To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Fish: Difference between revisions

From ZNC
Jump to navigation Jump to search
Russell (talk | contribs)
m →‎KVIrc script for ZNC fish: This script does a '/msg *fish keyx $target' rather than how it was shown initially.
Fredv2 (talk | contribs)
new fish
 
Line 2: Line 2:
{{External Module}}
{{External Module}}


'''fish''' is a module developed by crox and porki. It adds the ability to encrypt all your outgoing messages with the blowfish block-cipher. This way you can do the decryption/encryption on the bouncer instead of your irc client. Currently it supports ECB mode, CBC may be added in the future.
'''fish''' is a module that adds the ability to encrypt all your outgoing messages with the blowfish block-cipher. This way you can do the decryption/encryption on the bouncer instead of your irc client - it supports '''ECB''' and '''CBC''' mode.


== Getting the Code ==
== Usage ==
At the moment this module is only available in the crox [[SVN]] branch (direct links to SVN are 404 as of 13 Oct 2017).


For 1.6 (and/or OpenSSL >= 1.1) try [https://gist.github.com/v4lli/ee4edd99128e7cb518ebad548cab7a41 this one].
{{Module arguments
| count = no
}}


For 1.4 (and/or OpenSSL <1.1), try [http://pastebin.com/K8zvJ89v this one].
== Commands ==
Output of '''/msg *fish help''':
<pre>
+------------+----------------+-------------------------------------------------------------------------------------+
| Command    | Arguments      | Description                                                                        |
+------------+----------------+-------------------------------------------------------------------------------------+
| SetKey    | <target> <key> | Sets <target>'s FiSH encryption key                                                |
| DelKey    | <target>      | Removes <target>'s FiSH encryption key                                              |
| ShowKey    | <target>      | Show the encryption key of <target>, if it has one set                              |
| ListKeys  |                | Print out all of our keys                                                          |
| SetConfig  | <name> <value> | Set config option <name> to <value>. Set option to empty if no <value> is specified |
| ListConfig |                | Print out all of our config options                                                |
| KeyX      | <target>      | Start a key exchange with <target>                                                  |
| Help      |                | Display this message                                                                |
| Version    |                | Show the version of this module                                                    |
+------------+----------------+-------------------------------------------------------------------------------------+
</pre>


NOT RECOMMENDED, fish.cpp edited to work on older openssl versions(shell host?) by using the SHA256 included with newer ZNC versions [http://slexy.org/raw/s2poFq0BaF pastebin].
== Download ==
'''ZarTek-Creole Github''' : [https://raw.githubusercontent.com/ZarTek-Creole/znc-fish/master/fish.cpp fish.cpp]


== Usage ==
Build with <code>znc-buildmod fish.cpp </code>


=== Security considerations ===
=== Security considerations ===
Line 160: Line 178:


* encrypted keydatabase (user password)
* encrypted keydatabase (user password)
--[[Special:Contributions/80.152.196.214|80.152.196.214]] 11:04, 3 November 2008 (UTC)

Latest revision as of 05:55, 23 June 2023

fish is a module that adds the ability to encrypt all your outgoing messages with the blowfish block-cipher. This way you can do the decryption/encryption on the bouncer instead of your irc client - it supports ECB and CBC mode.

Usage

Arguments

This user module takes no arguments.

Read loading modules to learn more about loading modules.

Commands

Output of /msg *fish help:

+------------+----------------+-------------------------------------------------------------------------------------+
| Command    | Arguments      | Description                                                                         |
+------------+----------------+-------------------------------------------------------------------------------------+
| SetKey     | <target> <key> | Sets <target>'s FiSH encryption key                                                 |
| DelKey     | <target>       | Removes <target>'s FiSH encryption key                                              |
| ShowKey    | <target>       | Show the encryption key of <target>, if it has one set                              |
| ListKeys   |                | Print out all of our keys                                                           |
| SetConfig  | <name> <value> | Set config option <name> to <value>. Set option to empty if no <value> is specified |
| ListConfig |                | Print out all of our config options                                                 |
| KeyX       | <target>       | Start a key exchange with <target>                                                  |
| Help       |                | Display this message                                                                |
| Version    |                | Show the version of this module                                                     |
+------------+----------------+-------------------------------------------------------------------------------------+

Download

ZarTek-Creole Github : fish.cpp

Build with znc-buildmod fish.cpp

Security considerations

Before using this module you should consider the following:

  • If someone gets access to your bouncer box, he will obtain all your encryption keys, which can even be used to decrypt previously logged encrypted conversations. Make sure your bouncer box is secured by using firewalls, encrypted filesystems etc. Keep in mind that if you are using a Virtual Private Server (often called VServer), your hoster always has full access to your system via the hostsystem.
  • If your connection to the bouncer isn't encrypted with SSL, the whole thing is pointless, since the bouncer sends you clearly readable, unencrypted text. This gives the chance to an attacker to sniff your traffic and read conversations.
  • Keep in mind that by disregarding the security measures above, you also lower your chatting partners' security, not just your own!
  • Just turn off "prepend timestamps" Your client will decrypt it as usual after that. You can turn on "append timestamps" but mIRC fish doesn't support it,other clients do.

mIRC script menu for ZNC fish

on *:text:Target key is*:?:{
  if ($nick == *fish) && (%samkeyfish == 1) {
    set %samkeyfish 0
    .msg *fish setkey %fishput $gettok($1-,4,32)
    close -m $nick
  }
  if ($nick == *fish) && (%nickchange == 1) {
    set %nickchange 0
    .msg *fish setkey %nickchangenewnick $gettok($1-,4,32)
    close -m $nick
  }
  if ($nick == *fish) && (%fishshowkey == 1) {
    set %fishshowkey 0
    window -dCo +l @Blowcrypt-Key -1 -1 500 80
    aline @Blowcrypt-Key �Key for %fishcontact �:
    aline -p @Blowcrypt-Key $gettok($1-,4,32) 
    close -m $nick
  }
}

on *:text:Target not found*:?:{
  if ($nick == *fish) {
    set %fishshowkey 0
    echo $color(Mode text) -atm *** FiSH: No valid key for %fishcontact found
    close -m $nick
  }
}

on *:text:*:?:{
  if ($nick == *fish) && (%samkeyfish != 1) && (%fishshowkey != 1) && (%fishshowkey != 1) {
    echo $color(Mode text) -atm $1-
    close -m $nick
  }
}

on *:NICK:{
  if (($nick == $me) || ($upper($newnick) == $upper($nick))) { return }
  if (($query($newnick) == $null) || (%NickTrack != [On])) { return }
  .msg *fish showkey $nick
  set %nickchange 1
  set %nickchangenewnick $newnick
}

alias FiSH.setkey {
  if ($1 == /query) var %cur_contact = $active
  else var %cur_contact = $1
  if ($2- == $null) return

  .msg *fish setkey %cur_contact $2-
}

alias FiSH.usechankey {
  set %samkeyfish 1
  .msg *fish showkey $2
  set %fishput $1
}

alias FiSH.showkey {
  if ($1 == /query) var %cur_contact = $active
  else var %cur_contact = $1
  set %fishshowkey 1
  set %fishcontact %cur_contact
  .msg *fish showkey %cur_contact
}

alias FiSH.removekey {
  if ($1 == /query) var %cur_contact = $active
  else var %cur_contact = $1
  .msg *fish delkey %cur_contact
}

alias keyx { .msg *fish keyx $1 }

alias FiSH.DH1080_INIT {
  if ( ($1 == /query) || ($1 == $null) ) var %cur_contact = $active
  else var %cur_contact = $1
  .msg *fish keyx $1
}

menu channel {
  -
  FiSH
  .Show key :FiSH.showkey $chan
  .Set new key :FiSH.setkey $chan $?
  .Remove key :FiSH.removekey $chan
}

menu query {
  -
  FiSH
  .DH1080 keyXchange: FiSH.DH1080_INIT $1
  .-
  .Show key :FiSH.showkey $1
  .Set new key :FiSH.setkey $1 $?
  .Remove key :FiSH.removekey $1
}

menu nicklist {
  -
  FiSH
  .DH1080 keyXchange: FiSH.DH1080_INIT $1
  .-
  .Show key :FiSH.showkey $1
  .Set new key :FiSH.setkey $1 $?
  .Remove key :FiSH.removekey $1
  .Use same key as $chan :FiSH.usechankey $1 $chan
}

menu status,channel,nicklist,query {
  FiSH
  .-
  .NickTracker $+ $chr(32) $+ %NickTrack
  ...Enable :set %NickTrack [On]
  ...Disable :set %NickTrack [Off]
}

KVIrc script for ZNC fish

This script does a /msg *fish keyx $target everytime a query is opened on KVIrc

Go to the menu "Scripting" then "Edit Events" then right click on "OnQueryWindowCreated" and select "New Handler". Name it as you wish then add this code and click "Apply":

if(($context.networkname == "NETWORK1" || $context.networkname == "NETWORK2") && $str.left($target, 1) != "*")msg *fish keyx $target;

Notes:

  • Replace NETWORK# by the name of the network you want it to be done as a default
  • $str.left($target, 1) != "*" avoids using fish with znc specific users. Replace "*" by whatever status prefix you've set in your znc configuration.

ToDo

  • encrypted keydatabase (user password)