October 1, 2004

Gaim-Encryption: Simple encryption for instant messages

Author: Serge Wroclawski

Instant messaging is everywhere nowadays, but people who use it may be surprised to know how trivial it is to listen in on their private conversations. Snoopers can use tools like tcpdump and aimsniff to tap into the contents of the messages. But with a little free software, IMers can be secure in the knowledge their conversations are, well, secure.

Gaim is the most popular free instant messaging platform. Available for most Unix operating systems, Mac OS X, and Microsoft Windows, Gaim can connect to most IM networks, including AIM, Yahoo, MSN, and Jabber.

Gaim-Encryption is a Gaim plug-in that enables secure conversations over existing IM networks, and, like Gaim itself, Gaim-Encryption is available for most platforms. GNU/Linux users have a number of options, including non-official Debian sources, an RPM, or a tarball. Windows users can download the executable and install it normally.

After installation, you must activate Gaim-Encryption. Run Gaim, go to Tools->Preferences, Plug-ins, and enable the Gaim-Encryption plug-in by checking its button. Restart Gaim, and Gaim-Encryption will now generate a private key for each of your accounts.

Using Gaim-Encryption

Gaim-Encryption uses a public/private key mechanism similar to the one that PGP uses. When you first run Gaim-Encryption, it generates a set of keys -- essentially secret codes that others can use to communicate with you. By default, the settings for automatically finding out if another Gaim user has Gaim-Encryption is enabled, so when you first IM a person who uses Gaim-Encryption, the public keys are exchanged. From then on, the conversation between the two parties is encrypted during transport; though a snooper could see you're IMing, the message contents will be encrypted.

To ensure that the keys have been generated, go to Tools->Preferences, then Plugins->Gaim-Encryption. There you should see something that looks like this. On the left you should see your accounts, and on the right, your key fingerprints.

You know your conversation is encrypted by looking at the conversation window. You should see a lock icon. If the lock is locked and red, your messages are encrypted.

Every time you IM someone the first IM will be in clear text. Alternatively, you can tell Gaim-Encryption to always encrypt to a given user by selecting his name from your Buddy List and right-clicking on the preference saying "Turn auto-encrypt on."

Gaim-Encryption is an easy way to have secure online conversations with minimal effort, using existing IM protocols.

Serge Wroclawski has been a GNU/Linux user and free software advocate since 1997. He has more than five years experience doing system administration on both the small and enterprise levels. He currently works as an independent contractor in the Washington, D.C., area.


  • Security