Keys on Pidgin encryption and OTR

As a security and privacy conscious end user I have started encrypting my IM chats with Pidgin Encryption and Off-The-Record Messaging. Both plugins for Pidgin automatically create public/private key pairs which are used to encrypt my IM chats. Unfortunately, I also use many different computers to chat with my friends and by default each computer creates its own public/private key pair. I want my chats to always look like they are coming from me despite the computer I am on so I looked up how to copy the private keys between computers.

In Ubuntu Linux all the relevant files were all listed under the .gaim folder in my home directory. In Windows XP they were listed under the .purple in my Application Data folder.  All you have to do is move the files listed below from the appropriate directory on the original computer to the same directory on whatever other computers you want to use the same public/private key.

On my computer the keys were located in:

Windows: C:\Documents and Settings\UserName\Application Data\.purple

Ubuntu Linux: ~/.gaim

(In some versions of Ubuntu ~/.purple)

OTR

  • otr.private_key
  • otr.fingerprints

Pidgin Encryption

  • id
  • id.priv
  • known_keys

The known_keys and otr.fingerprints files list the public keys of other people who you chat with. You don’t have to move these files if you don’t want to. The otr.private_key, id and id.priv files contain your private key and must be moved.

6 Responses to Keys on Pidgin encryption and OTR

  1. Schnäbi says:

    Thank You for this Thread.

    Very useful.

  2. Raven says:

    Thanks for this! I was looking to move my keys from an Ubuntu box to a Windows box and couldn’t find the place to do it. (Damn Windows, hiding the relevant folder from my “search the whole hard drive” searches!) Once I knew where it was, I could manually override. The assist is much appreciated.

  3. abs says:

    Thanks a lot…I found my pidgin certificates under directory $HOME/.purple/certificates/x509/tls_peers.

  4. Alan says:

    Thanks for posting this. On my Red Hat 5 box, I found the otr files in $HOME/.purple/otr.*

  5. AyJay says:

    > “I found my pidgin certificates under directory $HOME/.purple/certificates/x509/tls_peers”

    – Those are the SSL certificates of the server you are connecting to rather than your own OTR private keys.

  6. FH says:

    My .purple directory on Windows 7 x64 only contains otr.fingerprints, otr.instance_tags and otr.private_key. Copying those to another machine’s .purple directory overwrites the key generated there, but resets the OTR plugin to displaying “No key generated” 🙁 id, id.priv and known_keys do not seem to exist on my hard drive. So, how can I copy the OTR settings to another machine?

Leave a Reply

Your email address will not be published.