256 Logo
Gray's Home

Blog
Brain Teasers
Source
Quotes
Thoughts   9/11
U.S. Constitution

Secure Chat Conversations via AOL's Instance Messanger

A number of my friends have asked me how you can talk securely over AOL's Instant Messenger. By default messages are sent in the clear in plain text and any hacker, corporate security, or government snoop can listen in at will.

For my secure conversations, I use the excellent Gaim program with the Gaim-Encryption plugin. Gaim is an open software program with a rich plugin architecture and a good support community. Gaim-Encryption is a good security plugin which uses the NSS libraries to encrypt and decrypt messages between users with the RSA algorithm. The person you are chatting with will need to also be using Gaim with the plugin for this to work.

Installation Instructions

  1. To IM securely, you'll need to download the latest version of the Gaim program and the encryption plugin. Make sure that the plugin is using the same version as the Gaim program.
  2. After you install both the program and the plugin, you then can run Gaim. You will need to configure your AIM (or other IM account) and login.
  3. By default Gaim shows all of your friends' buddy-icons which makes the buddy list window HUGE. Click on Preferences button or pull down the Tools menu to Preferences and select Interface -> Buddy List. Then uncheck the 'Show buddy icons' check box and click Close or Ok to fix this.
  4. To enable the encryption plugin, you click on the Preferences button or pull down the Tools menu to Preferences. Click on Plugins, in the list you should see Gaim-Encryption. Click on the empty box next to it to enable the plugin. This may take a couple of seconds to generate your NSS key.
  5. Then if you open up a conversation window to someone, you should see little locks and the text Tx:plain and Rx:plain or some combination of the two depending on your settings. You can then click on the Tx:plain to change it to Tx:secure and lock the lock icon. This will cause your Gaim to try and talk to your friend's Gaim to exchange keys. You should get a dialog window which asks if you want to Accept your friend's key. If you don't get it when you click the Tx:secure button then try sending a "hello" message to your friend. When the dialog appears, I usually Accept & Save it. Once you accept the key, you should see the Rx:plain change to Rx:secure and/or the inbound lock to close. This means that you are transmitting securely and receiving securely.

If both the outbound and inbound locks are closed or it is reading Tx:secure and Rx:secure then you can talk securely. It's not a perfect system and any hacker who has broken into your box can easily just read your keystrokes but it should stop just about all entities from "listening" in on your IM conversations.

This work is licensed by Gray Watson under the Creative Commons Attribution-Share Alike 3.0 License.

Free Spam Protection   Android ORM   Simple Java Zip   JMX using HTTP   Great Eggnog Recipe