Jabber + OTR: Theory and Practice


Apparently I’ve drink too much coffee today and being high decided to configure Jabber + OTR. In case you are interested in secure instant messaging and want to chat about programming, hardware, security and stuff, feel free to add me to your contact list:

[email protected]
9AE9C07A 963B06AD 4D585C96 7DCEE589 55599F36

In case you’ve never heard about OTR here is some theory:

Regarding practice - many Jabber clients support OTR. I personally use Psi+ but Pidgin will do as well.

On Ubuntu:

sudo apt-get install psi-plus psi-plus-plugins

On Arch Linux:

yaourt -S psi-plus-qt5-git psi-plus-plugins-qt5-git

After installing Psi+ with plugins just register on any Jabber server you prefer, enable the OTR plugin and generate a key.

There are also some decent mobile clients, e.g. ChatSecure for iOS and Xabber for Android.

Please note that OTR requires to verify fingerprints of all your contacts manually (could be done in plugin settings). Otherwise a MITM attack could be performed.


I use OTR on irssi. I wish more people had it, it’s not very difficult to configure, and it guarantees end-end security. You only have to worry about the end points.

I’m glad you’ve written up on how to use it with jabber.