it'd be better than GPG (#44) for most people.

[noel@…]

bitlbee-otr ported to 1.2.3 main line

[noel@…]

I've taken the bitlbee-otr tree and merged it against the main line. I've cleaned up the voice and op stuff in order to be a bit more in line with how the rest of bitlbee works.

Still working on the doc directory changes. What else would you like to see in order to get this merged?

[Wilmer van der Gaast <wilmer@…>]

Hello,

I saw your mail but didn't have the chance to respond yet since I'm travelling, sorry. Anyway, I'm not sure if I want to merge OTR into mainline since IMHO it's a reasonably obscure thihng most users aren't so interested in. I'd be much happier to have it as a plugin (and I think I'd be fine with shipping the plugin with the BitlBee source code itself).

Although I prefer irssi-otr because it's really end-to-end, I do agree that bitlbee-otr is more in the "works with any IRC client" spirit, so it'd be nice to make this available to more users.

Enabling it on a public server that doesn't do proper SSL (so including good certificates) would be lame though. :-)

Thank you for your efforts!

[Noel Cragg <noel@…>]

I saw your mail but didn't have the chance to respond yet since I'm
travelling, sorry.

OK, wasn't sure whether you just got mail from the bug tracking system
or not, so figured I'd send to both places.

I'd be much happier to have it as a plugin (and I
think I'd be fine with shipping the plugin with the BitlBee source code
itself).

OK, I'll figure out how to do that.

[wilmer]

OTR has a different bug already, and it's fixed. :-)