[OTR-users] Decrypt manually and externally
Adam Zimmerman
adam_zimmerman at sfu.ca
Mon Mar 31 13:16:30 EDT 2008
On Mon, 2008-03-31 at 18:00 +0200, db wrote:
> On Mon, Mar 31, 2008 at 4:55 PM, Brian Morrison <bdm at fenrir.org.uk> wrote:
> >
> > db wrote:
> > > All my OTR conversations sent through my gmail account is stored
> > > online at gmail, in encrypted form. Is it possible to manually decrypt
> > > these messages?
> >
> > Unless there is access to the session key used in each case, no.
> >
> > Of course, that's the whole point of the OTR plugin, that with an
> > ephemeral key any decryption of the ciphertext stream is equally plausible.
>
> The keys doesn't change after verification, do they? Can I export the
> keys from Pidgin and then decrypt the messages? If this is not
> possible the whole purpose with storing your IM history online becomes
> pointless.
You're thinking of your long-lived keys. These aren't actually used to
encrypt conversations, just to sign the first (randomly-generated I
think) session encryption key to prove you are actually the one starting
the conversation. The idea is that after a conversation, nobody can
decrypt the original text with any certainty, and nobody can verify
(cryptographically, at least) that you said a certain thing. Your
conversation is "off the record."
>
> Besides, I would like to have the same key on several machines (a mix
> of Adium and Pidgin), can I export/import them somehow?
The keys are stored in the file otr.private_key in your pidgin directory
(~/.purple/ on *nix, not sure what it is on Windows). You can just copy
that file between computers. That will give you the same fingerprint on
multiple computers.
--
Adam Zimmerman <adam_zimmerman at sfu.ca>
CREATIVITY - http://mirrors.creativecommons.org/movingimages/Building_on_the_Past.mpg
ALWAYS - http://www.musiccreators.ca/
BUILDS - http://www.ubuntu.com/
ON THE PAST - http://www.theopencd.org/
--
Beware of Bigfoot!
More information about the OTR-users
mailing list