Fully end to end encrypted anonymous chat program. Server only stores public key lookup for users and the encrypted messages. No credentials are transfered to the server, but kept in local browser storage. This allows 100% safe chatting. https://safechat.ch
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

287 lines
11 KiB

/*! @file
@id $Id$
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
10 years ago
/** @mainpage SafeChat
SafeChat runs on: https://safechat.ch
10 years ago
SafeChat is a chat program designed to protect your privacy. It's
open, cool, easy, open source and free.
10 years ago
See @ref features for more goodies, and @ref why for a rationale.
10 years ago
Implementation Details, see @ref security, @ref api, @ref
protocol, @ref database, @ref design */
/** @page features Features and Benefits
Best features of SafeChat:
10 years ago
-# extremely easy to use
-# zero installation
-# simple registration, within seconds
-# web 2.0 - works in any modern browser
-# user does not have to care about keys, security, encryption
-# Android App available (later also for other phones)
10 years ago
-# all cool features
-# full privacy:
-# pseudonym accounts, no phone number, no email, no private data required
-# still allows to identify yourself to your chat partners
-# all private data is stored on your computer
-# you decide who may see what
-# safechat.ch knows nothing about you
-# send images, videos and any other file attachments
-# make fotos on the handy and send them directly
10 years ago
-# build groups
-# no need to be online, receive messages on next login
-# or, when online, open a direct 1:1 connection line
-# direct audio and video chat
-# distributed user directory
-# chat to mail, mail to chat gateways
-# send chat invitation links to friends
10 years ago
-# absolutely secure
-# tap-proof
-# server can be untrusted
-# thin server, rich client
-# all encryption is done in the client
-# server only stores minimal data
10 years ago
-# no access to plain data, not even through server confiscation
-# double secured internet transport
-# messages are encrypted for the recipients only
10 years ago
-# server connection is SSL secured in addition
-# private data fully in the user's hand
-# password is stored in the user's brain only
-# private key is password encrypted
-# private key is stored in the user's local machine only
-# two factor security, access needs two tokens
-# the password in the user's brain
-# the private key in the user's browser storage
10 years ago
-# fully open source
-# security concept and implementatino can be reviewed */
10 years ago
/** @page why Why I Created SafeChat
10 years ago
The Swiss parliament has decided to increase the power of police
(BÜPF: Bundesgesetz zur Überwachung des Post- und
Fernmeldeverkehrs) and secret service (NDG:
Nachrichtendienstgesetz). This increases global enforced data
preservation without any suspicion. This even allows the police to
run a trojan in computers of suspicious persons.
10 years ago
That was the point, when I started to think about secure
communication that defeats these attacks against our
privacy. Noone should be able to read what's not for his eyes,
even if he controls the server. There should be no metadata,
i.e. no one should know, who is communicating to each other.
There are secure means of communication, i.e. Jabber/OTR and
PGP-Mail (but with unprotected metadata). But these are too
complicated for the avarage user. He has to take care about keys
and their distribution. In some chat programs, there is no offline
message store, so you can only send a message, if the receiver is
online. Some chat programs require to identify you, they ask your
phone number and some even steal your address book
(i.e. WhatsApp). Not here! Use any pseudonym. No special knowledge
needed. User is guided as much as possible, the interface is as
simple as possible. Data is only collected, if it is necessary.
So I present the safe chat program for dummies */
10 years ago
/** @page design Design
8 years ago
Safechat is designed to provide a safe chat program for
dummies. Everything is simple to use, everything is strong
enrcrypted, everything is open source. You can chat and you can
write encrypted e-mails from the same address. The GUI shall be
minimal and straight forward.
8 years ago
8 years ago
@section overview System Overview
@startuml{overview.png}
"user"
"user" as otheruser
8 years ago
[secret password]
[secret password] as otherpassword
user -up- [secret password]
otheruser -up- [otherpassword]
node "browser" {
folder "ecrypted local storage" {
8 years ago
[public key]
[private key]
8 years ago
[username]
[chat history]
}
}
node "browser" as otherbrowser {
folder "encrypted local storage" as otherstorage {
8 years ago
[public key] as otherpubkey
[private key] as otherprivkey
[username] as otherusername
[chat history] as otherhistory
}
}
cloud "internet" {
() WebRTC
node "safechat.ch" as safechatch {
() HTTPS
() WebSocket
[safechat]
folder "mailservice" {
[roundcube] -down- [DoveCot]
[DoveCot] -down- [postfix]
}
database "sql" {
}
[safechat] -up- HTTPS
[safechat] -up- WebSocket
[roundcube] -up- HTTPS
[safechat] -down- sql
}
node "safechat.biz" as safechatbiz {
() HTTPS as HTTPS2
() WebSocket as WebSocket2
[safechat] as safechat2
folder "mailservice" as mailservice2 {
[roundcube] as roundcube2
[DoveCot] as DoveCot2
[postfix] as postfix2
[roundcube2] -down- [DoveCot2]
[DoveCot2] -down- [postfix2]
}
database "sql" as sql2 {
}
[safechat2] -up- HTTPS2
[safechat2] -up- WebSocket2
[roundcube2] -up- HTTPS2
[safechat2] -down- sql2
}
node "keyserver" {
database "keys" {
folder "users / keys" {
}
}
}
8 years ago
}
safechatch --right-- safechatbiz
browser --down-- HTTPS
otherbrowser --down-- HTTPS2
browser --down-- WebSocket
otherbrowser --down-- WebSocket2
browser --down-- WebRTC
otherbrowser --down-- WebRTC
user -- browser
otheruser - otherbrowser
8 years ago
@enduml
@section registration Registration of New User
8 years ago
@msc
user, browser, "safechat.ch", keyserver;
|||;
8 years ago
--- [label="load homepage"];
user => browser [label="load https://safechat.ch"];
browser => "safechat.ch" [label="GET /"];
"safechat.ch" >> browser [label="index.html"];
browser => "safechat.ch" [label="GET /safechat.js"];
"safechat.ch" >> browser [label="safechat.js"];
...;
browser -> browser [label="run safechat.js"];
--- [label="Create Account"];
browser => user [label="show create account"];
user >> browser [label="username, password"];
browser -> browser [label="create openpgp key pair"];
browser -> browser [label="locally store encrypted keys"];
browser -> keyserver [label="upload(pubkey)"];
8 years ago
browser -> browser [label="msg=encrypt(datetime)"];
browser -> "safechat.ch" [label="logon(username, pubkey, msg)"];
"safechat.ch" -> "safechat.ch" [label="datetime=decrypt(msg)"];
"safechat.ch" -> "safechat.ch" [label="verify datetime"];
"safechat.ch" -> keyserver [label="lookup(username)"];
8 years ago
"safechat.ch" -> browser [label="logon success"];
browser -> user [label="ready to chat"];
@endmsc */
8 years ago
/** @page security Password and Secrets Concept
<a href="https://www.eff.org/de/node/82654">SafeChat provides</a>:
- Encrypted in transit ✓
- Encrypted so the provider can't read it ✓
- You can verify contacts' identities ✓
- Past communications are secure if your key is stolen ✓
- Code is open to independent review ✓
- Security design is properly documented ✓
- Audit not yet done, we invite you to audit our code ✗
Neither the password nor the private key are sent to the
server. They remain under the user's control and in the user's
property. Only the user name and the public key are sent to the
server.
- The password is only kept in the browser's transient memory.
- The private key is kept in encrypted form in the browser's
persistent local storage.
- The public key is stored on server, so that other users can
lookup for a user's public key.
There are two secret security tokens: The password, that is in the
user's mind and the private key, which is in the user's device, in
the local storage of his browser. Messages can only be sent or
read with access to both security tokens. */
/** @page protocol SafeChat Protocol
10 years ago
@tableofcontents
@section newuser Create New User
If no credentials exist in the browser's local storage, the
browser asks the user for a user name and a password and creates a
private key that is encrypted with the password.
In the login(), the browser sends the user's name and public key
to the server. The server creates a new user, if the user does not
exist yet. Then the server returns, whether user name and public
key match to what he has in his table.
@msc
user, browser, server;
user -> browser [label="https://safechat.ch"];
browser -> server [label="index.html"];
browser <- server [label="safechat.js",URL="\ref safechat.js"];
user <- browser [label="register new user"];
user -> browser [label="username / password"];
browser -> browser [label="create openpgp-public/private keys"];
browser -> server [label="login.php(username, public-key)"];
server -> server [label="if user name does not exist:\nstore username/public-key"];
server -> browser [label="success"];
@endmsc */
/** @page api API Calls
Different users can be on different servers. Servers are connected
through @ref serverapi. The client browser first loads the
index.html file with HTTPS from server, which loads the javascript
code. From then on, everything happens through JSON over
WebSockets using @ref clientapi.
There are several APIs provided by safechat:
- @ref clientapi
- @ref serverapi
- Webmail with Roundcube
- SMTP using e.g. postfix
- IMAP using e.g. DoveCot */
/** @page clientapi Client - Server API Calls
@tableofcontents */
/** @page serverapi Server - Server API Calls
@tableofcontents */