powered by Jive Software

Audit Policy: View Encrypted Messages

We have enabled “Message Auditing”. We also have our Jabber client (Adium) setup to “encrypt chats automatically”. When we open the “jive.audit-yyyymmdd.log” file (using the Microsoft “Office XML Handler”) we can see the encrypted messages (data payload).

Is there a (audit reader) tool that would allow us to view chat transcripts? We would like the ability to provide two user account ID’s (as input) & output the correspondence between the two individuals. We also need the ability to decrypt the (encrypted) messages.

At the very least, is there an easy way to decrypt the messages; using the (audit) log files, stored in /opt/openfire/logs/?

Not familiar with Adium, but it seems it uses some client-to-client encryption like OTR (or OMEMO maybe). So Openfire can only store encrypted messages as that what is going through Openfire. It can’t look inside or decrypt them. You can probably decrypt messages manually one by one by taking a private key from every client (which at least in Spark’s case with OTR is shown in the settings of a client). But then you need to know which key to use for which message in the log. I don’t see an easy way to do this other than somehow disabling that client-to-client encryption or changing the client.

OTR and OMEMO both provide forward secrecy, so you wont be able to decrypt them afterwards, even if you got your hands on the private identity keys.

1 Like