Wednesday, July 2, 2008

Encrypted Instant Messages using Pidgin

The Internet is a public network, and Instant Messaging is one of its insecure applications to transmit data on. As we all know, we send and receive messages as plain-text. Good news for Pidgin users. Using the Pidgin-encryption plug-in, we may now encrypt our messages using RSA(it supports up to 4096 bit keys). Please take note that both IM sender and IM recipient should be running Pidgin and the plug-in.

Procedures to use the plugin:

1. Download the installer for your Operating system at:
2. After the download, close all pidgin sessions.
3. Install the plug-in and reopen Pidgin.
4. Click Ctrl+U to Open the plugins menu.
5. Ensure that the checkbox "Automatically encrypt if sent an encrypted message"
6. Open a chat session window to your message recipient. On the upper portion of the chat window, you should be able to see a greyed out padlock icon. Clicking on this icon will send your public key to the message recipient, and vice versa.
7. At this time, both padlock icons on the sender and recipient message windows should appear to be colored green. Messages are now encrypted.

Here is a raw network capture from Wireshark (user1 and user2 are the example sender and recipient):

YMSG.............^.;5..user1..4..user2..252..Z/YAXR/gsD81TK//5AKdAQDlhLP/tA==..97..1..14..*** Encrypted :: Key: Prot NSS 1.0: Len 249:f/4NLoFOLHIPWvvhaZJjo9Ec5+kgGm8w,MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9JZlcgp8bW2THtnYFVAMzLThbRn53aYPoOJx+gcs+D1AsnO+s+hezzIqToMGjpm+kDitcuX6oHa/vB8dWR3YUWYXaqjqAAgIFuXan6QEMQdxl2S4f4Le9xmjxQM0pW5Ly5MB7eZjW0GEuywvFR6ZhJGX9JY+b4+Pg7GtE/Y6HsQIDAQAB..63..;0..64..0..