- Joined
- Nov 26, 2020
- Messages
- 716
Hello, I would like to tell you about PGP message encryption and how to make Jabber more anonymous. I will try to remove all the water from the article and explain it as clearly as possible. Go!
The main thing in PGP
PGP (English Pretty Good Privacy) is a computer program, also a library of functions that allows you to perform encryption and digital signature of messages, files and other information presented in electronic form, including transparent data encryption on storage devices, for example, on your hard drive.
I think everything is clear. We encrypt, we sign and everything is fine, no one knows what is inside. But for it to work properly, it is important to understand how the keys work.
In any program that works with PGP, you need to create a key pair. As a rule, when creating keys, you must enter your email (you can enter icq, jabber, VK profile, etc.). You also set the length of the key, the date when it expires and the comment, but in each program it is different, basically everyone has approximately the same generation of keys.
After generation, you will receive a pair of keys:
1. The first key is public (it has a signature in the form of email or whatever you specified. Has a comment), you distribute it and your messages will be encrypted using this key. Only you and no one else can decipher this message.
2. Second keyis closed and stored only by you, it is important to keep it safe, since its theft will allow decryption of all messages addressed to you. To decrypt, you will need to enter your password that you used when generating.
Example... A and B decided to talk about security. A starts a dialogue and discards its public key B. B writes a message in the PGP program and encrypts it with the public key A, and then transmits the message in the form of a PGP cipher, for example, via jabber. A receives the encrypted message and decrypts it with its private key. A having read that the big brother is watching everyone asks B for his public key, B graciously gives him. And using the public key B encrypts the message to him and also drops it through jabber. B received a message from A and decrypts messages that have an incomprehensible set of characters, letters and numbers with his private key.
For key generation, signing, encryption and decryption, I recommend the gpg4usb program https://www.gpg4usb.org .
Chat anonymously in Jabber
Jabberthis is a convenient way to communicate through the XMPP protocol, but just putting the client on Windows or Linux and talking about how you sold a camera on Ebay for $ 1k is not reasonable. This must be done anonymously.
OpenVPN : Used in this example to hide Tor from the ISP.
Tor : A beast for anonymity, under the hood 3 IPs and strong encryption, the possibilities are endless.
OpenVPN + Tor : for those who are not ready to buy VDS for raising their OpenVPN server.
OpenVPN is used for traffic encryption and anonymity, but anonymity is not complete as you have to trust the host where the VPN server is located. As a rule, paid / free VPNs leak your logs upon request, and if they say that they do not keep logs, it is not a fact that this is so. Therefore, I would still recommend raising your own VPN.
For a start, it is better to use www.vpngate.net and, if possible, Korean OpenVPN, but it is important to remember that they issue data to the authorities upon request (I wrote to them on behalf of the police, they did not give the logs, but they may be busy). Their speed is acceptable, the servers live for weeks, some for a couple of hours. It is important to specify OpenDNS in the settings of your network, in the routerserver, this is done so that there are no DNS leaks. In order to avoid DNS leaks, you must also configure the Firefox browser and encrypt all requests to the DNS server (using DNSCrypt ).
Connecting Jabber to Tor
To create a VPN + Tor chain, you need to make sure that the jabber client has a Tor proxy, this can be done in the client settings somewhere in the proxy or security settings. If you are using Linux, then install the Tor packages and run the daemon and you will have port 9050 open on 127.0.0.1, connect to it as socks5 and you will direct all your traffic through the Tor loopback that will go through OpenVPN.
Chain comes out: VPN + Tor (jabber + PGP (message))- I think it is clear that in order to understand what is inside you will have to sweat.
Also, if you are familiar with Linux, there is a software for creating chains / tunnels called Proxychain . There is an analogue for Windows.
Proxychain allows you to wrap applications in a tunnel, for example, you connected a VPN and wrap tor + socks through Proxychain and get vpn + tor + socks. all that remains is to configure Firefox, firewall, dns and you are anonymous.
I would like to say the following about anonymity in general, there is no limit, there are many options. If you want complete anonymity and strong security, then use Tails https://tails.boum.org . This is debian focused on anonymity and all traffic there is only through Tor.
OTR
Off-the-Record Messaging (OTR)Is a cryptographic protocol for instant messaging systems, created in 2004 by Nikita Borisov and Ian Goldberg.
The authors have created a library distributed under the GNU Lesser GPL license, used to support OTR clients of instant messaging systems. Also, based on this library, the authors have created a plugin for Pidgin. EFF recommends using OTR to protect against eavesdropping
As described above, there is a plugin for encryption and also inside this protocol you can use pgp.
Chain comes out: VPN + Tor (Jabber + [OTR + PGP (message)])
The basis is mistrust of all intermediaries on the network, if you use Windows or iOS then keep in mind that almost any software in these OS sends reports. For example, Avast collects huge statistics about your software and they will know that you have a torus and, perhaps, if they are looking for you, Avast will give them a report about you, because it knows your true IP for a simple reason, it is in your system and monitors your axis. In any case, I hope you find this information useful and will continue to take your security more seriously when using PGP.
The main thing in PGP
PGP (English Pretty Good Privacy) is a computer program, also a library of functions that allows you to perform encryption and digital signature of messages, files and other information presented in electronic form, including transparent data encryption on storage devices, for example, on your hard drive.
I think everything is clear. We encrypt, we sign and everything is fine, no one knows what is inside. But for it to work properly, it is important to understand how the keys work.
In any program that works with PGP, you need to create a key pair. As a rule, when creating keys, you must enter your email (you can enter icq, jabber, VK profile, etc.). You also set the length of the key, the date when it expires and the comment, but in each program it is different, basically everyone has approximately the same generation of keys.
After generation, you will receive a pair of keys:
1. The first key is public (it has a signature in the form of email or whatever you specified. Has a comment), you distribute it and your messages will be encrypted using this key. Only you and no one else can decipher this message.
2. Second keyis closed and stored only by you, it is important to keep it safe, since its theft will allow decryption of all messages addressed to you. To decrypt, you will need to enter your password that you used when generating.
Example... A and B decided to talk about security. A starts a dialogue and discards its public key B. B writes a message in the PGP program and encrypts it with the public key A, and then transmits the message in the form of a PGP cipher, for example, via jabber. A receives the encrypted message and decrypts it with its private key. A having read that the big brother is watching everyone asks B for his public key, B graciously gives him. And using the public key B encrypts the message to him and also drops it through jabber. B received a message from A and decrypts messages that have an incomprehensible set of characters, letters and numbers with his private key.
For key generation, signing, encryption and decryption, I recommend the gpg4usb program https://www.gpg4usb.org .
Chat anonymously in Jabber
Jabberthis is a convenient way to communicate through the XMPP protocol, but just putting the client on Windows or Linux and talking about how you sold a camera on Ebay for $ 1k is not reasonable. This must be done anonymously.
OpenVPN : Used in this example to hide Tor from the ISP.
Tor : A beast for anonymity, under the hood 3 IPs and strong encryption, the possibilities are endless.
OpenVPN + Tor : for those who are not ready to buy VDS for raising their OpenVPN server.
OpenVPN is used for traffic encryption and anonymity, but anonymity is not complete as you have to trust the host where the VPN server is located. As a rule, paid / free VPNs leak your logs upon request, and if they say that they do not keep logs, it is not a fact that this is so. Therefore, I would still recommend raising your own VPN.
For a start, it is better to use www.vpngate.net and, if possible, Korean OpenVPN, but it is important to remember that they issue data to the authorities upon request (I wrote to them on behalf of the police, they did not give the logs, but they may be busy). Their speed is acceptable, the servers live for weeks, some for a couple of hours. It is important to specify OpenDNS in the settings of your network, in the routerserver, this is done so that there are no DNS leaks. In order to avoid DNS leaks, you must also configure the Firefox browser and encrypt all requests to the DNS server (using DNSCrypt ).
Connecting Jabber to Tor
To create a VPN + Tor chain, you need to make sure that the jabber client has a Tor proxy, this can be done in the client settings somewhere in the proxy or security settings. If you are using Linux, then install the Tor packages and run the daemon and you will have port 9050 open on 127.0.0.1, connect to it as socks5 and you will direct all your traffic through the Tor loopback that will go through OpenVPN.
Chain comes out: VPN + Tor (jabber + PGP (message))- I think it is clear that in order to understand what is inside you will have to sweat.
Also, if you are familiar with Linux, there is a software for creating chains / tunnels called Proxychain . There is an analogue for Windows.
Proxychain allows you to wrap applications in a tunnel, for example, you connected a VPN and wrap tor + socks through Proxychain and get vpn + tor + socks. all that remains is to configure Firefox, firewall, dns and you are anonymous.
I would like to say the following about anonymity in general, there is no limit, there are many options. If you want complete anonymity and strong security, then use Tails https://tails.boum.org . This is debian focused on anonymity and all traffic there is only through Tor.
OTR
Off-the-Record Messaging (OTR)Is a cryptographic protocol for instant messaging systems, created in 2004 by Nikita Borisov and Ian Goldberg.
The authors have created a library distributed under the GNU Lesser GPL license, used to support OTR clients of instant messaging systems. Also, based on this library, the authors have created a plugin for Pidgin. EFF recommends using OTR to protect against eavesdropping
As described above, there is a plugin for encryption and also inside this protocol you can use pgp.
Chain comes out: VPN + Tor (Jabber + [OTR + PGP (message)])
The basis is mistrust of all intermediaries on the network, if you use Windows or iOS then keep in mind that almost any software in these OS sends reports. For example, Avast collects huge statistics about your software and they will know that you have a torus and, perhaps, if they are looking for you, Avast will give them a report about you, because it knows your true IP for a simple reason, it is in your system and monitors your axis. In any case, I hope you find this information useful and will continue to take your security more seriously when using PGP.