to the weblog
back to the front page

gpg encryption hack for centericq

written in November, 2003

This is a small hack for encrypted and signed communication via Centericq using GnuPG. As it is realized as a so-called "external action" it is not required to rebuilt Centericq.

The hack works together with Centericq itself, Fire (a gpl'ed multi-protocol IM client for Mac OS X) and Miranda IM (a gpl'ed multi-protocol IM client for several versions of Windows) using the GnuPG-plugin (encryption only).

By the way, Centericq is a text mode menu- and window-driven IM interface that supports the ICQ2000, Yahoo!, AIM, IRC and Jabber protocols. It builds and works under Linux, FreeBSD, NetBSD, OpenBSD, Sun Solaris, Windows and MacOS X/Darwin.


documentation

. o O ( general notes )

gpg encryption hack for centericq
version 0.10, 20031116 - 20031118, 20031123, 20031128, 20040223
blame Max-Gerd Retzlaff 

'with bugs and security holes'-release

sketchily tested with centericq 4.9.8, and 4.9.9
this is ugly, grisly, grungy, morose, ...


. o O ( changelog )

new in v0.10:
Using $(basename ${CONTACT_INFODIR}) as UIN for the IM-UIN <->
GnuPG-Key mapping now, so that you can also encrypt messages to and
from Jabber-Accounts. ($CONCACT_UIN contains only "0" for Jabber
contacts. Perhaps this can be called a bug..)


. o O ( installation )

Just put the files 'external' and 'uin-gpg.map' into your centericq
base directory (~/.centericq normally). If you have friends that use
the Mac OS X client Fire you should compile the file
'fire-base64-decoder.c' (the base64-decoder I extracted from Fire's
source code) and put the resulting file 'fire-base64-decoder' into the
base directory, too.

Then you have to edit the mapping file. The format is described in the
beginning of the file. Replace the gpg key id (the 2nd col) of the
'default-key'-line by the id of your _signature key_. This is the key
whose line in the output of "gpg --list-keys" begins with "sub". Of
course you have to add mapping lines for your buddies (to use the evil
AOL term), too. Just read the comments in the beginning of the mapping
file; there are also example lines.

Well, I would recommend an extra gpg key without a passprase for
centericq as this hack cannot ask for it.. >:] (And make the key not
too large. A friend may have a slower computer..)


. o O ( What do those emoticons mean? )

Using the hack a message that was not accepted by gnupg (= not
encrypted or signed) is prefixed by the emoticon: ":-[". A message
that is accepted by gnupg is prefixed by an ":o)" followed by a space
the letters 's' and/or 'e' (for 'signed' and 'encrypted', respectively)
a second space and finally a pipe ("|"). (The pipe is important
because otherwise one could pretend a correct signature.) Of course
the 's' and 'e'-flags are only shown if the message is signed by the
key that is associated to the instant messenger UIN of the sender and
it is encrypted with the 'default-key' (that check in the hack is
superfluous, of course, because if a message is encrypted with the
wrong key, gnupg could not have decrypted it before..). As messages
encrypted by Fire require two gnupg runs it will look like ":o) e :o) s"
(signed and encrypted), ":o) e :-[" (encrypted only), etc.


. o O ( getting feedback of the encryption status for sent messages )

To show emoticons in the bottom-left corner of the x root window
to give a feedback whether the last message was encrypted or not
start centericq by something like:

  -- zipp --
#!/bin/bash
if [ "x$1" = "xx" ]; then
  echo -n > ~/.centericq/centericq_decrypt_sent-status
  tail -f ~/.centericq/centericq_decrypt_sent-status | \
          xrootconsole \
  	    -fn -jmk-Modd-Medium-R-SemiCondensed--13-120-75-75-C-60-ISO8859-1 \
            -fg gray60 -geometry 3x1+0-0 \
	    &
fi
echo "Hi!" >> ~/.centericq/centericq_decrypt_sent-status
exec centericq
  -- zapp --

(And don't forget to kill the processess afterwards.. (yes, ugly..))
To use beeps additionly/instead uncomment the three lines beginning
with 'beep'. A high beep (400 Hz) means 'not encrypted' and a low
beep (100 Hz) means 'encrypted'.

download the hack



Max-Gerd Retzlaff <m.retzlaff@gmx.net>, <mgr@bl0rg.net>, or <mgr@vantronix.net>
GnuPG- / OpenPGP-Information:
   Type bits/keyID    Date       User ID
   pub  1024/81239F12 2002/03/12 Max-Gerd Retzlaff <mgr@hannover.ccc.de>
             Key fingerprint =  49 CD 21 F2 41 AC 72 C5  D0 D1 27 DC C2 B2 48 AE  81 23 9F 12 
   uid                           Max-Gerd Retzlaff <m.retzlaff@gmx.net>
   sub  4096g/63E36E39 2002-03-12
   local copy of the key

Last modified: Sun Jun 13 05:45:44 CEST 2004