/ Homeserver

Secure and unified instant messaging in 2014

Disclaimer: This article is still a draft and will be expanded.

The most promising technologies for secure and unified (by that I mean usable on the desktop as well as mobile clients) instant messenging are Tox and Cryptocat. While Tox wants to be a full alternative to Skype (including voice and video chat), Cryptocat will "just" be a Whatsapp alternative.

Both are currently failing to deliver a decent Android client. Cryptocat's client is still in development, and Antox (for Tox) is currently a massive drain on battery and data usage.

So currently the best thing to do is run your own XMPP server and use OTR for end-to-end encryption. I will summarize my experiences in this post.

XMPP clients for Android

For real end-to-end-encryption, you need OTR (easy to setup) or PGP (difficult to setup) support in your client.

Android clients supporting OTR:

Not yet OTR-ready:

  • yaxim (XEP-0198, XEP-0280)

From this list, ChatSecure is currently the best alternative, although the user interface is quite ugly at the moment.

XMPP server

I recommend using Prosody as an XMPP server. It is minimalistic but extendable through modules.

Extensions needed

Prosody needs several extensions installed in order to be usable and secure:


Generating a SSL certificate

How to configure prosody from my Docker image. (Using example.com as an example domain.)

(See also prosody's documentation on using certificates.)

sudo fig run prosody bash
prosodyctl cert request example.com

On your host, display the request and copy it to your CA's site:

sudo cat .prosody/example.com.req 

Save the generated cert:

cat >certs/ssl.cert
<Paste cert>
<append intermediate certs if needed>
<then hit CTRL-D>

Move the key to the certs folder:

sudo chown $UID:$UID .prosody/example.com.key
mv .prosody/example.com.key certs/ssl.key

Build the image again:

sudo fig build