OTR (Off-the-Record) Messaging for SIP Communicator

otr4j is part of my GSoC 09' project and is encouraged by the SIP Communicator development. otr4j is an implementation of the OTR (Off-the-Record) protocol in java.

Friday, July 10, 2009

First term period results

Here I present the results from my first term period. The list is based on my first term planning.

  • Develop a java library that handles encryption (see The current state of OTR libraries in Java)
    • Build methods to Assemble/Dissasemble OTR Messages and tests to verify things work properly
      • OTR Query Messages
      • Tagged plaintext messages
      • OTR Error Messages (Completed)
      • D-H Commit Message
      • D-H Key Message
      • Reveal Signature Message
      • Signature Message
      • Data Message (Completed)
    • Handle state transitions for the following actions (detailed description of state transitions here),build key management infrastructure (NOTE: key management for the library, not SC) and build tests to verify things work properly
      In this period functionality for Requesting an OTR conversation, Authenticated Key Exchange (AKE), and Data Exchange will be added.
      • Plaintext message without the whitespace tag
      • Plaintext message with the whitespace tag
      • Query Message
      • Error Message
      • D-H Commit Message
      • D-H Key Message (Completed)
      • Reveal Signature Message
      • Signature Message
      • Version 1 Key Exchange Message
      • Data Message
      • User requests to start an OTR conversation
      • User requests to end an OTR conversation
      • User types a message to be sent (Completed)
  • Create a transformation operation set (Completed)
  • Implement support for the transformation set in all protocols (Failed)
  • Implement an OTR encryption bundle prototype/proof of concept that encrypts all conversations (Failed)

I have created a transformation set for jabber as an initial effort to incorporate otr4j in SIP Communicator. I've chosen jabber because it is an open standard with server implementation, such as OpenFire, freely available.

I did not proceed into creating transformation sets for the rest of the protocols because there is an issue that the DSA signature (generated with standard JCE) does not verify in Pidgin/libotr, this action is taken in the OTR Protocol Draft, High Level Overview, Authenticated Key Exchange, Step 9. I tried to sign using BouncyCastle Lightweight API instead of the Standard JCE, but that failed too.

To make sure the signature I use is correct, I created a set of test cases to verify signatures created with bouncycastle using the Sun JCE provider and visa versa, but that failed too.

I posted a question about this issue today in several places (CodeRanch, Sun Forums, SIP Communicator dev-list), but I have received no answer yet, so I need to further investigate this issue.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

My Commits to SIP Communicator

Loading...

Mercurial commits to project otr4j on Google Code

Loading...