Skip navigation
7477 Views 2 Replies Latest reply: Mar 25, 2008 3:41 AM by Coolcat RSS
Bronze 1 posts since
Mar 24, 2008
Currently Being Moderated

Mar 24, 2008 7:43 PM

Encrypting chats

I'm new to the openfire/spark community.  I was wondering if someone could explain to me how the chats are encrypted.  When I read the SSL documentation for openfire, step 6 talks about importing the client certs into the truststore.  I need to do that before the chats are encrypted?  How can I possibly know who all my clients are to import all their certs?  I need someone to help me understand the process better.

  • rene-1 Silver 243 posts since
    Feb 12, 2007
    Currently Being Moderated
    Mar 25, 2008 3:17 AM (in response to kate)
    Re: Encrypting chats

     

    That is a very good question!

     

     

    Since the last weekend i was asking myself the same

     

     

    It would be wonderful if someone could explain that to us.

     

     

    • Coolcat KeyContributor 797 posts since
      Mar 19, 2007
      Currently Being Moderated
      Mar 25, 2008 3:41 AM (in response to rene-1)
      Re: Encrypting chats

      For SSL/TLS encryption it is not necessary to import client certificates. Even your clients don't need to import the server certificate. The connection is encrypted, nobody else than client and server can read it.

       

      BUT: Without importing certificates you can't be sure who is the one on the other end. You can only ensure that a server is the server you think, if you have imported its certificate. Some goes for clients: You can only ensure the client is the right client, if the server has imported the client certificate.

      Normally you have certificate that is signed by an top-level certificate. Because top-level certificates are shipped with the clients, nobody needs to import anything.

       

      Now we come to real encryption:

      If you want to be sure nobody else reads your messages SSL/TLS is not sufficient, because the server still can read or modify the message. You need End-to-End encryption. Most popular for Jabber are OpenPGP and OTR.

       

      You will find an detailed article about encryption (SSL/TLS, OpenPGP) in German language here:

      https://jabber.rwth-aachen.de/wiki/index.php/Kryptografie

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points