BitlBee and OTR … then add some TOR!

With the release of 3.0.1 of BitlBee you can now chat from your favorite IRC client with the peace of mind that your protected. Since the OTR portion is still very new I wanted to put together a quick howto. I am going to assume you are running Debian Lenny (sid has 3.0.1 in the packages already) and that you really are a security nut:

  1. Download source from
  2. sudo apt-get install libotr2-dev libotr2-bin
  3. ./configure –prefix=/usr –otr=1
  4. make
  5. make install
  6. make install-etc

Done! Now once you start bitlbee (/etc/init.d/bitlbee start) for the first time it will generate your OTR keys. I am going to assume that you are going to use the Question and Answer verification for OTR keys. With our other secure buddy we do the following:

  1. otr connect $buddy
  2. otr smpq $buddy 2+2 4
  3. If your buddy knows your answer then they will reply correctly
  4. Your buddy being a smart cookie will then ask for you to respond to a question: otr smp $buddy answer
  5. Done!

In step 2 the breakout is question then answer. So if we wanted to do a “Where did we eat lunch 1 Jan” “Taco Bell” then you could do that also. I used 2+2 for simplicity. It is important to note that if you have logging turned on for BitlBee then your OTR messages are in vain. Also they could trace your connections via your network connection. Lets add an additional layer. Open your /usr/etc/bitlbee/bitlbee.conf (or where ever you put it) and change the following settings:

Proxy = socks5://

This assumes you have configured TOR SOCKS for that address, but that is the default. I run this configuration in a hidden service SSH server with screen. A potent combo that in essence lets me roam through the interwebs constantly connected and secured. Any questions let me know