You probably found out that it's a good thing to encrypt private communication but how going about that task? OTR is an long established encryption method that you can transparently lay over any communication channel. It gives you real private communication like I have explained here.
That means if you and your buddy both have OTR available you can chat privately over (nearly) any messenger protocol like Jabber/XMPP, MSN, ICQ and even Facebook! The catch here is that your messenger needs to be able to encrypt and decrypt OTR messages. But there is a software program that even works in the dark worlds of Windows and Mac. It's called Pidgin on Linux and Windows and Adium on Mac.
Here I explain how to set up Pidgin for Ubuntu Linux:
Contents: 1. Install and enable OTR 2. Confirm encryption status 3. Verify/authenticate someone
Install and enable OTR
- Open a Termina:
CTRL + ALT + t
- Install Pidgin and OTR:
sudo apt-get install pidgin pidgin-otr
- Open Pidgin and set up you messenger accounts. You can always add/remove/reconfigure accounts under
Sidenote: I would recommend you get yourself a Jabber account.
- Go to:
- To make sure that Pidgin is logging conversations even if OTR is active click
Off-the-Record Messagingis highlighted.
- Verify that
Don't log OTR conversationsis unchecked.
Pidgin will now automatically enable OTR if the chat partner also has OTR available. Note that the first message in a new chat will initiate the encryption but will not be encrypted itself.
If OTR becomes active for the first time on your computer it may take a while to generate the cryptographic keys. It may seem as if Pidgin hangs. Just give it a while.
Confirm encryption status
Every chat-window now features an OTR-indicator. The following states exist:
- Encrypted but not verified:
"Unverified" in this context means that you have not made sure that the other person really is the other person. It still could be that there is the so called "man-in-the-middle" logging and storing your conversation. The thread of a man-in-the-middle-attack always lingers in the background in this unverified state.
- Encrypted and verified:
"Verified" means that you have made sure cryptographically that the other person really is the other person. If the "Verified"-status downgrades to "Unverfied" again it can either mean that the other person has reinstalled their system or that your communication channel is under attack.
To verify someones identity and remove the thread of a man-in-the-middle-attack you can click the OTR-indicator and then
There you are presented with three options which are quite self-explanatory. One note about
Question and answer though: It's quite helpful to give a hint about the correct spelling directly in the question. A question like "Whats the name of my first pet? Answer: J..." should avoid errors.