I created a bit of a tutorial to help QubesOS users connect to the Libera IRC server over Tor while
using Whonix:
The general guide is here → Connecting to Libera.Chat | Libera Chat
but I found you need to take further steps to actually get connected successfully.
CONNECTING TO LIBERA.CHAT OVER TOR (WHONIX GUIDE)
→ Have a hexchat client which connects via both a tor proxy and without tor proxy
→ Register a nickname and have it linked to an email; this can be done using https://web.libera.chat ; click on the activation link in the email to complete the nickname registration.
→ log into irc.libera.chat (using non-torrified client) using TLS and identify with the registered nickname
→ generate a certificate for the tor-based client and put it in the correct hexchat directory (~/.config/hexchat/certs)
- the ‘certs’ directory must be created and cannot be anything other than ‘certs’ (e.g. ‘cert’ will not work)
openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1096 -nodes -out libera.pem -keyout libera.pem
→ You need to change the cert name of ‘libera.pem’ to ‘client.pem’ as stated in the Libera guide
→ get a fingerprint from the certificate in the certs directory
openssl x509 -in libera.pem -noout -fingerprint -sha512 | awk -F= '{gsub(":",""); print tolower ($2)}'
→ add the certificate fingerprint to the nickname on the non-torrified client while connected to the Libera IRC server
/msg NickServ CERT ADD fingerprinthere
→ Choose login method SASL EXTERNAL (cert)
→ Toriffied IRC server is palladium.libera.chat
→ Proxy settings → proxy server hostname → sys-whonix ip address ; port 9050 ; SOCKS5
→ torrc config file edit needs to be the sys-whonix torrc file as this is what the whonix workstation will ultimately use to connect to Tor and will resolve the .onion address
→ check ‘use SSL for all the servers on the network’
→ check ‘use global user information’