Portable Pidgin with encryption

Published
by
admin
on April 18, 2008
in motionthings
. Tags: , , , , .

Pidgin is an IM (Instant Messenger) aplication that supports many protocols. I will show you how to set it up with encryption so you can communicate securely with anyone else that follows these instructions. I’m going to use the “portable” version of pidgin. A “portable ” application can be used directly without any installation. This means that you can carry it around on a USB-stick if you want to. And use it on any windows PC you come across without making any changes to the computer you are using it on.

First you need to download Pidgin Portable, you will find it here. It’s the big red button! After the download is finished press the back button, because you also need the Pidgin-OTR-plugin. You find this a bit down the page, under features. Next we need to unpack the applications. Start with Pidgin.

On the first screen just click next:

On the next screen just click next:

On the third dialog, you have to choose where to unpack Pidgin.

This can be directly on your desktop, or on a USB-stick.

In the picture above the unpacker has found a USB-stick attached to my computer, and selects it as default. If you don’t have a USB-stick, just choose your desktop.

Next we unpack the Pidgin-OTR-plugin. Just click next.

Then we have to choose the placement. This has to be the same folder as you unpacked Pidgin to. It should be named PidginPortable:

In my case it found the USB-stick that’s attached to my computer. But in your case it might be the PidginPortable folder on your desktop.

That’s it. You now have installed PidginPortable with the OTR-encryption plugin. Next we have to start up and configure the application.

Configuration

In this configuration example I will use my gmail account (You can get a free gmail account here). But you can use any of the supported IM protocols that Pidgin can use. For instance your MSN account (windows live messenger), or MySpace IM account.

The first time we start Pidgin we are presented with this dialog:

When you click the “Add” button, this dialog shows up. Choose “Google Talk” in the protocol list:

To fill out this dialog do this:

  1. If your email address is john.doe@gmail.com, your “screen name” will be john.doe
  2. You don’t have to change the domain.
  3. Forget about the “Resource” (Google has a feature that lets you be logged on at different places at the same time. So you can have one “Resource” thats called “Work” and another thats called “Home”. If anything, you should name it “Portable”).
  4. Password is your gmail password.
  5. Put you name In the “Local alias”.
  6. If you want Pidgin to remember your password, put a checkmark in the box.
  7. If you want Pidgin to check your email, (you guessed it).
  8. “Buddy Icon” A small picture that will show up next to your name in the “Budy List”.

Klick “Save”. Your Done!

Close the “Accounts” window.

Now we have to configure the OTR-plugin. In your “Buddy List” go to “Tools” –> “Plugins”

A bit down the list you find “Off-the-Record Messaging” Tick the checkbox.

Then click the “Configure Plugin” button.

In this dialog choose your account (you need one key pr. account) Then press the “Generate” button.

The key generation can take several minutes, when it’s done you’ll see that you have gotten a “fingerprint” for your chosen account. Close all windows except the “Buddy List” (and perhaps this window:-).

In the “Buddy List” click the “Buddy”-menu –> “Add Buddy”

As you can see the “screen name” is the email address of the person you want to add.

And the “Alias” is what you want to see in the “Buddy List”

When you double click a contact in the “Buddy List” this window comes up. Click the OTR button in the lower right corner. Then you see the “Attempting tos start a private…”

You are now communicating securely with the person on the other end. But you should verify/authenticate the encryption key from the other party. To do this right-click the OTR-button in the lower right corner and choose “Authenticate buddy”.

In this dialog you enter a word or a phrase (sentence) that only you and the other person knows about. This word can be delivered by encrypted email or over the phone.

The same dialog shows up at the friend you are authenticating with.

When you both have entered the same secret, this window shows up. You have now successfully authenticated with the party on the other end.

This can be verified if you look at the icon in the lower right corner. The icon should be yellow and the text should say private.

Thats it. You are now communicating securely with the person at the other end. The only way someone could “wiretap” or intercept this communication is with a keylogger or other malware/virus/trojan installed on any of the machines you are using. It cannot be intercepted in traffic, because the encryption is happening on the machine you are using before it is sent over the internet/network.

If you had the patience to read this entire tutorial, congratulations!

Thank you for reading this howto. Next I’ll write about encrypted email.

0 Response to “Portable Pidgin with encryption”

Feed for this Entry Trackback Address
  • No Comments

Leave a Reply