mcabber and OTR

Today I wanted to try out off-the-record messaging (OTR) using mcabber. I did not really find any documentation or web sites saying anything else than “It works!” so I decided to write this Nano How-To for other people having the same problem.

Get a usable mcabber version

mcabber started supporting OTR from version 0.9.4 onwards. E.g. the version in Debian “Etch” 4.0 is way too old (0.8.3), so you have to make do somehow different (back-port, source compile, magic, etc.).

I created a .deb of mcabber 0.9.7 using the current testing version as a template (for ARM only, so no downloads). To do this I had to recompile the libotr2 package, too, as 3.0 apparently is too old.

Set up mcabber for OTR

mcabber stores its configuration in ~/.mcabber, and its OTR keys in ~/.mcabber/otr, so mkdir ~/.mcabber/otr.

You also have to append/uncomment set otr = 1 in ~/.mcabber/mcabberrc. AFAIK this has to be done in the configuration file and a running mcabber has to be restarted for key generation.

Key generation takes time (roughly seven minutes on my NSLU2, mere fractions of seconds on your shiny new 256-core CPU) and will be started as soon as you restart mcabber. The key will be deposited in ~/.mcabber/otr/<JID>.key

.

Now set up your buddies for OTR

Of course you have to talk them into using a OTR capable client but that is beyond the scope of this document . What I mean is that you have to enable OTR for your buddies in mcabber by issuing /otrpolicy <JID> opportunistic or /otrpolicy <JID> always. The value of <JID> can be an actual JID (e.g. foo@bar.baz or . which is the currently selected buddy. You can (and should) save this in your ~/.mcabber/mcabberrc like this:

 otrpolicy <JID> opportunistic 

(Or always instead of opportunistic, of course.)

If you now talk to your buddy a OTR channel will be established (the first thing you say will be unencrypted so you probably want to say something inconspicuous like “Hi!”, and not directly “Care to overthrow the government of $COUNTRY?”). mcabber will print these messages:

 *** OTR: new fingerprint: NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN *** OTR: channel established 

where NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN is the fingerprint of your counterpart. Verify this via a secure channel (which of course is not the OTR channel as long as the fingerprint is not verified… use a signed and trusted email for that).

If you have verified your counterpart’s key issue /otr fingerprint <JID> "NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN" (spaces are important!) to trust the key. This will be saved in ~/.mcabber/otr/<YourJID>.fpr automatically so no need to change your ~/.mcabber/mcabberrc for this.

Now you and OTR should be all set (up). Have fun and don’t overthrow too many poor governments! And Kathrin, thanks for your help .