GPG¶
This plugin implements the XEP-0027 “Current Jabber OpenPGP Usage”.
This is a plugin used to encrypt one-to-one conversation using the PGP encryption method. You can use it if you want really good privacy. Without this encryption, your messages are encrypted at least from your client (poezio) to your server. The message is decrypted by your server and you cannot control the encryption method of your messages from your server to your contact’s server (unless you are your own server’s administrator), nor from your contact’s server to your contact’s client.
This plugin does end-to-end encryption. This means that only your contact can decrypt your messages, and it is fully encrypted during all its travel through the internet.
Note that if you are having an encrypted conversation with a contact, you can not send XHTML-IM messages to him. They will be removed and be replaced by plain text messages.
Installation and configuration¶
You should autoload this plugin, as it will send your signed presence directly on login, making it easier for your contact’s clients to know that you are supporting GPG encryption. To do that, use the plugins_autoload configuration option.
You need to create a plugin configuration file. Create a file named gpg.cfg
into your plugins configuration directory (~/.config/poezio/plugins by
default), and fill it like this:
[gpg]
keyid = 091F9C78
passphrase = your OPTIONAL passphrase
[keys]
example@jabber.org = E3CFCDE2
juliet@xmpp.org = EF27ABCD
The gpg section is about your key. You need to specify the keyid, for the
key you want to use. You can as well provide a passphrase. If you don’t, you
should use a gpg agent or something like that that will ask your passphrase
whenever you need it.
The keys section contains your contact’s id keys. For each contact you want
to have encrypted conversations with, add her/his JID associated with the keyid
of his/her key. You can autogenerate a keys section based on the ones already
in your trust chain by running the script poezio_gpg_export provided with
poezio (in the scripts/ directory). Please double-check the section
created this way.
And that’s it, now you need to talk directly to the full jid of your contacts. Poezio doesn’t let you encrypt messages whom recipients is a bare JID.
Additionnal information on GnuPG¶
Create a key¶
To create a personal key, use
gpg --gen-key
and follow the instructions.
Keyid¶
The keyid (required in the gpg.cfg configuration file) is a 8 character-long key. You can get the ones you created or imported by using the command
gpg --list-keys
You will get something like
pub 4096R/01234567 2011-11-11
uid Your Name Here (comment) <email@example.org>
sub 4096R/AAFFBBCC 2011-11-11
pub 2048R/12345678 2011-11-12 [expire: 2011-11-22]
uid A contact’s name (comment) <fake@fake.fr>
sub 2048R/FFBBAACC 2011-11-12 [expire: 2011-11-22]
In this example, the keyids are 01234567 and 12345678.