Encryption in CBIRC

Introduction

Any transferred data from or to an IRC server is handled by a connection between two sockets. Therefore any server between your computer and the IRC server you are connected to is able to read the IRC plain text messages. Usually this is no limitation, but if you want to exchange secret messages you will need an additional layer on top of the IRC protocol to encrypt and decrypt your data.

A first solution is to establish a SSL connection to the IRC server. Any data sent to this server is secure. But if other servers are part of the IRC network then it is not guaranteed that these connections also use SSL or another secure connection. To be sure, you should ask the administrator of the IRC server.

Using SSL, the server owner is still able to read all messages. If you want to send an encrypted message to a channel or an user you can activate the Blowfish encryption. Only persons who know the exact password phrase are able to decrypt your messages. Before you active the encryption you settle the password through another secure connection such as SSL DCC chat, encrypted emails or by phone.

Topics:

SSL
Blowfish

SSL Server Connection

CBIRC supports SSL connections to IRC servers. In the connect dialog you must activate the SSL option and connect to a IRC server which supports SSL (e.g. kaffee-net.de). After a successful connect the SSL status is shown in the encryption label of the main window. SSL is also supported for DCC transfers like DCC send or DCC chat.

Blowfish - Encrypted Messages

Messages you send to a channel or another IRC user are sent in plain text to the IRC server. To avoid that everyone is able to read your message you can activate the Blowfish encryption for channels, queries, private messages and DCC chats. The encrypted CBIRC messages are compatible to Mircryption which is available for other IRC clients.

CBIRC stores all your Blowfish keys in a settings file. A master key phrase is used to encrypt all names and keys. After you started CBIRC you will have to enter the master key phrase to unlock the stored keys. Without knowing the master key phrase any other CBIRC user on your computer cannot use or read your stored keys. If you are using the encryption for the first time then CBIRC asks for the master key phrase. Do not use a too short phrase! A longer sentence leads to a more secure encryption. 10-15 characters should be the minimum (the absolute minimum is 4 characters, 32 bits) and 56 characters (448 bits) is the maximum accepted length. In the CBIRC settings is an option to unlock all keys automatically without having to enter the key phrase each time. But this will allow any user sharing your computer to use your keys.

If you set a key for a channel, query or DCC chat then all transferred messages will be encrypted with the given key. All senders of encrypted messages are highlighted with [ ] marks. Use the ` sign as the first character of a message to send a normal message.

The following CBIRC commands control the encryption (in alphabetical order):

/decryptecho
/delkey
/disablekey
/displaykey
/emsg
/enablekey
/encryptecho
/enotice
/etext
/etopic
/keypassphrase
/keystats
/listkeys
/masterkey
/migratekey
/plain
/removekeys
/setkey
/setnamekey
/togglekey

Topics:

General Commands
Key Commands
Channel Commands
Message Commands
Tools

General Commands

Command	Syntax	Description
/keypassphrase /masterkey	[key]	Set or change the master password phrase used to encrypt the stored data. If no phrase is given a dialog box will be shown.
/listkeys		Lists all keys including the master key.
/removekeys		Removes all keys.

Key Commands

Command	Syntax	Description
/setkey	[key]	Set the key of the active channel, query or DCC chat. By default the less secure ECB mode will be used. To active the CBC mode use the cbc: prefix for the key e.g. cbc:key for CBC and key for ECB. CBIRC automatically detects the type of the key whereas Mircryption has some problems if you switch between ECB and CBC during a session. If no key is given a dialog box will be shown.
/setnamekey	#channel\|user	Equivalent to /setkey but with additional name parameter.
/delkey	[#channel\|user]	Remove a key from the current or given channel or user.
/displaykey	[#channel\|user]	Display the key from the current or given channel or user.
/disablekey	[#channel\|user]	Disable the key from the current or given channel or user.
/enablekey	[#channel\|user]	Enable the key from the current or given channel or user.
/togglekey	[#channel\|user]	Toggle a key from enabled to disabled or vice versa.

Channel Commands

Command	Syntax	Description
/etopic	[#channel] topic	Set an encrypted channel topic.
/keystats	[#channel]	Broadcast a message and show the answer of all channel users who support encrypted messages. Equivalent to the /mcmeow command of Mircryption.
/migratekey	#channel\|user	Copy the key phrase of the given channel or user to the active channel, query or DCC chat.

Message Commands

Command	Syntax	Description
/emsg	nick [text]	Tries to send an encrypted message to a user or a channel otherwise if no key is defined then a normal message is sent.
/enotice	nick [text]	Tries to send an encrypted notice to a user or a channel otherwise if no key is defined then a normal notice is sent.
/plain	[text]	Send a normal message. Equal to the ` prefix.
/etext	[text]	The message is only sent to the channel, user or DCC chat if an encryption key exists and the encryption was successful.

Tools

Command	Syntax	Description
/encryptecho	text	Tries to encrypt the given text and displays the encrypted or normal text. Nothing is transferred.
/decryptecho	text	Tries to decrypt the given text and displays the decrypted or encrypted text. Nothing is transferred.

CBIRC main page