How to connect ERC over TOR
-------------------------------------------------------------------------------
Copyright (C) 2023 oat
Author: oat
Date: 2023-05-25
Version 0
Revision 0
License The GNU Free Documentation License
-------------------------------------------------------------------------------
Content Table
I Preface
II Acknowlegments
III Web page reference
IV Glossary
1 Introduction
2 Necesary Software
2.1 Install GNU Package
2.1.1 Guix
2.1.2 gnutls
2.1.3 gnurl
2.1.4 emacs-next
2.2 Install NONGNU Package
2.2.1 tor
2.2.2 nss-certs
2.2.3 openssl
2.3 Instalation Example
3 Tor setting
3.1 Test TOR works correctly
3.1.2 Test Example
4 Register libera chat account
5 Create a self-signed certificate
5.1 Test your certificate
5.1.1 Emacs setting
6 Add your fingerprint to NickServ
7 Emacs ERC over TOR
7.1 Emacs setting
8 Cloaks
9 Appendix
9.A Reference
9.B The GNU Free Documentation License
-------------------------------------------------------------------------------
I Preface
You will find in this document the necesary software and setting to use ERC IRC
client over TOR.
-------------------------------------------------------------------------------
II Acknowlegments
Special thanks to Neverwas, Corwin, w0lper and Affliction.
-------------------------------------------------------------------------------
III Web page reference
https://lists.gnu.org/archive/html/emacs-erc/2023-05/msg00021.html
https://lists.gnu.org/archive/html/emacs-erc/2023-05/txtApMgS1NpgY.txt
https://lists.gnu.org/archive/html/emacs-devel/2020-11/msg00679.htm
-------------------------------------------------------------------------------
IV Glossary
If you do not know what to do the software mention in this document read its
description section manual.
Example: man guix
-------------------------------------------------------------------------------
Introduction
This document was testing on Emacs-29.0.90 with ERC 5.5. It is writen for brand
new emacs and erc users. I hope, it was useful to users with more level. The
whole process will make from command line.
-------------------------------------------------------------------------------
2 Necesary Software
You must be install the software listed to make ERC works correctly over TOR.
2.1 Install GNU Package
They are software mantained officialy by GNU project. Please install them in
the order show it below.
2.1.1 Guix
Install first guix package manager following the instuctions in the URL
https://guix.gnu.org/en/videos/2020/installation-from-script/
2.1.2 gnutls
2.1.3 gnurl
2.1.4 emacs-next
2.2 Install NONGNU Package
They are software not mantained officialy by GNU project. Please install them
in the order show it below.
2.2.1 tor
2.2.2 nss-certs
2.2.3 openssl
2.3 Instalation Example
guix search package-name
Press q to exit the search
guix install package-name
-------------------------------------------------------------------------------
3 Tor setting
Create tor directory
Example: mkdir /home/user/.tor/
Locate into tor directory.
Example: cd /home/user/.tor/
Create a torrc configuration file.
Example: nano /home/user/.tor/.torrc
Update torrc
Adding the below lines
# torrc entry for libera.chat onion service
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
Save and exit from nano.
3.1 Test TOR works correctly
Now you need to be sure TOR works correctly.
3.1.2 Test Example
Run the commands below
gnurl --proxy socks5h://localhost:9050 https://www.gnu.org/ --cacert /gnu/store/dy3xh053ahkhrp2jamggq8cpsyvp8mg0-python-3.10.7/lib/python3.10/site-packages/pip/_vendor/certifi/cacert.pem | grep 'GNU Operating System'
The result show it below means TOR works correctly:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
The GNU Operating System and the Free Software Movement
100 30855 0 30855 0 0 16805 0 --:--:-- 0:00:01 --:--:-- 16814
Run the commands below
gnurl --proxy socks5h://localhost:9050 https://check.torproject.org --cacert /gnu/store/dy3xh053ahkhrp2jamggq8cpsyvp8mg0-python-3.10.7/lib/python3.10/site-packages/pip/_vendor/certifi/cacert.pem | grep 'Congratulations'
The result show it below means TOR works correctly:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5028 0 5028 Congratulations. This browser is configured to use Tor.
0 Congratulations. This browser is configured to use Tor.
0 2420 0 --:--:-- 0:00:02 --:--:-- 2420
-------------------------------------------------------------------------------
4 Register libera chat account
Nickname Registration
Follow the instructions in the URL https://libera.chat/guides/registration
-------------------------------------------------------------------------------
5 Create a self-signed certificate
Locate on your home directory.
Example: cd /home/user/
Execute the command show it below:
Example:
openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1096 -nodes -out libera.crt -keyout libera.key
Getting your fingerprint
Example:
openssl x509 -in libera.crt -noout -fingerprint -sha512 | awk -F= '{gsub(":",""); print tolower ($2)}'
Save your fingerprint
5.1 Test your certificate
5.1.1 Emacs setting
Locate on .emacs.d/ directory.
Example: cd /home/user/.emacs.d/
Create your init.el configuration file.
Example: nano init.el
To add the source code show it below into your init.el:
(setopt erc-sasl-mechanism 'external)
(erc-tls :server "irc.libera.chat" :port 6697 :nick "nick-name"
:client-certificate
'("/home/user/libera.key" "/home/user/libera.crt"))
Save and exit from nano.
Run emacs-29.0.90 --debug-init
If all work correctly a new buffer will add with IRC connection that means your
certificate is correctly.
-------------------------------------------------------------------------------
6 Add your fingerprint to NickServ
Example: /msg NickServ CERT ADD your-fingerprint
-------------------------------------------------------------------------------
7 Emacs ERC over TOR
7.1 Emacs setting
Update your init.el configuration file.
Example: nano init.el
Remove your previous init.el configuration file.
To add the source code show it below into your init.el
(require 'socks)
(require 'sasl)
(require 'erc)
(require 'gnutls)
(defun erc-tor ()
(interactive)
(let* ((socks-password "")
(socks-server '("tor" "localhost" 9050 5))
(erc-modules (cons 'sasl erc-modules))
(erc-sasl-mechanism 'external)
(erc-server-connect-function #'erc-tor-service))
(erc-open
"libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion"
6697
"nick-name"
"full-name"
'connect nil nil nil nil
(list "/home/user/libera.key" "/home/user/libera.crt") "libera-chat-account")))
(defun erc-tor-service (name buffer host service &rest parameters)
"Connect to ERC via SOCKS proxy with client cert."
(print "Begining erc-tor-service")
(let* ((proc (socks-open-network-stream name buffer host service))
(cert-info (plist-get parameters :client-certificate)))
;; This automatically sets :type 'gnutls-x509pki
(gnutls-negotiate :process proc
:hostname host
:keylist (list cert-info))))
(custom-set-variables
'(erc-modules
'(autojoin button completion fill irccontrols list match menu move-to-prompt netsplit networks noncommands readonly ring sasl stamp track)))
(custom-set-faces)
Save and exit from nano.
Run emacs-29.0.90 --debug-init
If all work correctly a new buffer will add with IRC connection that means your
ERC over TOR is correctly configure.
-------------------------------------------------------------------------------
8 Cloaks
Read the URL https://libera.chat/guides/cloaks
-------------------------------------------------------------------------------
9 Appendix
9.A Reference
ERC manual
Elisp manual
Emacs manual
9.B The GNU Free Documentation License
https://www.gnu.org/licenses/fdl-1.3.txt