Today I wanted to try out off-the-record
messaging (OTR) using mcabber. I did not really find any
documentation or web sites saying anything else than "It works!" so I
decided to write this Nano How-To for other people having the same
problem.
Get a usable mcabber version
mcabber started supporting OTR from version 0.9.4 onwards.
E.g. the version in Debian "Etch" 4.0 is way too old (0.8.3), so you
have to make do somehow different (back-port, source compile, magic,
etc.).
I created a .deb of mcabber 0.9.7 using the current testing version
as a template (for ARM only, so no downloads). To do this I had to
recompile the libotr2 package, too, as 3.0 apparently is too old.
Set up mcabber for OTR
mcabber stores its configuration in ~/.mcabber, and
its OTR keys in ~/.mcabber/otr, so mkdir
~/.mcabber/otr.
You also have to append/uncomment set otr = 1 in
~/.mcabber/mcabberrc. AFAIK this has to be done in the
configuration file and a running mcabber has to be restarted for key
generation.
Key generation takes time (roughly seven minutes on my NSLU2, mere
fractions of seconds on your shiny new 256-core CPU) and will be
started as soon as you restart mcabber. The key will be deposited in
~/.mcabber/otr/<JID>.key
.
Now set up your buddies for OTR
Of course you have to talk them into using a OTR capable client but
that is beyond the scope of this document ;). What I mean is that you
have to enable OTR for your buddies in mcabber by issuing
/otrpolicy <JID> opportunistic or /otrpolicy
<JID> always. The value of <JID> can
be an actual JID (e.g. foo@bar.baz or .
which is the currently selected buddy. You can (and should) save this
in your ~/.mcabber/mcabberrc like this:
otrpolicy <JID> opportunistic
(Or always instead of opportunistic, of
course.)
If you now talk to your buddy a OTR channel will be established
(the first thing you say will be unencrypted so you probably want to
say something inconspicuous like "Hi!", and not directly "Care to
overthrow the government of $COUNTRY?"). mcabber will print these
messages:
*** OTR: new fingerprint: NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN
*** OTR: channel established
where NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN is the
fingerprint of your counterpart. Verify this via a secure channel
(which of course is not the OTR channel as long as the
fingerprint is not verified... use a signed and trusted email for
that).
If you have verified your counterpart's key issue /otr
fingerprint <JID> "NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN"
(spaces are important!) to trust the key. This will be saved in
~/.mcabber/otr/<YourJID>.fpr automatically so no
need to change your ~/.mcabber/mcabberrc for this.
Now you and OTR should be all set (up). Have fun and don't
overthrow too many poor governments! And Kathrin, thanks for your
help :).
