Thursday, July 15, 2010

FiSH

Sparks talked me into installing FiSH encryption plugin for IRC. It looks interesting.  Following notes are for source code install of the AMD 64 version of the plugin for XChat. In the examples below, one end is running on Fedora 13, the other on OpenSuse 11.2.

Steps for install:

1) Go to the FiSH home page.  Click on "FiSH" at the top.

2) Download the source code into a working directory.  Warning! Unzipping the  file will not create a sub-folder so be sure to use a working folder!

3) Download "blow.ini" and save it in ~/.xchat

4) As root, cd into your working directory and unzip the zip file that you downloaded.

5) Create a folder called MIRACL and cd into it via:



mkdir MIRACL
cd MIRACL


6) While still in MIRACL, download and install the Multiprecision Integer and Rational Arithmetic C/C++ Library, via:



wget http://indigo.ie/~mscott/miracl.zip
unzip -j -aa -L miracl.zip


Note: MIRACL's author has declared the library as shareware, stating that it's free for non-commercial use.  Commercial use requires a license (see the README for more info). This is why you won't see FiSH in distros like Fedora or CentOS.

7) Run the included bash script to build miracl.a.  In my case, it was:



bash amd64

8 ) Copy the resulting miracl.a into the next higher folder and move into same, via:



cp miracl.a ..
cd ..


9) Compile the plugin by running:



make amd64

10) Copy the resulting plugin (xfish.so) into XChat's plugin folder via:



cp xfish.so /usr/lib64/xchat/plugins/

That's it for the code install. Using FiSH is simple, if you keep in mind that you shouldn't share keys anywhere except private chat.

Steps for Usage

1) Fire up XChat and go find a friend who's also installed FiSH. (in this example: Sparks)

2) Do a key exchange with your friend (can be open chat)

/keyx Sparks

This causes a Diffie-Helman key exchange so that you can privately chat

3) Open a private chat with your friend by using the /msg+ command

/msg+ Sparks ready to generate a key?

4) Inside private chat, you'll notice that user names are inside brackets, similar to the open chat example below. You or your friend should generate a key. Ways of doing this include (but aren't limited to): manually, the Gnome Password Generator, or Steve Gibson's Ultra High Security Password Generator.

5) Share this password via secure private chat.

6) All participants should run setkey to set the key for group chat. It should look something like:

/setkey y0uR#_pRevi0U51y&Gener4t3d_paSSphra5e

7) Enable "encrypt" and "decrypt" (they are two separate commands).

/encode on
/decode on

After that, your discussion should be encrypted (it should like like gibberish to anyone not having the key). Following is a screenshot showing Sparks and I having an encrypted conversation (note the brackets around the usernames).

As always, if I've made hideous errors, leave me a comment and I'll make corrections. I'll convert this to wiki notes shortly.