Disclaimer: This article is still a draft and will be expanded.
The most promising technologies for secure and unified (by that I mean usable on the desktop as well as mobile clients) instant messenging are Tox and Cryptocat. While Tox wants to be a full alternative to Skype (including voice and video chat), Cryptocat will "just" be a Whatsapp alternative.
So currently the best thing to do is run your own XMPP server and use OTR for end-to-end encryption. I will summarize my experiences in this post.
XMPP clients for Android
For real end-to-end-encryption, you need OTR (easy to setup) or PGP (difficult to setup) support in your client.
Android clients supporting OTR:
- ChatSecure (+file transfers, XEPs supported: ?)
- Xabber (?)
- Conversations (+file transfers, XEP-0198, XEP-0280, XEP-0237)
Not yet OTR-ready:
- yaxim (XEP-0198, XEP-0280)
From this list, ChatSecure is currently the best alternative, although the user interface is quite ugly at the moment.
I recommend using Prosody as an XMPP server. It is minimalistic but extendable through modules.
Prosody needs several extensions installed in order to be usable and secure:
Generating a SSL certificate
How to configure prosody from my Docker image. (Using example.com as an example domain.)
(See also prosody's documentation on using certificates.)
sudo fig run prosody bash prosodyctl cert request example.com <CTRL-D>
On your host, display the request and copy it to your CA's site:
sudo cat .prosody/example.com.req
Save the generated cert:
cat >certs/ssl.cert <Paste cert> <append intermediate certs if needed> <then hit CTRL-D>
Move the key to the certs folder:
sudo chown $UID:$UID .prosody/example.com.key mv .prosody/example.com.key certs/ssl.key
Build the image again:
sudo fig build