Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

An experimental (n+1)sec plugin for Pidgin

Important Warning: This is a minimal test client for under-construction software. It may crash and it may have undocumented security bugs. You should not rely on it for security - or even stable communications.

Setup for users

The (n+1)sec test client works on any Linux distribution.


Before you run the script to install the np1sec-test-client, you should check that the following packages are installed on your system, and install them if they are not. You will also need a C++ compiler that supports C++14. In Debian you can install the build-essential package.

libasan (optional)
libboost1.55-dev (or higher)

In Fedora you can install all dependencies using the following command (tested and working on Fedora 25):

dnf install boost-devel cmake gcc gcc-c++ git glib2-devel gnutls-devel gtk2-devel intltool kernel-devel libasan libgcrypt-devel libxml2-devel make wget


np1sec-test-client comes with a convenient script, which will download and build pidgin-2.11, the (n+1)sec library and this plugin for you.

This script builds a separate Pidgin instance with (n+1)sec support, which uses a separate configuration from any Pidgin you may already be running on your machine. This isn't strictly necessary and you could run (n+1)sec in your day-to-day Pidgin if you like, but this solution will avoid several problems with this test build and avoid your regular chat client being compromised by any bugs in (n+1)sec.

To run it, download this file to an empty directory:

Check that the file has the right permissions, else make it executable with the command:

chmod 775

Finally, within the directory containing the script, launch the following command to run the install script:


The script performs some automatic dependency resolution before building. This should work well for users of Debian-based distributions, but users of other distributions can disable this dependency resolution by executing the script with:

./ --force

On success, the script will start Pidgin, where you can go to Tools > Plugins and enable the (n+1)sec Secure messaging plugin.

Subsequent Pidgin executions can be done by executing the same command again. Note however, that executing it will update the np1sec and np1sec-test-client projects to their latest versions. To avoid that one may instead execute:

./bin/bin/pidgin --config=pidgin-home

Using the (n+1)sec plugin

Once you have enabled the plugin (Tools > Plugins > (n+1)sec secure messaging), join the XMPP ("Jabber") room ("chat") where you are planning to have your encrypted conversation as you would normally with Pidgin.

When you have joined the room you can chat in the clear (unencrypted) with other people as normal.

Under the list of n people in this room, you will see a second list called (n+1)sec users -- this shows everyone in the room who has installed and enabled their (n+1)sec plugin.

To invite people to a new encrypted conversation, click the Create conversation button. A new chat window will open. You can then select people to invite by double-clicking their usernames in the Invite pane of the new window (this list shows only those people who are (n+1)sec capable). Once someone is invited, their username is moved to the Invited pane, and when they accept the invitation they are moved to the Joined pane.

If you are invited to a conversation, a new window will open automatically. The Joined list in that window tells you who is in this conversation already, and the Invited list shows who has been invited to join. Find your username in the Invited pane of that window and double-click it to accept the invitation. Your username will move to the Joined pane.

When someone is first added to the joined pane, their username is suffixed with a !c symbol, which indicates that the conversation is rotating its encryption keys to include them. They won't be party to the conversation, meaning they won't be able to read or write encrypted chat messages, until this disappears to indicate the key exchange is complete.

Invitees who have not accepted their invitations are not party to an encrypted conversation and cannot see its messages.

To leave an encrypted conversation, or to decline an invitation, simply close its window.

Known bugs

User's chat "handle" must match their JID

When you "join a chat" (i.e an XMPP MUC room) in Pidgin, the client requires you to set a "Handle" or nickname. (n+1)sec will not work unless you set this to be exactly the same as the first part of your Jabber ID (the part before the @ symbol). This is case sensitive.


Setup for developers

For developers it is better to use a custom built pidgin. This is because it can be built with the minimum functionality it needs to work and thus causes less problems when (e.g.) multiple instances of the messenger need to run on the same machine.

Build pidgin

Download and extract pidgin source from here.


cd <pidgin-directory>
./configure --disable-gtkspell --disable-gstreamer --disable-vv
--disable-meanwhile --disable-avahi --disable-dbus
make install # Shall install into ./install

Build (n+1)sec

cd <np1sec-test-client dir>
mkdir -p build
cd build
cmake .. -DNP1SEC_LIB_DIR=<where can be found> \
         -DNP1SEC_INC_DIR=<where np1sec headers can be found>

Make a link to the plugin where pidgin can find it:

cp ~/.purple/plugins/


To test it, you'll likely want to run pidgin multiple times on the same machine.

mkdir -p ~/pidgin
<pidgin-directory>/install/bin/pidgin --config=~/pidgin/alice
<pidgin-directory>/install/bin/pidgin --config=~/pidgin/bob
<pidgin-directory>/install/bin/pidgin --config=~/pidgin/charlie

(Re)start pidgin, go to Tools > Plugins and enable the (n+1)sec Secure messaging plugin.


A full-featured proof of concept implementation of an np1sec chat client, implemented as a pidgin plugin.






No releases published


No packages published