Cryptography and text transformation
Crypt/text transformation engines and how to use them
Introduction
Well, there is a concrete background noise about security around the net. And I've thought that adding a little cryptography support to KVIrc wasn't a bad idea. So I first came up with the crypt engines, that allowed secure conversations in channels, queries and DCC chats; then found out that the realized structure was perfect to be generalized into text transformation support.
The concept
In few words, the text transformation engine is a layer between the user and the IRC connection. You type some text in the input line of a query window (for example), the engine transforms the text in some way and then sends it to the remote target. The trick works also in the reverse way: some data comes from the remote target, the engine re-transforms the text in some other way and displays it to the local user.

The incoming transformation is usually the inverse of the outgoing one, but it is not mandatory. It will become clear in few sentences that some engines will do no incoming transformation at all. The original use of the transformation engines were to encrypt the outgoing data and to decrypt the incoming data; anyway, the engines can perform other funky tasks. One of them is remapping the local charset to a standardized one when sending text to a channel (or some other target) and doing the inverse map on the way back. A totally fantastic usage of this concept could be an on-the-fly translator; it could translate for example Italian to English while sending to a channel and English to Italian on the way back... the implementation of a such engine is left to the reader as exercise :) Another (maybe less interesting) usage is to colorize the outgoing text, or transform it in a way that it is still readable but has a different look. This engine would not require a back transformation (so no decrypt stage). A symmetric idea could be an engine that strips the color codes from the incoming text: this engine would not require an encrypting stage.
The name of this stuff
Initially all this was named cryptography support. Then cryptography was no longer enough to describe the framework, so text transformation is a more generic term. Anyway, both terms were used in the documentation and the source. Just as example, the text transformation engine is called KviCryptEngine in the sources. So actually the terms crypt and text transformation refer to the same thing. You will often find the term encrypt standing for outgoing text transformation and decrypt standing for incoming text transformation.
Yes, but why cryptography (on IRC)?
Because it MAY be useful. More than once people have asked me to add some encryption support to the DCC chats. Yes, I know that there are other secure communication tools, but actually I can't find one that is able to implement a secure real time conversation. And what about a MULTIPLE real time secure conversation? This can be done on an IRC channel now.
The working things
KVIrc can use a text transformation engine on IRC channels, in queries and in DCC chats. At the time I am writing, only the rijndael crypt engine is available: this is a private key encryption algorithm that assures a pretty good security level. More engines will be surely available at the time of the 3.0.0 release of KVIrc. The engines can be activated by the dedicated dialog that can be accessed from the button bar of the window. Once an engine has been enabled, all the text that you type in the input line (that is not a command obviously) is encrypted and sent to the remote endpoint. If you want to send a non-encrypted message while an engine is working, you can use the Ctrl+P escape: by placing that character as the FIRST CHARACTER of the line you will avoid encrypting. Every engine has different capabilities: some can both encrypt and decrypt, others perform only half of the operations. Some engines need a key (the crypt engines obviously), or two keys (you can specify one for the outgoing data and one for the incoming). You can specify all these options in the crypt/text transformation dialog.

Obviously (with the current implementations) all the conversation endpoints must agree on the engine (or better algorithm) used and on the key(s). The key is user specified, so you have to find a secure way to negotiate it with your communication endpoints. If you can meet these people in real life, this is the best way to exchange the keys, otherwise you can use mail & PGP. Yes, this is a shortcoming of the crypt protocol: it is missing a public key handshake.
The first test
A cool way to test an encryption engine is to use a self query: connect to any IRC server, and execute query <yournickname>; a query window with you both as source and target will popup; activate a crypt engine and enable both encryption and decryption; specify the same key for both directions and then type some text in the input line: you will see the message twice: one is your local text and the other is the server routed one. Then you can try to activate encryption only and leaving decryption disabled: you will see how the text would appear to a possible man in the middle. You can also try to use different keys for encrypting and decrypting, and play with the Ctrl+P escape.
The protocol
Well, there is no protocol actually, only the existing implementations, that can be accessed by anyone that wants to reproduce them. There are only some points relating to the encryption engines that need to be cleared:

The encrypted text must be suitable to be sent through an IRC connection; this means that some characters can not appear in the encrypted text (e.g. CR, LF, NULL). KVIrc solves it in a simple way: the encrypted binary data is encoded, either as a hexadecimal numeric string or in base64.

An escape character has been defined to identify messages that are encrypted from the ones that are not: this character has ASCII code 30 (decimal).
The encoding is used in private messages only and has the following format:

PRIVMSG <target> :<escape_char_ascii_30><encrypted message>

ASCII 30 does not correspond to any widely used escape sequence and allows mixing encrypted and plain text messages in a conversation, well, this is not so pretty but you can exchange encrypted messages with one or two friends while talking on a normal IRC channel, nobody else other than your friends will be able to understand the message, others will see senseless sequences of characters. You will be still able to read the unencrypted messages of the other people on the channel.

The escape character is not needed if the engine performs non-encrypting tasks: a charset mapper will produce text that is meant to be read by anyone on the channel, a text colorizer will act in a similar way too. So the escape character is used for the encryption engines only.
An idea for future implementations
A public key handshake protocol could be implemented.

Index, Miscellaneous