I'm new to the openfire/spark community. I was wondering if someone could explain to me how the chats are encrypted. When I read the SSL documentation for openfire, step 6 talks about importing the client certs into the truststore. I need to do that before the chats are encrypted? How can I possibly know who all my clients are to import all their certs? I need someone to help me understand the process better.
For SSL/TLS encryption it is not necessary to import client certificates. Even your clients don't need to import the server certificate. The connection is encrypted, nobody else than client and server can read it.
BUT: Without importing certificates you can't be sure who is the one on the other end. You can only ensure that a server is the server you think, if you have imported its certificate. Some goes for clients: You can only ensure the client is the right client, if the server has imported the client certificate.
Normally you have certificate that is signed by an top-level certificate. Because top-level certificates are shipped with the clients, nobody needs to import anything.
Now we come to real encryption:
If you want to be sure nobody else reads your messages SSL/TLS is not sufficient, because the server still can read or modify the message. You need End-to-End encryption. Most popular for Jabber are OpenPGP and OTR.
You will find an detailed article about encryption (SSL/TLS, OpenPGP) in German language here: