HOWTO: Transfer OTR private keys between Adium and Pidgin

I recently re-installed Ubuntu on my home computer, and wanted to move my office Mac’s Adium OTR key and collected fingerprints over to the new install. I had some trouble, but got it eventually, so I wanted to document the process.

The first step is to make sure you’ve got Pidgin and Pidgin-OTR installed on one computer, and Adium on another.

Adium stores the OTR private key and the fingerprints in

~/Library/Application Support/Adium 2.0/Users/Default/otr.private_key
~/Library/Application Support/Adium 2.0/Users/Default/otr.fingerprints

Pidgin, on GNU/Linux, stores the OTR private key and fingerprints in

~/.purple/otr.private_key
~/.purple/otr.fingerprints

It’s worth noting that neither application stores these keys encrypted. The threat model assumes that if an attacker has access to your Adium 2.0 or .purple folder, you’re already compromised. But that means you have to be extra careful about transferring these files from one computer to another: obviously, sending your key in a cleartext e-mail is not a good idea.

Anyway, harmonizing is just a matter of copying both files from one location to another, and then modifying the key slightly to match the format that each program stores it in. I was disappointed at how poorly documented these formats are, but fortunately the always impressive Guardian Project has gone through and documented each program’s file location and format in order to build a tool to convert files between different IM client formats. The tool’s not done, and so far only converts to their Gibberbot mobile IM client, but the README contains all the information you need.

In the case of Adium to Pidgin key transfer, which both use the standard libotrname field, which is an integer in the Adium config file, needs to be changed to the actual account name. The protocol field needs to be changed from libpurple-jabber-gtalk (in the case of a GTalk account) to prpl-jabber.

You may need to turn Pidgin’s OTR plugin off and on again, but it should recognize your key, and all of your verified fingerprints should show up as well.

Published by Parker Higgins

I'm the Director of Special Projects at the Freedom of the Press Foundation, and previously led copyright activism at the Electronic Frontier Foundation. I live and work in Brooklyn, New York. more »

Join the Conversation

12 Comments

  1. Well I feel silly, I’ve always just verified each contact through each client (Adium, Pidgin and Gibberbot), and multiples of each…

    So, is there any wonkiness switching between clients? I often switch between Adium and Pidgin in the middle of a conversation, but I guess I’ve always just logged off one to not conflict with the other.

    Palm, meet forehead.

  2. @maiki I’ve observed wonkiness if I’m connected on two separate boxes with two separate keys, especially if I’ve got open sessions with people on each. I haven’t yet noticed any weirdness associated with having the two clients running at the same time with the same key, but I think I just haven’t run into that situation yet. I’ll let you know if I do!

  3. I tried copying ~/.purple/otr.private_key and ~/.purple/otr.fingerprints from my Linux box to my Mac OS X box by placing them in ~/Library/Application Support/Adium 2.0/Users/Default/ but Adium just doesn’t see the private key.

    When I go into Advanced in Adium, it says no private key present. I noticed a difference between the otr.private_key format in Adium and in Pidgin. In Pidgin the name is ‘JID/resource’ e.g. (name “bob@foo.com/bar”), but in Adium it’s whatever number the account is (name “1” for the first account listed).

    Changing the name field doesn’t make Adium even see the key. However, when you generate one it clobbers your key and uses its key. This is really frustrating. Guardian Project’s keysync is of no help either.

  4. Hi, I am trying to copy my Adium keys over to an instance of Pidgin running on Windows 8. Any hints as to where to place the files and how to modify them to suit the Windows flavour? Or can Pidgin somehow import them? I’m at a loss.

  5. I’m using Mac OSX Yosemite and there is no Adium folder within /Library/Application Support/

    Any suggestions?

  6. No, unfortunately–I never made the “upgrade” to Yosemite and I don’t know where Adium puts the key now.

  7. Damn, Ya I’ve browsed through all of the Adium related subdirectories and can’t seem to figure out where they’ve got the keys stored.

  8. Ok so I finally located the Adium files. They consist of otr.fingerprints, otr.private_key, and OTR.plist. What exactly do I do with these now to get them into Pidgin and setup my account?

  9. so I finally located the Adium files. They consist of otr.fingerprints, otr.private_key, and OTR.plist. What exactly do I do with these now to get them into Pidgin and setup my account?

  10. so I finally located the Adium files. They consist of otr.fingerprints, otr.private_key, and OTR.plist. What exactly do I do with these now to get them into Pidgin and setup my account?

Leave a comment

Your email address will not be published. Required fields are marked *