-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # LainOS Secure Messaging Service — XMPP over Tor https://gitlab.com/lainos/lainos-secure-messaging-service Welcome to the **LainOS Secure Chat Server Guide** — a privacy‑focused, cross‑platform messaging framework using XMPP and the Tor network. This guide will show you how to register an account on the LainOS Secure Messaging Service using the profanity client on Linux, and a secondary method on android, along with integrated PGP login for the client. DO NOT USE ANY SPECIAL CHARACTERS IN YOUR PASSPHRASES IF YOU WANT PGP LOGIN. The framework we'll be using IS called LESME(LainOS Ephemeral Secure Communication Environment). It provisions the Profanity client to be watertight secure. The way it does this is by using PGP to encrypt your XMPP account passphrase to keep it out of plaintext, and when it is used, GPG decrypts your XMPP account passphrase then securely pipes it back into profanity to log you in. Alternate Registration on Android, easiest method:(You can find the server info below) Download 'another.im' from frdroid or their website. https://another.im Download Orbot at https://orbot.app In the Orbot settings, check the 'power user mode' box, this allows you to torify individual apps. Find the menu option 'choose apps", select "another.im", and press 'save'. Now activate orbot, specifically with the snowflake or obfs4 connection option(to bypass tor blocking). Open Another im. Register an account on the server by pressing the top three dots at the right top corner.Manage accounts, fill the fields with a username and pasword like so: 'YourUsername@glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion', followed by a recommended complex 45 character generated passsword(If you want LESME with PGP login on profanity, use no special characters). Save these credendialts in a password manager(recommended). Check the box 'Register account on server' and press connect. If successful, it will ask you to upload an avatar, and you are now connected to the LainOS_Secure_Messaging_Service. Now you can either use the service on android or migrate it to any other client, including the LESME script, covered below. - - - --- ## 🌐 What is this? **LainOS Secure Chat** is a private, anonymous chat system built on: * **XMPP (Extensible Messaging and Presence Protocol)** — decentralized real‑time messaging (including group chat/MUC). * **Tor (.onion hidden service)** — anonymizes traffic and hides both user IPs and server locations. * **Profanity client** — a lightweight terminal XMPP client used in this guide. * **PGP Integrated with GNU pass** — anonymized pgp keys for seamless user authentication and storage of plaintext passphrases. * **TLS** — for server authentication and encryption in transit. Together these provide encrypted, anonymous messaging with resistance to surveillance and censorship. For end‑to‑end confidentiality, enable client‑side encryption (OMEMO or PGP). This project is part of the [vesme‑avf repo](https://gitlab.com/amnesia1337/vesme-avf) and integrates secure comms into LainOS. - - - --- ## 🔐 Server Details * **My XMPP JID (example):** `amnesia1337@glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion` * **Server Address:** `glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion` * **LainOS Chatroom (MUC):** `private-chat-c75bebbc-50f3-447d-811f-41f83de11811@conference.glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion` - - - --- ## 🧰 Prerequisites(LainOS has them) * `tor` (configured with **obfs4** bridges on LainOS) * `torsocks` to tunnel profanity through tor * `profanity` XMPP client * `KeePassXC` (recommended) to store credentials safely * `pass` to encrypt/decrypt, and store XMPP acount passphrases - - - --- Profanity Registration: ## 🚀 How to Get Started ### 1. Start Tor with obfs4 support tor.sh s ### 2. Launch Profanity via Tor torsocks profanity ### 3. Register a new XMPP account In the profanity prompt: /register yourusername glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion tls trust *Enter your password **twice**. ***Password rules (All Passwords):** 12 character minimum, uppercase, lowercase and numbers only with a recommended 200 bits of entropy — ****. (Special characters are rejected by the server and/or may be interpreted by the terminal.) *When asked about TLS: /tls allow * Save your preferences: /save Then exit profanity with `/quit`. > 🔐 Store your pgp passphrase, XMPP account username, and XMPP account passphrase in KeePassXC. - - - --- ### 4. Run the installation script (optional) To install the framework: - - - From your Home/user folder, issue the command `cd LainOS_Secure_Messaging_service` then run the script with: bash LainOS-Tor-XMPP-Server.sh * **Important:** The script will prompt for the **PGP key password first**. **DO NOT include special characters** in that PGP password — the terminal can interpret them as shell syntax (which will break the prompt). Use only uppercase, lowercase, and numbers to be safe. * Use KeePassXC to paste any required credentials into prompts. - - - --- ### 5. Reconnect with your account When the script is done you will need to reconnect to tor with `tor.sh r`, exit profanity with /quit, reconnect with the command that the script gives: torsocks profanity -a yourusername@glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion Enter your PGP passphrase, and accept the certificate when prompted by typing /tls allow - - - --- ### 6. Join the official LainOS chatroom - - - From within profanity: /join private-chat-c75bebbc-50f3-447d-811f-41f83de11811@conference.glcuf4hcwbm3lt6grg7jfwwus7sqpuojozfsnbzzcsf7vbm2jcfqckid.onion - - - --- ## ✅ Tips & Best Practices * **Store credentials in KeePassXC**, never plaintext. * **Enable OMEMO or PGP** encryption where supported. * Always run XMPP clients through `torsocks` (or configure a Tor SOCKS proxy). * Avoid special characters in passwords asked by the installer/script or the terminal (PGP password is asked first by the installer). * Keep LainOS, Tor, and clients updated. Harden your device and operational practices. *Do not use the same Passphrase for your pgp passphrase and axmpp account. - - - --- ## 🛠 Troubleshooting * **Tor not at 100% / connection issues:** ```bash sudo journalctl -u tor -f ``` * **`torsocks` missing:** install via package manager. * **Profanity certificate prompts:** inspect fingerprint before accepting. * **Registration/connect fails:** ensure Tor is running, `torsocks` is used, and `.onion` hostnames are exact. - - - --- ## 🧪 Related Project Main repo: 👉 [vesme‑avf GitLab Repo](https://gitlab.com/amnesia1337/vesme-avf) - - - --- Stay secure. Stay private. Stay weird. *— amnesia1337* -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEK1Ps71pHrPGaCA5GsuUBLUCaevsFAmkcySsACgkQsuUBLUCa evvlJg/+Jq7sZEmqjo7DUNBjg18tWPTLHDfJ+iFhPBYDRz8gJ2U+T+iAzSEO80fx +IhWPW1IGwLy07+SlgxUnIR3R5oSCF4H5+xwnXVhgDZTZrxJ23TjoPb7AxT6WjeD B+YWm1AWMo94lc2MH4wL6QJcAPr1CoVrZjRj0WFeXEeDN4ETpSj0PYK+YzNBfpuY dPxQaJsJY6qHvVwBKIGVYmRWGii93HsGRPdNI8dDkc1UVM0lBwtVv6/wuBgfcQoZ qynOkqME2CCILoNBKhwGLWUOH8zsQ8+1YHVfjRf1H0XBnUa+JUWEUZDp1VmxOLEF x67BN8gm15W5Xq5+0lwSr3/PEuxRgmE6h+tJR3nRYjGXSV73nLWThEO3pyciE3oJ jRtgS2xXvkkJMCFUhQl8kP444zdryijKA/GOdlhW58+8E8XzeSuCjrvKda4E4I1J xtpwtwhPyxea/ewPkIx9DdkgEt2V9M5v+BqjSM1w1b0OYR3TjPgWblhH4HilpvMr Q6HNmqehH0AsVeDgAu2GCRB5HOeFM1efLn/Xz5SitsiQqMzbk+f9Coa09Dckhrak olSPWkSNSSizFgADzhMs7u5XBSCxk4gR8l4VA2RYjAUT7wLRfSpMdcSd2Oc+0Af9 vbKNltoiCb6G2I4UI9MZy5lmhpJz8+UKujF1X3eHpAzYGirplmw= =JOxn -----END PGP SIGNATURE-----