Recent searches
Search options
Getting started with XMPP/Jabber and PGP for federated, encrypted messaging
This is a short thread where I explain how I started using the XMPP protocol and PGP encryption for secure messaging. I am not a security expert, but I am a mathematician and I am confortable with the Linux command line. This guide is for people who want to use PGP for secure messaging easily. You will need to be okay with typing commands into the Linux command line in order to do this, but I will tell you exactly what to enter.
Part 1: XMPP
Mastodon is like email, but for social media. You sign up for an account with a server, and then you can talk with any other accounts that are signed up on other servers, as long as your servers are getting along. (No one wants emails from the sketchy spam server, and we want to be able to choose between Yahoo, Gmail, etc.) XMPP (a.k.a. Jabber) is the same thing for text messaging.
Just like signing up for an email/Mastodon account, you need to sign up for an account. You can find a list of servers at https://list.jabber.at/ and will probably at least need to provide an email addess when making an account.
Once you have made an account, you need a client. On Linux, I've been having a good time using Dino (https://dino.im/). You can then enter your account name and password to log into your XMPP account and start chatting! There are both public rooms and you can also message directly with your friends.
#security #PGP #XMPP #FOSS #Jabber #Dino #MonoclesChat
(1/4)
Part 2: PGP
PGP stands for Pretty Good Privacy and has a pretty storied history. The US goverment considered it a crime to teach the system to people outside the US during the 1990s (https://en.wikipedia.org/wiki/Pretty_Good_Privacy). Today, it is still considered a bit arcane to use, but I will do my best to make this simple.
In order to use PGP, you create a pair of "keys". One is your "private key" that you keep to yourself, and the other is your "public key" that you share. You use someone's public key to encrypt a message for them. Only they can use their private key to decrypt and read it.
This is how to use a program called GPG (GNU Privacy Guard, https://www.gnupg.org/) to create a key pair.
1) GPG should already be installed on many Linux distributions. Run
gpg --version
to see if GPG is installed. If you don't see anything, then download GPG from the link above.
2) Generate a public/private key pair. Before you do this, write down a strong passphrase. You will be on a timer to type it in or you will have to start over. This passphrase allows you to use your private key without having to manually type it out, which would take forever. You will also need to provide a "real name" (which can be anything) and an email address. These will show up on your messages created with PGP, but don't actually have to have any connection to your email account or name. In order to generate the key pair, do
gpg --gen-key
(2/4)
3) On Dino, you should be able to click the top-left hamburger menu to see an "Accounts" option. In your account settings there is a spot that says OpenPGP followed by "Key Publishing Disabled Select Key". Click on that and you will be able to choose your PGP key that you created earlier.
4) If you and a friend both do this, then you can use PGP to message securely on XMPP. On Dino, you must each start a direct conversation with each other by hitting the + button on the menu and then slecting "Start Conversation" and putting in the other person's account name and server. Even though you can talk to each other just from a request one way, you must both do this in order to use PGP.
5) Once you have each requested to message each other, click on the little lock symbol to the right of where you write a message. Select "OpenPGP". Dino will automatically encypt and decrypt messages as appropriate. You will now need to use your passphrase for your PGP key each time you start Dino to read the encrypted messages.
(3/4)
Part 3: Mobile and beyond
You can do all of this on mobile, too. I found a client called monocles chat (https://f-droid.org/packages/de.monocles.chat/) for Android that supports PGP using an application called OpenKeychain (https://www.openkeychain.org/) for handling keys. You can either generate a key pair on there, or copy the files containing your keys from Linux to your phone and use them there. (I'd avoid posting that private key file to any online storage, so local network is best.)
You can also manually display your public key and encrypt or decrypt messages through the command line with GPG.
There is another option for secure messaging on XMPP called OMEMO which is based on the Signal protocol. I have some concerns about corporation that maintains the Signal app and with the protocol itself. Signal is run by people with heavy ties to the usual sources of power in Silicon Valley, and is being heavily marketed as the "secure messaging app for activists". This central control and marketing sound dubious to me, especially because their emphasis on "forward security" means that you should be generating keys constantly on an internet-connected device. PGP makes it possible to create keys on a machine that never touches the internet again, so you can have some assurance that you're not having your keys read on creation by someone who controls your device.
(4/4)
@caten I've heard people recommend against PGP; my only personal experience with it is that it's hard and confusing, but apparently it's also insecure: https://www.latacora.com/blog/2019/07/16/the-pgp-problem/, https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
@olynch I actually read both of these recently. There have been exploits due to poor implementations in the past. Neither article does much to address actual security issues, and both tell us the same thing: use Signal (or even Whatsapp, incredibly) for messaging. Major criticisms of PGP seem to be "antisocial nerds like it, so why should you" and "use Signal". I think there are both social and technical reasons that Signal is suspect, as mentioned in my earlier post.
@caten Believe me, I used to have all sorts of fun as a teenager emailing "secrets" in PGP to my one friend who also had a PGP key, but I just don't think it's practical to convince most of my friends to use it.
With regard to PGP creating keys on a machine that never touches the internet... I'm not really sure I get why this is important, as I will certainly touch the internet every time I *use* the key. I don't know why you are privileging "key creation time" as the sensitive time.
Also, I guess even if I convince my friends that it's practical, there's all sorts of ways that they could mess up using it in such a way so that our conversations get leaked. Like, there's a 50% chance that at some point someone only configures for signing, not encryption. I'll take the low-percentage chance that Moxie is not actually committed to user privacy over the high-percentage chance that me or my friends fuck up using PGP any day.
@olynch @caten I had noticed this thread the other day and I guess I wanted to just chime in to support the idea that using XMPP with OpenPGP is probably not a very good way to secure communications.
I'm certainly nothing resembling an expert on cryptography or infosec, but I've also been a long time user of these tools. I was using PGP back when it was still relatively young (before GPG even existed), used OpenPGP for email, and I actually used to do encrypted instant messaging with the Pidgin OTR plugin. So I'm sympathetic to the desire to do something like use OpenPGP with XMPP for secure messaging. But as far as I can understand, it's not a very good solution to the problem.
@olynch mentioned a couple articles arguing against the use of OpenPGP for most purposes. I figured I'd throw in one more:
https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/
@olynch @caten I find the tone of many of these articles annoying, but it does seem like their underlying arguments have merit. It seems like the objections to OpenPGP are essentially these:
1. Its basic architecture predates much of the modern research on cryptography, so it embodies many choices that are now regarded as unwise, just as a result of its age.
2. It has attempted to maintain backward compatibility, and that necessarily creates a large attack surface in any software.
3. For reasons of backward comparability and flexibility, it support many options, so it's too easy to select a set of options that are not actually secure.
4. It was designed as a very general tool, but different cryptographic properties are desirable in different contexts, so it is better to use a tool was that designed for the specific context in question.
5. It is based around the use of long-term keys, but the odds of users realistically keeping keys secure long term is low, so this is a bad approach.
6. The trust model (web of trust) is not practically workable, so in practice you won't really have reliable authentication.
7. It's generally a bit too hard to use for the average person, so there isn't wide enough adoption to make it very useful (to wit, though I had OpenPGP setup for years on my email, I could probably count the number of encrypted emails I received on my fingers.
But really the main reason that I would tend toward using other tools, like Signal, is that it seems to be what the vast majority of cryptographers and infosec practitioners advise, and I assume they understand the issues better than I do.
@olynch @caten Oh, I also think an instructive practical example of the dangers of point #1 above is the Efail exploit that would allow an attacker to exfiltrate some of the plaintext content of encrypted email (using either OpenPGP or S/MIME):
https://en.wikipedia.org/wiki/EFAIL
To my understanding, a key factor in this exploit is that these encryption schemes did not require authentication and used older block cipher modes that allow an attacker to insert data into the ciphertext stream without detection by the decryption process. Such an exploit would not be possible in a system that only supported more modern cryptographic schemes.
