My written one-to-one communication patterns can be grouped into three major categories: longform, synchronous shortform, and asynchronous shortform. For the most part I use email, IMs, and SMS, respectively, for those purposes.
Each of those technologies has its own end-to-end encryption protocol.1 Email has the venerable OpenPGP protocol and the GnuPG suite of programs; IM has OTR for Off-the-Record Messaging on Pidgin and Adium on the desktop, andGibberbot and ChatSecure on mobile; and SMS has TextSecure, a free software Android SMS application that does encryption locally and over the wire.
My TextSecure fingreprint, as a QR code generated by the application.
There’s a small but growing cadre of my friends with whom I’ve exchanged keys on all three protocols.2 They’re the crypto triple threats. I want to build that list out further: if I’m having an end-to-end conversation with you, I’d like it to be encrypted end-to-end.
Some of these keys are harder than others to exchange. Email encryption is notoriously difficult to get right, while OTR is much simpler to start working with. TextSecure is a great example of the rare good QR code use case.
These are communication tools, so they’re especially affected by Metcalfe’s Law. That makes it even more important to get people to join the triple threat club. It also means that for each of these protocols, there are lots of people who want to help you figure it out. I’m one of those people. Let’s talk!
2 Comments
Just a side note, Gibberbot also supports QR code key verification. It is under the verify/profile menu option from any chat, and then from there another menu option for displaying or scanning QR codes. Yes, we know that is hidden, but are working on a UI overhaul.
We have actually did research into all of the ways OTR keys are stored (see that here: https://guardianproject.info/2012/02/23/how-many-ways-to-store-5-numbers/) and then created an OTR key converter utility that can move your OTR private key and verified public keys from Pidgin or Adium over to Gibberbot. It is very alpha, but expect more in the coming months: https://github.com/guardianproject/otrfileconverter
Hi Nathan, thank you for commenting. I didn’t realize you could do the QR code verification on Gibberbot.
I did know though that you guys have done the research on OTR key formats. As far as I know, you’re the only ones who have. It came in handy a few months back when I was moving my key from an Adium install to Pidgin. See: http://parkerhiggins.net/2012/01/howto-transfer-otr-private-keys-between-adium-and-pidgin/