Securing Instant Messaging

cover image for Securing Instant Messaging

For quite a while we have been using IRC for instant messaging and company internal chat. IRC is handy for it, especially as we’ve been able to set up some bots to secure our own channels.

However, as we already use GNU Privacy Guard (GPG) for securing our email communications, it makes sense to also start encrypting the instant messaging conversations.

While there are several different secure IM options available ranging from Skype to Off-the-Record Messaging. These are good alternatives, but since we already have the GPG key management infrastructure set up it makes sense to utilize it. And of course Jabber and Psi are open, multi-platform and standardized.

Steps for setting up secure, encrypted instant messaging:

  1. Create Google Talk account (or some other Jabber account)
  2. Download and install Psi client, and connect to Google Talk
  3. Generate a GPG key (if you don’t already have one for secure email)
  4. Set up GPG encryption for Psi

After this you can have encrypted conversations with any Jabber user whose public key you have.

Here is a screenshot of me having an IM conversation and switching encryption on and off couple times:

Encrypted Jabber chat with Psi

And here is how the raw Jabber XML output with encrypted messages looks like:

Raw encrypted XMPP messaging

The GPG encrypted Jabber conversations with Psi follow the JEP-0027: Current Jabber OpenPGP Usage specification.