Off-the-Record (OTR) Messaging allows you to have private conversations
over instant messaging by providing:
- No one else can read your instant messages.
- You are assured the correspondent is who you think it is.
- The messages you send do not have digital signatures that are
checkable by a third party. Anyone can forge messages after a
conversation to make them look like they came from you. However,
during a conversation, your correspondent is assured the messages
he sees are authentic and unmodified.
- Perfect forward secrecy
- If you lose control of your private keys, no previous conversation is compromised.
28 Sept 2013
- Now running on a new server
- We've migrated the OTR website to a new and faster server.
(Updated 3 Oct 2013): The URL is now https://otr.cypherpunks.ca/,
as we have enabled TLS.
24 July 2013
- Now experimenting with Bitcoin for donations
- If you'd like to donate to the OTR project using Bitcoin,
bitcoin:14Tyk13ELKcRaJe1CfZE8f58QcBHfeV1tQ?label=OTR is ready to receive your support.
9 Sept 2012
- pidgin-otr 4.0.0-1 for Windows released
Daniel Atallah noted that Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were not enabled in the Windows release of pidgin-otr 4.0.0-0. We have corrected the oversight, and 4.0.0-1 is now available.
DEP and ASLR offer additional protection to programs in the event that they already have a security flaw that allows an attacker to take control of a program. They aim to limit the attacker to crashing your program, rather than being able to do anything more nefarious. We of course hope there is no such existing flaw in pidgin-otr, but better safe than sorry. :-)
4 Sept 2012
- pidgin-otr 4.0.0 and libotr 4.0.0 released
The long-awaited version 4.0.0 of pidgin-otr and libotr are finally here!
The main new features in 4.0.0:
- Support v3 of the OTR protocol
- The plugin now supports multiple OTR conversations with the same
buddy who is logged in at multiple locations. In this case, a new
OTR menu will appear, which allows you to select which session an
outgoing message is intended for. Note that concurrent SMP
authentications with the same buddy who is logged in multiple times
is not yet supported (starting a second authentication will end the
- During a private conversation with a buddy, an incoming unencrypted
message will now trigger the regular incoming message notifications.
In Pidgin this includes showing the message in the top-right
notification area, if it is normally configured to do so.
- When a private conversation begins, the plugin will indicate whether
Pidgin is configured to log the conversation.
- By default, OTR conversations will not be logged by Pidgin.
- New translations.
- libotr API changes:
- instance tags, to support multiple simultaneous logins
- support for asynchronous private key generation
- the ability to provide an "extra" symmetric key to applications
(with forward secrecy)
- applications can supply a format conversion callback if they do
not natively use XHTML-style UTF8 markup
- error messages formerly provided by libotr are now handled using
callbacks to the application, for better i18n support
- otrl_message_sending now handles message fragmentation internally
14 August 2012
- libotr version 3.2.1 released
Versions 3.2.0 and earlier of libotr contain a small heap
write overrun (thanks to Justin Ferguson for the report), and a
large heap read overrun (thanks to Ben Hawkes for the report).
Windows pidgin-otr users should upgrade to pidgin-otr version 3.2.1-2 immediately, which has been linked to the corrected libotr 3.2.1.
Users of libotr packages in Linux and *BSD distributions should see updated packages shortly.
16 May 2012
- Security update: pidgin-otr version 3.2.1
Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format
string security flaw. This flaw could potentially be exploited by
a remote attacker to cause arbitrary code to be executed on the user's
The flaw is in pidgin-otr, not in libotr. Other applications that use
libotr are not affected.
CVE-2012-2369 has been assigned to this issue.
Please upgrade to pidgin-otr version 3.2.1 immediately.
Users of pidgin-otr packages in Linux and *BSD distributions should see updated packages shortly.
OTR library and toolkit
This is the portable OTR Messaging Library, as well as the toolkit to
help you forge messages. You need this library in order to use the other
OTR software on this page. [Note that some binary packages, particularly
Windows, do not have a separate library package, but just include the library
and toolkit in the packages below.] The current version is 4.0.0.
UPGRADING from version 3.2.x
- Source code (4.0.0)
- Compressed tarball
- [Note that if you're compiling from source on win32, you may need to
make this patch to libgcrypt-1.2.1.]
Java OTR library
This is the Java version of the OTR library. This is for developers of Java applications that want to add support for OTR. End users do not require this package. It's still early days, but you can download java-otr version 0.1.0 (sig).
OTR localhost AIM proxy
This software is no longer supported. Please use an IM client with native support for OTR.
This is a localhost proxy you can use with almost any AIM client in order
to participate in Off-the-Record conversations. The current version is
0.3.1, which means it's still a long way from done. Read the README
file carefully. Some things it's still missing:
- Username/password authentication to the proxy
- Having the proxy be able to use outgoing proxies itself
- Support for protocols other than AIM/ICQ
- Configurability of the proxy types and ports it uses
But it should work for most people. Please send feedback to the
otr-users mailing list
, or to the dev team
You may need the above library packages.
- Source code (0.3.1)
- Compressed tarball
- Windows (0.3.1)
- Win32 installer
- OS X (0.3.1)
- OS X package
You can find a git repository of the OTR source code on
the OTR sourceforge site. You can also clone the repositories directly with git clone git://git.code.sf.net/p/otr/PROJECT, where PROJECT is one of libotr, pidgin-otr, java-otr, or otrproxy.
If you use OTR software, you should join at least the otr-announce
mailing list, and possibly otr-users
(for users of OTR software) or otr-dev (for developers of OTR software) as well.
- What implementations of Off-the-Record Messaging are there?
- Please see our OTR-enabled software page.
The OTR functionality is separated into the
Off-the-Record Messaging Library (libotr), which is an LGPL-licensed
library that can be used to (hopefully) easily produce OTR plugins for
other IM software, or for other applications entirely.
- What is the license for the OTR software?
- The Off-the-Record Messaging Library is licensed under version 2.1
of the GNU Lesser General
Public License. The Off-the-Record Toolkit, the pidgin-otr plugin,
and the OTR proxy are licensed under version 2 of the GNU General Public
- How is this different from the pidgin-encryption plugin?
- The pidgin-encryption plugin provides encryption and authentication,
but not deniability or perfect forward secrecy. If an attacker or a
virus gets access to your machine, all of your past
pidgin-encryption conversations are retroactively compromised. Further,
since all of the messages are digitally signed, there is
difficult-to-deny proof that you said what you did: not what we want
for a supposedly private conversation!
- How is this different from Trillian's SecureIM?
- SecureIM doesn't provide any kind of authentication at all! You
really have no idea (in any kind of secure way) to whom you're speaking,
or if there is a "man in the middle" reading all of your messages.
- How is this different from SILC?
- SILC uses a completely separate network of servers and underlying
network protocol. In some environments, such as firewalled or corporate
setups, where a local proprietary IM protocol may be in use, SILC may
not be available. Further, in its normal mode of operation, all SILC messages
are shared with the SILC servers; if you want to send messages that can only
be read by the person with whom you're communicating, you need to either
(1) arrange a pre-shared secret in advance (which hampers perfect forward
secrecy), or (2) be able to do a direct peer-to-peer connection to the other
person's client, in order to do a key agreement (which may not be possible in
a NAT or firewall situation).
Is your question not here? Ask on the