[[TOC(noheading, depth=4)]]
'''Written:''' 2018-06-05 (Jaruga)
= Torifying Irssi =

Irssi is a free and open-source Internet Relay Chat client originally released in 1999.
It is intended to be lightweight, and offers fine-grained control over security and
extensions. Irssi is primarily for *NIX based operating systems (GNU/Linux, BSD, MacOS), though it is also available for use on Windows.

Official site: https://irssi.org

=== Connection setup ===

Below we have generic instructions for torifying Irssi using torsocks (the recommended methodology) and adding servers as mapaddresses to your torrc file (for when torsocks is not available). This is followed up by additonal steps that can be performed to enhance the clients security.

=== Option 1: Using Torsocks ===
While these instructions show a {{{.onion}}} address as an example, they will also apply to clearnet-based servers.

1. Launch Irssi with Torsocks by issuing the command {{{torsocks irssi}}}

2. Add the server with the following commands:
{{{
/NETWORK ADD Server1
/SERVER ADD --network Server1 examplesite.onion 6667
}}}
 '''Note:''' {{{Server1}}} is generic, and can be changed to your preferences. 

3. Connect to the server with {{{/connect Server1}}}.


=== Option 2: Without Torsocks ===

If Torsocks is not available for you, it is also possible to add desired servers as a {{{mapaddress}}} to the {{{/etc/tor/torrc}}} file. This will allow you to connect to the local 10.10.x address directly, and Tor will translate it to the desired address.

1. Open up {{{/etc/tor/torrc}}} in your favourite text editor and add the following line:
{{{
mapaddress 10.10.10.10 examplesite.onion
}}}
 '''Note:''' The map address is generic, though it must be one not in use on your local network.

2. Launch Irssi by simply issuing the comand {{{irssi}}} 

3. Add your server preferences as done in the option 1 example. Note that the server name can be omitted with the 10.10.x address defined in your {{{torrc}}}.



=== Additional steps ===

==== (Recommended) Disable CTCP / DCC ====

1. Turn off CTCP and DCC replies with the following command in Irssi:
{{{
/ignore * CTCPS
/ignore * DCC
/save
}}}

==== (Optional) Enabling SASL ====
If you already have a registered account on the server and would like to authenticate using SASL, this can be done by issuing the following command in Irssi:
{{{
/NETWORK ADD -sasl_username yourname -sasl_password yourpassword -sasl_mechanism PLAIN Server1
}}}
==== (Optional) Generating a client certificate ====
Below are instructions on generating a client certificate and configuring Irssi to recognise it.

1. Generate a client certificate. From the terminal, issue the command:
{{{
$ openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes \
              -out Server1.pem -keyout Server1.pem
}}}
 '''Note:''' the {{{--days}}} option is the number of days before the certificate expires, and can also be changed depending on your needs.

 Once the generation is complete, you will see:
{{{
Common Name (e.g. server FQDN or YOUR name) []: user
}}}

 '''Note:''' The name is generic. Set this to your desired username on the server.

2. To make the directory where Irssi will find your certificates and to move your newly generated one there, issue the commands:
{{{
$ mkdir -p ~/.irssi/certs
$ mv Server1.pem ~/.irssi/certs/
}}}

3. Print and record the certs fingerprint:
{{{
$ openssl x509 -in ~/.irssi/certs/Server1.pem -outform der \
  | sha256sum -b | cut -d' ' -f1
}}}

4. Add the server information to your {{{~/.irssi/config}}} file:
{{{
servers = (
  ...
  {
    address = "10.10.10.10";
    chatnet = "Server1";
    port = "6697"; 
    use_tls = "yes";
    tls_cert = "~/.irssi/certs/Server1.pem";
    tls_verify = "no";
    autoconnect = "no";
  }
);

chatnets = {
  ...
  Server1 = {  
    type = "IRC";  
    max_kicks = "1";
    max_msgs = "4";
    max_whois = "1";
    sasl_mechanism = "external";
    sasl_username = "user";
    sasl_password = "p455w0rd";
  };
};

settings = {
  core = { real_name = "user"; user_name = "user"; nick = "user"; };
  ...
};
ignores = ( { level = "CTCPS"; } );
}}}

 Of course, modify it to your needs.

5. Launch Irssi. To configure it to recognise your newly generated certificate, issue the following commands:
{{{
/network add -sasl_username user -sasl_password p455w0rd -sasl_mechanism EXTERNAL Server1
/server add -ssl -ssl_cert ~/.irssi/certs/Server1.pem -net Server1 10.10.10.10 6697
}}}