Profanity has another cool feature that sets it apart from the native chat, Google Chat, namely Off-the-Record Messaging (OTR). This encryption protocol allows you to send secret messages to your friends that even Google itself wouldn't be able to decipher.
OTR support and plugins are available for many instant messaging applications, so it is by no means a requirement for your friends to run Profanity on a Raspberry Pi. Take a look at http://en.wikipedia.org/wiki/Off-the-Record_Messaging for a partial list of client software. The following are the steps to send secret messages:
Connect to your chat service of choice, then type the following command (this may take a good few minutes to run):
> /otr gen
> /otr start "Your Friend"
If your friend's client supports OTR, it should automatically detect that you want to establish a secure channel and enable encryption.
You should now see that the encryption indicator in the blue top bar next to your friend's name has changed from [unencrypted] to [OTR] [untrusted].
Your conversation is now encrypted until either you or your friend ends the OTR session with the /otr end
command.
There are three methods available in Profanity to help you verify that your friend is really who you think they are:
Fingerprint verification: This is the classic method that all OTR-capable clients should support. An OTR fingerprint is like an identification string that is unique to your private key.
Type the following command to view your OTR fingerprint:
> /otr myfp
Now your friend does the same on their end. Then you two need to find a way to communicate each other's fingerprints outside of the chat. You could scribble them down and meet up for coffee, or, if you're not quite as paranoid, call up your friend and exchange the last four characters of your fingerprints.
To see if your friend's fingerprint checks out, type the following command while in the OTR chat window:
> /otr theirfp
If it matches what your friend told you, you would use the following command to flag your friend as trusted:
> /otr trust
You should now see that the encryption indicator on the blue top bar next to your friend's name has changed from [untrusted] to [trusted].
Question and answer: This method allows you to verify the identity of your friend by asking a question and receiving the expected answer. For example:
> /otr question "Which berry is essential
to me?" raspberry
Your friend will be presented with the question in quotes. If your friend issues the following command:
> /otr answer raspberry
You should see that the encryption indicator on the blue top bar next to your friend's name has changed from [untrusted] to [trusted].
Shared secret: This method allows you to verify the identity of your friend with a password that you two have agreed upon outside of chat. For example:
> /otr secret squirrel
Your friend will be prompted to provide a secret using the same command, and if it matches you should see that the encryption indicator on the blue top bar next to your friend's name has changed from [untrusted] to [trusted].
/otr policy always "Your Friend"
3.144.19.243