Encrypt your instant messages with Pidgin

Martin Brinkmann
May 21, 2008
Updated • Feb 7, 2013
Encryption, Internet, Software, Yahoo
|
2

Pidgin is an Open Source multi-protocol Instant Messaging client that was formerly known as Prince Gaim. It works with many popular Instant Messaging clients like AIM, ICQ, MSN and Yahoo!. Normal conversations with Pidgin, or most other Instant Messaging clients are not encrypted which means that the text is transferred in plain text which means that any technologically inclined user can snoop on the conversation which is probably something that you would not want. I'm not only talking business situations here but also the daily chats at work with your friends or wife that you better keep secret. It could also come in handy if you are of the paranoid kind and prefer to tighten security on anything that you come in contact with.

The Pidgin Encryption plugin adds encryption to Pidgin by generating a public and private key during activation. Let me give you a short rundown on that encryption scheme. The public keys are accessible by all of your contacts which can use them to encrypt their messages. The only person who can decrypt those messages is the one with the private key that builds a pair with that public key. It comes down to swapping the public keys so that messages can be encrypted and decrypted on the fly.

Thankfully Pidgin does most of that automatically. There is no need, like in other applications, to transfer the public key on a different way to the other users. The keys are automatically created and the public key is automatically transferred to all contacts. There is however the possibility to exchange the keys using different way to increase the security. Meet your friend at a secret location and hand him the self destructing disk with your public key..

You obviously need Pidgin for that and the Pidgin Encryption Plugin. You can regenerate your key in the preferences and change the default size of 1024 bits to a value between 512 and 4096 bits. Make sure that both "Automatically Encrypt" boxes are checked. A list of the public keys of your buddies is also available in the preferences.

By default the conversations take place unencrypted. A user needs to press the TX button to encrypt the messages. If the user on the other end is not using the plugin he will see a notification that the message is encrypted and that he needs the plugin. If that is the case the TX button will show to be secure while the RX button will be plain. (I guess TX stands for Transmit while RX for Receive)

To always use encryption when chatting with a specific user you need to right-click that user and select Turn Auto-Encrypt On. To avoid man in the middle attacks you need to compare keys with your buddy. This can be done in the Pidgin preferences. I suggest another way of communication to compare the keys. (phone, irc, voip)

A last tip. If you use multiple computers you probably want to make sure that all use the same keys. You can do that by moving the keys from .pidgin directory in *nix or in the application data directory in Windows to the new computer. The keys are stored in the three files:

  • id.priv (private keys)
  • id (public keys)
  • known_keys

Each line of the files represents one key which means that you can also copy only selected keys to the other machine.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Ron said on June 6, 2008 at 2:03 am
    Reply

    i just tested this with a Yahoo! messenger user. The message that displayed on Yahoo! messenger was, “***Encrypted — Send Key” so it seems as if messages are being sent encrypted.

  2. addicted said on June 4, 2008 at 9:12 pm
    Reply

    Indeed, I know it is a great tool. But this means the person you are talking with need to have also pidgin – if the other person has yahoo messenger, I don’t think it would be able communicate with you.
    Or am I wrong…?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.