The crypto triple threat club

My written one-to-one communication patterns can be grouped into three major categories: longform, synchronous shortform, and asynchronous shortform. For the most part I use email, IMs, and SMS, respectively, for those purposes.

Each of those technologies has its own end-to-end encryption protocol. ((In some cases, more than one. I’m just listing the ones I use.)) Email has the venerable OpenPGP protocol and the GnuPG suite of programs; IM has OTR for Off-the-Record Messaging on Pidgin and Adium on the desktop, andGibberbot and ChatSecure on mobile; and SMS has TextSecure, a free software Android SMS application that does encryption locally and over the wire.

My TextSecure fingreprint, as a QR code generated by the application.

There’s a small but growing cadre of my friends with whom I’ve exchanged keys on all three protocols. ((Seriously, it’s growing. I added maiki to the club just tonight.)) They’re the crypto triple threats. I want to build that list out further: if I’m having an end-to-end conversation with you, I’d like it to be encrypted end-to-end.

Some of these keys are harder than others to exchange. Email encryption is notoriously difficult to get right, while OTR is much simpler to start working with. TextSecure is a great example of the rare good QR code use case.

These are communication tools, so they’re especially affected by Metcalfe’s Law. That makes it even more important to get people to join the triple threat club. It also means that for each of these protocols, there are lots of people who want to help you figure it out. I’m one of those people. Let’s talk!


  1. Posted 2 July, 2012 at 18:37 | Permalink

    Just a side note, Gibberbot also supports QR code key verification. It is under the verify/profile menu option from any chat, and then from there another menu option for displaying or scanning QR codes. Yes, we know that is hidden, but are working on a UI overhaul.

    We have actually did research into all of the ways OTR keys are stored (see that here: and then created an OTR key converter utility that can move your OTR private key and verified public keys from Pidgin or Adium over to Gibberbot. It is very alpha, but expect more in the coming months:

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>