Setup XMPP with OMEMO encryption on your Desktop

In this article we will setup secure messaging on your desktop such that you have a safe wire to your friends – on all your devices.

If you haven’t read “Setup a Whatsapp-like chat messaging that respects your privacy–in just 10 minutes”, read at least the introduction to understand why XMPP with OMEMO is useful. Best, take these 10 minutes and follow the instructions of the blog post.

Requirements

• You need Ubuntu as Operating System on your Desktop
  I show all steps using the operating system Ubuntu. With some effort, you can probably get it up and running on Windows and macOS. However, a Linux operating system such as Ubuntu respects your privacy more, therefore I recommend using Linux.
• You do NOT need IT skills

Setup messenger on your Desktop

First, install all required software. To do so, open a terminal (use the search to open it or press STRG+ALT+t) and type:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install -y gajim python-appindicator python-axolotl

Like this:

Then press enter. This installation will take some minutes. In the meantime, see the following list of what it installs or start with the next section.

• Gajim: The Messenger we will use
• Python-appindicator: It makes sure that you have an icon of Gajim in your menu bar of your Desktop, next to your system clock.
• Python-axolotl: Required to setup the security layer on top of XMPP

After the terminal finished its work, close it.

Next, start Gajim. You can use your Desktop search to do this. Gajim’s icon looks like this: 

After Gajim has started, wait some seconds until it requests your permission to install updates:

Allow this. Afterwards, a new window will open that lists all components that can be updated. In this list, activate the check box next to Appindicator Integration and OMEMO. Then, click on the button Install/Upgrade on the bottom left on that window.

After the update has finished, go to the other tab Installed. There, make sure that all components are activated via the checkbox. Afterwards, click close on the bottom right of the window.

Then, you should see a wizard to setup your XMPP account. Select the option that you already have an account and follow all instructions yourself using the default settings.

After you finished the wizard successfully, Gajim will show your status as Available. Congratulations! Now, let’s send messages to your friends.

To do so, click on the Gajim window and move your mouse to the top of the screen. There, a menu should appear. Go to Actions -> Start chat… . In the new window, add the XMPP ID of your friend and click ok.

A chat windows opens up. Just close this window. Go to the main menu again and select View -> Show offline contacts… .

In the Gajim window, you should see your friend. Right click on the name of your friend and select Manage contact -> Add to roster. In the pop up, just click Add. Now your friend is permanently added to your list of contacts.

Next, right click on your friend and select Manage contact -> Allow subscription -> Allow contact to see my status.

Your friend should see a request like this:

He shall click Authorize, which enables him to see if you are online or not. Also, this step is necessary for activating the encryption.

Next, make sure that your friend also allows you to see his status.

Note: At any point in time from now on, you will be asked to trust something called “fingerprints”. In this case, jump to the section “All about fingerprints” one block further down.

Now, when you open the chat window to your friend, it should say OMEMO encryption enabled and show a red shield next to the input field, like this:

If you don’t see the OMEMO encryption enabled — just restart Gajim and have a look again.

Congratulations! That’s all!

If you wanna chat also on your Smartphone, just follow this guide.

All about “Fingerprints”

Note: Read this subsection only when you are asked to trust something called “fingerprints”. Otherwise, just skip it!

Simply put, a fingerprint is an ID of a devices someone uses for the messaging. In order to make sure that you communicate with exact the devices, which your friend uses, you need to see if the fingerprints listed in this window match with the ones your friend really has.

So, ask your friend to list his fingerprints on his desktop. On his computer, in the chat window with you, he shall click on the setting symbol below the text input field (grey, with wheels). There he goes to OMEMO encryption  -> Fingerprints. He should now see the same window as you.

He should chose the tab Own devices, while you chose the tab Contact. Now, select a fingerprint that matches with the one of your friend and press the button Trust/Revoke Fingerprint. Also press yes in the window that appears.

Finally, all fingerprints should be green like this:

That’s all about fingerprints! Now, please move on at exactly the instructions before you jumped to this fingerprint section.

Known Bugs

• In the main menu of Gajim, not all options work. Luckily, the important ones do.
• Gajim is not able to send a confirmation if you’ve read a message. Conversations can.
• Gajim sometimes reports that your friend did not get the message even if he did.

Troubleshooting

• Sometimes, a restart of Gajim just helps 🙂
• If OMEMO encryption or the fingerprint option is grey and cannot be activated, just send a message in the chat window. This sometimes helps.

Please report issues in the comments below.

This article has also been published on my private blog.