|| Home || IT Security || Smart cards || Resources || Links || switch_to_cz

Miranda IM + GnuPG (instant message encryption)


GnuPG: http://www.gnupg.org/download/index.html
Miranda IM: http://www.miranda-im.org/download/
GnuPG Plugin http://addons.miranda-im.org/details.php?action=viewfile&id=216

Prepare GnuPG

  1. Generate your new key pair and export:
    • gpg --gen-key
    • gpg --export my_key_name --armor > my_public_key.asc
    See detailed step by step here: http://www.madboa.com/geek/gpg-quickstart/
    It is wise to generate new key (with different password) even when you already have one for mail security - disclose of the Miranda GPG key wil not hamper your (probably more important) signature key.

  2. Sign public keys of selected friends:
    • gpg --list-public-keys
    • gpg --sign-key keyID

Prepare Miranda IM

  1. Copy gnupg.dll into Miranda IM\Plugins directory

  2. Start Miranda, go to Settings->Options->Plugins->GnuPG
    • set Executable: to gpg.exe path
    • set Home Directory to path, where your keyrings are stored. Do NOT put '\' at end otherwise Miranda will hang up (in that case kill gpg.exe process)
    • both paths can be found in registry in [HKEY_LOCAL_MACHINE\Software\GNU\GNUPG]
    • click Refresh for Your Key and select your private key
    • for each friend, set Contact Key

  3. Start chat with friend, set 'Use GnuPG encryption' in chat menu.
    • if sending fail, then check if friend's public key is signed by your key.
    • test that messages are really encrypted by temporarily turning off 'Use GnuPG encryption' for one peer and send encrypted message by second one.

  4. Change tag for highlighting encrypted message to yourt own personalized "unpredictable" string:
    (Settings->Options->Plugins->GnuPG Advanced->Start Tag). Otherwise, you can be tricked that communication is encrypt when actualy is not (attacker may insert 'tag' into his own message).

OpenPGP key : 0x89CEB31C