To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

fish

From ZNC
Revision as of 17:58, 26 October 2014 by >Jpnurmi (Update 1.4 link - fixed a crash in DelStaleKeyExchanges())
Jump to navigation Jump to search

fish is a module developed by crox and porki. It adds the ability to encrypt all your outgoing messages with the blowfish block-cipher. This way you can do the decryption/encryption on the bouncer instead of your irc client. Currently it supports ECB mode, CBC may be added in the future.

Getting the Code

At the moment this module is only available in the crox SVN branch. You can directly download it here or here (mirror).

For 1.4 try this one.

NOT RECOMMENDED, fish.cpp edited to work on older openssl versions(shell host?) by using the SHA256 included with newer ZNC versions pastebin.

Usage

Security considerations

Before using this module you should consider the following:

  • If someone gets access to your bouncer box, he will obtain all your encryption keys, which can even be used to decrypt previously logged encrypted conversations. Make sure your bouncer box is secured by using firewalls, encrypted filesystems etc. Keep in mind that if you are using a Virtual Private Server (often called VServer), your hoster always has full access to your system via the hostsystem.
  • If your connection to the bouncer isn't encrypted with SSL, the whole thing is pointless, since the bouncer sends you clearly readable, unencrypted text. This gives the chance to an attacker to sniff your traffic and read conversations.
  • Keep in mind that by disregarding the security measures above, you also lower your chatting partners' security, not just your own!
  • Just turn off "prepend timestamps" Your client will decrypt it as usual after that. You can turn on "append timestamps" but mIRC fish doesn't support it,other clients do.

mIRC script menu for ZNC fish

on *:text:Target key is*:?:{
  if ($nick == *fish) && (%samkeyfish == 1) {
    set %samkeyfish 0
    .msg *fish setkey %fishput $gettok($1-,4,32)
    close -m $nick
  }
  if ($nick == *fish) && (%nickchange == 1) {
    set %nickchange 0
    .msg *fish setkey %nickchangenewnick $gettok($1-,4,32)
    close -m $nick
  }
  if ($nick == *fish) && (%fishshowkey == 1) {
    set %fishshowkey 0
    window -dCo +l @Blowcrypt-Key -1 -1 500 80
    aline @Blowcrypt-Key �Key for %fishcontact �:
    aline -p @Blowcrypt-Key $gettok($1-,4,32) 
    close -m $nick
  }
}

on *:text:Target not found*:?:{
  if ($nick == *fish) {
    set %fishshowkey 0
    echo $color(Mode text) -atm *** FiSH: No valid key for %fishcontact found
    close -m $nick
  }
}

on *:text:*:?:{
  if ($nick == *fish) && (%samkeyfish != 1) && (%fishshowkey != 1) && (%fishshowkey != 1) {
    echo $color(Mode text) -atm $1-
    close -m $nick
  }
}

on *:NICK:{
  if (($nick == $me) || ($upper($newnick) == $upper($nick))) { return }
  if (($query($newnick) == $null) || (%NickTrack != [On])) { return }
  .msg *fish showkey $nick
  set %nickchange 1
  set %nickchangenewnick $newnick
}

alias FiSH.setkey {
  if ($1 == /query) var %cur_contact = $active
  else var %cur_contact = $1
  if ($2- == $null) return

  .msg *fish setkey %cur_contact $2-
}

alias FiSH.usechankey {
  set %samkeyfish 1
  .msg *fish showkey $2
  set %fishput $1
}

alias FiSH.showkey {
  if ($1 == /query) var %cur_contact = $active
  else var %cur_contact = $1
  set %fishshowkey 1
  set %fishcontact %cur_contact
  .msg *fish showkey %cur_contact
}

alias FiSH.removekey {
  if ($1 == /query) var %cur_contact = $active
  else var %cur_contact = $1
  .msg *fish delkey %cur_contact
}

alias keyx { .msg *fish keyx $1 }

alias FiSH.DH1080_INIT {
  if ( ($1 == /query) || ($1 == $null) ) var %cur_contact = $active
  else var %cur_contact = $1
  .msg *fish keyx $1
}

menu channel {
  -
  FiSH
  .Show key :FiSH.showkey $chan
  .Set new key :FiSH.setkey $chan $?
  .Remove key :FiSH.removekey $chan
}

menu query {
  -
  FiSH
  .DH1080 keyXchange: FiSH.DH1080_INIT $1
  .-
  .Show key :FiSH.showkey $1
  .Set new key :FiSH.setkey $1 $?
  .Remove key :FiSH.removekey $1
}

menu nicklist {
  -
  FiSH
  .DH1080 keyXchange: FiSH.DH1080_INIT $1
  .-
  .Show key :FiSH.showkey $1
  .Set new key :FiSH.setkey $1 $?
  .Remove key :FiSH.removekey $1
  .Use same key as $chan :FiSH.usechankey $1 $chan
}

menu status,channel,nicklist,query {
  FiSH
  .-
  .NickTracker $+ $chr(32) $+ %NickTrack
  ...Enable :set %NickTrack [On]
  ...Disable :set %NickTrack [Off]
}

KVIrc script for ZNC fish

This script does a /msg keyx *fish $target everytime a query is opened on KVIrc

Go to the menu "Scripting" then "Edit Events" then right click on "OnQueryWindowCreated" and select "New Handler". Name it as you wish then add this code and click "Apply":

if(($context.networkname == "NETWORK1" || $context.networkname == "NETWORK2") && $str.left($target, 1) != "*")msg *fish keyx $target;

Notes:

  • Replace NETWORK# by the name of the network you want it to be done as a default
  • $str.left($target, 1) != "*" avoids using fish with znc specific users. Replace "*" by whatever status prefix you've set in your znc configuration.

ToDo

  • encrypted keydatabase (user password)

--80.152.196.214 11:04, 3 November 2008 (UTC)