Recent searches
Search options
Getting started with XMPP/Jabber and PGP for federated, encrypted messaging
This is a short thread where I explain how I started using the XMPP protocol and PGP encryption for secure messaging. I am not a security expert, but I am a mathematician and I am confortable with the Linux command line. This guide is for people who want to use PGP for secure messaging easily. You will need to be okay with typing commands into the Linux command line in order to do this, but I will tell you exactly what to enter.
Part 1: XMPP
Mastodon is like email, but for social media. You sign up for an account with a server, and then you can talk with any other accounts that are signed up on other servers, as long as your servers are getting along. (No one wants emails from the sketchy spam server, and we want to be able to choose between Yahoo, Gmail, etc.) XMPP (a.k.a. Jabber) is the same thing for text messaging.
Just like signing up for an email/Mastodon account, you need to sign up for an account. You can find a list of servers at https://list.jabber.at/ and will probably at least need to provide an email addess when making an account.
Once you have made an account, you need a client. On Linux, I've been having a good time using Dino (https://dino.im/). You can then enter your account name and password to log into your XMPP account and start chatting! There are both public rooms and you can also message directly with your friends.
#security #PGP #XMPP #FOSS #Jabber #Dino #MonoclesChat
(1/4)
Part 2: PGP
PGP stands for Pretty Good Privacy and has a pretty storied history. The US goverment considered it a crime to teach the system to people outside the US during the 1990s (https://en.wikipedia.org/wiki/Pretty_Good_Privacy). Today, it is still considered a bit arcane to use, but I will do my best to make this simple.
In order to use PGP, you create a pair of "keys". One is your "private key" that you keep to yourself, and the other is your "public key" that you share. You use someone's public key to encrypt a message for them. Only they can use their private key to decrypt and read it.
This is how to use a program called GPG (GNU Privacy Guard, https://www.gnupg.org/) to create a key pair.
1) GPG should already be installed on many Linux distributions. Run
gpg --version
to see if GPG is installed. If you don't see anything, then download GPG from the link above.
2) Generate a public/private key pair. Before you do this, write down a strong passphrase. You will be on a timer to type it in or you will have to start over. This passphrase allows you to use your private key without having to manually type it out, which would take forever. You will also need to provide a "real name" (which can be anything) and an email address. These will show up on your messages created with PGP, but don't actually have to have any connection to your email account or name. In order to generate the key pair, do
gpg --gen-key
(2/4)
3) On Dino, you should be able to click the top-left hamburger menu to see an "Accounts" option. In your account settings there is a spot that says OpenPGP followed by "Key Publishing Disabled Select Key". Click on that and you will be able to choose your PGP key that you created earlier.
4) If you and a friend both do this, then you can use PGP to message securely on XMPP. On Dino, you must each start a direct conversation with each other by hitting the + button on the menu and then slecting "Start Conversation" and putting in the other person's account name and server. Even though you can talk to each other just from a request one way, you must both do this in order to use PGP.
5) Once you have each requested to message each other, click on the little lock symbol to the right of where you write a message. Select "OpenPGP". Dino will automatically encypt and decrypt messages as appropriate. You will now need to use your passphrase for your PGP key each time you start Dino to read the encrypted messages.
(3/4)
Part 3: Mobile and beyond
You can do all of this on mobile, too. I found a client called monocles chat (https://f-droid.org/packages/de.monocles.chat/) for Android that supports PGP using an application called OpenKeychain (https://www.openkeychain.org/) for handling keys. You can either generate a key pair on there, or copy the files containing your keys from Linux to your phone and use them there. (I'd avoid posting that private key file to any online storage, so local network is best.)
You can also manually display your public key and encrypt or decrypt messages through the command line with GPG.
There is another option for secure messaging on XMPP called OMEMO which is based on the Signal protocol. I have some concerns about corporation that maintains the Signal app and with the protocol itself. Signal is run by people with heavy ties to the usual sources of power in Silicon Valley, and is being heavily marketed as the "secure messaging app for activists". This central control and marketing sound dubious to me, especially because their emphasis on "forward security" means that you should be generating keys constantly on an internet-connected device. PGP makes it possible to create keys on a machine that never touches the internet again, so you can have some assurance that you're not having your keys read on creation by someone who controls your device.
(4/4)
@caten I've heard people recommend against PGP; my only personal experience with it is that it's hard and confusing, but apparently it's also insecure: https://www.latacora.com/blog/2019/07/16/the-pgp-problem/, https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
@olynch I actually read both of these recently. There have been exploits due to poor implementations in the past. Neither article does much to address actual security issues, and both tell us the same thing: use Signal (or even Whatsapp, incredibly) for messaging. Major criticisms of PGP seem to be "antisocial nerds like it, so why should you" and "use Signal". I think there are both social and technical reasons that Signal is suspect, as mentioned in my earlier post.
@caten Believe me, I used to have all sorts of fun as a teenager emailing "secrets" in PGP to my one friend who also had a PGP key, but I just don't think it's practical to convince most of my friends to use it.
With regard to PGP creating keys on a machine that never touches the internet... I'm not really sure I get why this is important, as I will certainly touch the internet every time I *use* the key. I don't know why you are privileging "key creation time" as the sensitive time.
Also, I guess even if I convince my friends that it's practical, there's all sorts of ways that they could mess up using it in such a way so that our conversations get leaked. Like, there's a 50% chance that at some point someone only configures for signing, not encryption. I'll take the low-percentage chance that Moxie is not actually committed to user privacy over the high-percentage chance that me or my friends fuck up using PGP any day.
@olynch If I were to create a pair of keys on a machine with no wireless card and then manually copy the public key to another machine for broadcasting, there is no chance that I had my private key copied due to the machine being compromised. If I am really concerned about security, I can copy encrypted messages to that device with a flash drive, decrypt and read them there, and perhaps destroy the drive.
If I generate keys on an Android device every month, I am open to the possibility that my device is compromised and contains my private key. This would of course be true if I copied my private PGP key to my phone for the convenience of reading encrypted messages there, too.
The big concern here is that in the current US political climate, it would be convenient to convince people there is a very secure application for activists to message each other when in fact both the hardware and software they are using is exploitable. One way to keep tabs on people is to make sure they do everything online with as little understanding of the process as possible.
@caten Ah, that's a good point about the separation between keys. It's not paranoia when they really are out to get you!
For activists in particular I can see this making sense; I was thinking about "generally making mass snooping untenable" where you also have to encrypt normal conversations.
If we're being paranoid though, I do worry about metadata for encrypted emails, and also the fact that it sticks out like a sore thumb. I wouldn't be surprised if the US government saves a copy of every PGP encrypted email just in case they get the key later; the same would not be true of Signal messages. I guess if you run your own email server and only connect to it over an encrypted transport that solves that problem...
@olynch There's no need for email if you can agree on a random, niche, anonymous forum to watch. You can drop encrypted messages there that could be for anyone. You could even write them into images, if you feel like being a little less conspicuous.
I truly hope I never have a real use for this kind of obfuscation, by the way, but it's fun to think about.
@olynch @caten I had noticed this thread the other day and I guess I wanted to just chime in to support the idea that using XMPP with OpenPGP is probably not a very good way to secure communications.
I'm certainly nothing resembling an expert on cryptography or infosec, but I've also been a long time user of these tools. I was using PGP back when it was still relatively young (before GPG even existed), used OpenPGP for email, and I actually used to do encrypted instant messaging with the Pidgin OTR plugin. So I'm sympathetic to the desire to do something like use OpenPGP with XMPP for secure messaging. But as far as I can understand, it's not a very good solution to the problem.
@olynch mentioned a couple articles arguing against the use of OpenPGP for most purposes. I figured I'd throw in one more:
https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/
@olynch @caten I find the tone of many of these articles annoying, but it does seem like their underlying arguments have merit. It seems like the objections to OpenPGP are essentially these:
1. Its basic architecture predates much of the modern research on cryptography, so it embodies many choices that are now regarded as unwise, just as a result of its age.
2. It has attempted to maintain backward compatibility, and that necessarily creates a large attack surface in any software.
3. For reasons of backward comparability and flexibility, it support many options, so it's too easy to select a set of options that are not actually secure.
4. It was designed as a very general tool, but different cryptographic properties are desirable in different contexts, so it is better to use a tool was that designed for the specific context in question.
5. It is based around the use of long-term keys, but the odds of users realistically keeping keys secure long term is low, so this is a bad approach.
6. The trust model (web of trust) is not practically workable, so in practice you won't really have reliable authentication.
7. It's generally a bit too hard to use for the average person, so there isn't wide enough adoption to make it very useful (to wit, though I had OpenPGP setup for years on my email, I could probably count the number of encrypted emails I received on my fingers.
But really the main reason that I would tend toward using other tools, like Signal, is that it seems to be what the vast majority of cryptographers and infosec practitioners advise, and I assume they understand the issues better than I do.
@olynch @caten I personally enjoy monkeying with some of these more complex systems at times, but I also must acknowledge that the practical security of a system is defined by the realistic behavior the humans that use it, and not by what they are capable of on their best day, or even an average day, but how they will behave on their worst day, when they are tired, or in a rush, or distracted. And so to achieve durable, practical security a system must be relatively simple and easy to use.
I also have to acknowledge that a lot of the people who need to use such systems, lawyers, activists, journalists, are not techies who like monkeying with such things, so for that reason it also makes sense to support ecosystems of tools that are simple enough that they can realistically use them.
@olynch @caten Oh, I also think an instructive practical example of the dangers of point #1 above is the Efail exploit that would allow an attacker to exfiltrate some of the plaintext content of encrypted email (using either OpenPGP or S/MIME):
https://en.wikipedia.org/wiki/EFAIL
To my understanding, a key factor in this exploit is that these encryption schemes did not require authentication and used older block cipher modes that allow an attacker to insert data into the ciphertext stream without detection by the decryption process. Such an exploit would not be possible in a system that only supported more modern cryptographic schemes.
David Sommerseth Many of these various complaints against PGP have merits. But the cryptographic aspects seems to be worked on and improved, which will in some cases sacrifice backwards compatibility with it (with newer ciphers being unavailable on older implementations).
https://www.openpgp.org/community/
The biggest gripe I have with PGP is mostly the "user experience". Key management is hard, web-of-trust is essentially dead in practice, the tools to use PGP are hard to use.
For most common users, I would claim that Proton with their Proton Mail service has come very far in regards to make key management far easier - and you don't need to use any tools to get it working. I'm an admin for 15+ people using Proton, none of these users (non-tech people) are aware of them using PGP or encryption - even less so that it is opportunistically.
That's where we should get in the end. "Hiding" the encryption aspects so well users don't think about it. Signal has that "feature", as well as Simplex Chat - and probably some more as well.
For the command line crowd ... GnuPG is a true nightmare - and it's astonishing it's been accepted for so long as it has. In practice, it's a mostly functional reference implementation, but very end-user hostile in the very end (and mostly only gpg "experts" will disagree). But there's hope here as well.
I've started using Sequoia-PGP. A complete re-implementation of the OpenPGP standard with a new command line interface which is actually possible to grasp - with both more reasonable man pages and online docs. And it is far more pleasant to use with scripting.
@olynch @caten it's surprising to me just how much attention these articles (and their various kin) keep getting, considering what rather muddled pieces of writing they are.
there are many reasonable complaints to be made about openpgp. none of them, i believe, disqualify pgp as a security mechanism - even though reasonable people can of course recommend to use different mechanisms for all kinds of reasons. including ease of use.
@caten Adding to this list: @delta is a multi-platform messenger software that uses (the already federated) email infrastructure as transport layer, and OpenPGP for confidentiality.
(One typical way to use Delta Chat is with a separate email address that's not publicly associated with the user, but it's also possible to use a regular, pre-existing, identity-bound email address)
@caten in my experience openpgp is quite good in 1:1 chats but a nightmare in private group chats (muc)
I prefer the new xeps 0373 and 0374 "OpenPGP for XMPP" (OX) over the old xep 0027, but unfortunately no mobile client supports it yet. Afaik only #gajim and #profanity support it. #xmpp #pgp
@caten@mathstodon.xyz