gaim-e

Janusz A. Urbanowicz alex at bofh.net.pl
Wed Aug 21 17:04:02 CEST 2002 

Eric M Krause wrote/napisał[a]/schrieb:
> On Wed, 2002-08-21 at 21:17, Janusz A. Urbanowicz wrote:
> > Eric Krause wrote/napisał[a]/schrieb:
> > > Gents,
> > 
> > > I would just like to thank you all for your hard work with gpgme and gpg. 
> > > I've recently converted gaim-e to using gpgme for all of it's gpg love. 
> > > It makes things so easy and clean.  If any of you use gaim and would like
> > > encrypted instant messages, please give gaim-e a look.
> > 
> > Which protocol do you encrypt? 
> 
> Right now we are using gpg for the key transfer, and then we use rc5
> from there.  I guess that will follow into my next question:  We are
> trying to add more functionality to gaim-e.  Right now the rc5 code was
> written by the original developer.  It has serious endian issues.  Is
> there a library that is as easy to use as gpgme out there that could do
> rc5, rc6, twofish, blowfish etc?

libmcrypt I'd say, or openssl. 

> > If Jabber, is it compatible with gpg encryption from gabber?

> I didn't know that gabber did gpg.  I was under the impression that
> gabber was done with ssl.

Gabber can use SSL for clien-server encryption (if the server supports is)
and Gnu PG for client-client encryption and authentication.

> If you have any information about this, it would be appreciated.  I know
> that being able to work with gabber is my biggest request.

I guess so. Encryptts and/or signs every message with client gnupg key. The
Jabber protocol also supports some form of signature presence authorsation.
I suggest you to read Jabber protocol encryption description avaliable here:
http://www.jabber.org/jeps/jep-0027.html - "Current Jabber OpenPGP Usage"
and http://www.jabber.org/jeps/jep-0031.html - "A Framework For Securing
Jabber Conversatiosns".

From your terse description I'm under impression that you are doing the
encryption in the 'naive' way, exchanging keys and, then using some sort of
streaming mode (my wild guess) to encipher individual messages. This is hard
to do well and consider all possible weaknesses. I suggest you to use
approach more similar to Jabber/Gabber - use existing crypto formats and
features and don't reinvent the wheel.

Alex
-- 
C _-=-_ H Janusz A. Urbanowicz, stomil at jabber.org, 
 ; (_O :  	
 ! &~) ?  
A ~-=-~ O

More information about the Gnupg-devel mailing list