Fully end to end encrypted anonymous chat program. Server only stores public key lookup for users and the encrypted messages. No credentials are transfered to the server, but kept in local browser storage. This allows 100% safe chatting.
https://safechat.ch
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
247 lines
9.0 KiB
247 lines
9.0 KiB
/*! @file |
|
|
|
@id $Id$ |
|
*/ |
|
// 1 2 3 4 5 6 7 8 |
|
// 45678901234567890123456789012345678901234567890123456789012345678901234567890 |
|
|
|
/** @mainpage SafeChat |
|
|
|
SafeChat runs on: |
|
https://safechat.ch |
|
|
|
SafeChat development is on: |
|
https://dev.marc.waeckerlin.org/redmine/projects/safechat |
|
|
|
Implementation Details: @ref security, @ref api, @ref protocol, |
|
@ref database |
|
|
|
SafeChat is a chat program designed to protect your privacy. It is |
|
designed to be: |
|
|
|
-# extremely easy to use |
|
-# zero installation |
|
-# simple registration, within seconds |
|
-# web 2.0 - works in any modern browser |
|
-# user does not have to care about keys, security, encryption |
|
-# all cool features |
|
-# pseudonym accounts, no phone number, no email,nothing required |
|
-# send images and other attachments |
|
-# build groups |
|
-# no need to be online, receive messages on next login |
|
-# central user directory |
|
-# absolutely secure |
|
-# tap-proof |
|
-# no metadata available |
|
-# all messages are sent to all users, only the authorized users can decrypt it |
|
-# server can be untrusted |
|
-# thin server, rich client |
|
-# all encryption is done in the client |
|
-# server only stores minimal user data (name, public key) and encrypted messages |
|
-# no access to plain data, not even through server confiscation |
|
-# double secured internet transport |
|
-# messages are encrypted for the recipents only |
|
-# server connection is SSL secured in addition |
|
-# private data fully in the user's hand |
|
-# password is stored in the user's brain only |
|
-# private key is password encrypted |
|
-# private key is stored in the user's local machine only |
|
-# two factor security, access needs two tokens |
|
-# the password in the user's brain |
|
-# the private key in the user's browser memory |
|
-# fully open source |
|
|
|
@section why Why I Created SafeChat |
|
|
|
The Swiss parliament has decided to increase the power of police |
|
(BÜPF: Bundesgesetz zur Überwachung des Post- und |
|
Fernmeldeverkehrs) and secret service (NDG: |
|
Nachrichtendienstgesetz). This increases global enforced data |
|
preservation without any suspicion. This even allows the police to |
|
run a trojan in computers of suspicious persons. |
|
|
|
That was the point, when I started to think about secure |
|
communication that defeats these attacks against our |
|
privacy. Noone should be able to read what's not for his eyes, |
|
even if he controls the server. There should be no metadata, |
|
i.e. no one should know, who is communicating to each other. |
|
|
|
There are secure means of communication, i.e. Jabber/OTR and |
|
PGP-Mail (but with unprotected metadata). But these are too |
|
complicated for the avarage user. He has to take care about keys |
|
and their distribution. In some chat programs, there is no offline |
|
message store, so you can only send a message, if the receiver is |
|
online. Some chat programs require to identify you, they ask your |
|
phone number and some even steal your address book |
|
(i.e. WhatsApp). Not here! Use any pseudonym. No special knowledge |
|
needed. User is guided as much as possible, the interface is as |
|
simple as possible. Data is only collected, if it is necessary. |
|
|
|
So I present here the safe chat program for dummies |
|
|
|
@page design Design |
|
|
|
Safechat is designed to provide a safe chat program for |
|
dummies. Everything is simple to use, everything is strong |
|
enrcrypted, everything is open source. You can chat and you can |
|
write encrypted e-mails from the same address. |
|
|
|
<a ahref="https://www.eff.org/de/node/82654">SafeChat provides</a>: |
|
- Encrypted in transit ✓ |
|
- Encrypted so the provider can't read it ✓ |
|
- You can verify contacts' identities ✓ |
|
- Past communications are secure if your key is stolen ✓ |
|
- Code is open to independent review ✓ |
|
- Security design is properly documented ✓ |
|
- Audit not yet done, we invite you to audit our code ✗ |
|
|
|
@section overview System Overview |
|
|
|
@startuml{overview.png} |
|
interface "user" |
|
interface "user" as otheruser |
|
[secret password] |
|
[secret password] as otherpassword |
|
user -up- [secret password] |
|
otheruser -up- [otherpassword] |
|
node "browser" { |
|
[engine] |
|
[openpgp.js] |
|
folder "local storage" { |
|
[public key] |
|
[private key] |
|
[username] |
|
[chat history] |
|
} |
|
} |
|
node "browser" as otherbrowser { |
|
[engine] as otherengine |
|
[openpgp.js] as otherpgp |
|
folder "local storage" as otherstorage { |
|
[public key] as otherpubkey |
|
[private key] as otherprivkey |
|
[username] as otherusername |
|
[chat history] as otherhistory |
|
} |
|
} |
|
node "safechat.ch" { |
|
[safechat] |
|
database "sql" { |
|
} |
|
} |
|
node "keyserver" { |
|
} |
|
cloud { |
|
[engine] -down- HTTP |
|
[otherengine] -down- HTTP |
|
[engine] -down- WebSocket |
|
[otherengine] -down- WebSocket |
|
HTTP - [safechat] |
|
WebSocket - [safechat] |
|
} |
|
user - engine |
|
otheruser - otherengine |
|
[engine] - WebRTC |
|
[otherengine] - WebRTC |
|
[engine] - keyserver |
|
[otherengine] - keyserver |
|
[safechat] - keyserver |
|
@enduml |
|
|
|
@section registration Registration of New User |
|
|
|
@msc |
|
|
|
user, browser, "safechat.ch", keyserver; |
|
|
|
|||; |
|
--- [label="load homepage"]; |
|
user => browser [label="load https://safechat.ch"]; |
|
browser => "safechat.ch" [label="GET /"]; |
|
"safechat.ch" >> browser [label="index.html"]; |
|
browser => "safechat.ch" [label="GET /safechat.js"]; |
|
"safechat.ch" >> browser [label="safechat.js"]; |
|
...; |
|
browser -> browser [label="run safechat.js"]; |
|
--- [label="Create Account"]; |
|
browser => user [label="show create account"]; |
|
user >> browser [label="username, password"]; |
|
browser -> browser [label="create openpgp key pair"]; |
|
browser -> browser [label="locally store encrypted keys"]; |
|
browser -> browser [label="msg=encrypt(datetime)"]; |
|
browser -> "safechat.ch" [label="logon(username, pubkey, msg)"]; |
|
"safechat.ch" -> "safechat.ch" [label="datetime=decrypt(msg)"]; |
|
"safechat.ch" -> "safechat.ch" [label="verify datetime"]; |
|
"safechat.ch" => keyserver [label="lookup(username)"]; |
|
keyserver >> "safechat.ch" [label="not found"]; |
|
"safechat.ch" -> keyserver [label="upload(pubkey)"]; |
|
"safechat.ch" -> browser [label="logon success"]; |
|
browser -> user [label="ready to chat"]; |
|
@endmsc |
|
|
|
@page security Password and Secrets Concept |
|
|
|
Neither the password nor the private key are sent to the |
|
server. They remain under the user's control and in the user's |
|
property. Only the user name and the public key are sent to the |
|
server. |
|
|
|
- The password is only kept in the browser's transient memory. |
|
- The private key is kept in encrypted form in the browser's |
|
persistent local storage. |
|
- The public key is stored on server, so that other users can |
|
lookup for a user's public key. |
|
|
|
There are two secret security tokens: The password, that is in the |
|
user's mind and the private key, which is in the user's device, in |
|
the local storage of his browser. Messages can only be sent or |
|
read with access to both security tokens. |
|
|
|
@page protocol SafeChat Protocol |
|
|
|
@tableofcontents |
|
|
|
@section newuser Create New User |
|
|
|
If no credentials exist in the browser's local storage, the |
|
browser asks the user for a user name and a password and creates a |
|
private key that is encrypted with the password. |
|
|
|
In the login(), the browser sends the user's name and public key |
|
to the server. The server creates a new user, if the user does not |
|
exist yet. Then the server returns, whether user name and public |
|
key match to what he has in his table. |
|
|
|
@msc |
|
user, browser, server; |
|
user -> browser [label="https://safechat.ch"]; |
|
browser -> server [label="index.html"]; |
|
browser <- server [label="safechat.js",URL="\ref safechat.js"]; |
|
user <- browser [label="register new user"]; |
|
user -> browser [label="username / password"]; |
|
browser -> browser [label="create openpgp-public/private keys"]; |
|
browser -> server [label="login.php(username, public-key)"]; |
|
server -> server [label="if user name does not exist:\nstore username/public-key"]; |
|
server -> browser [label="success"]; |
|
@endmsc |
|
|
|
*/ |
|
|
|
/** @page api Server API Calls |
|
|
|
@tableofcontents |
|
|
|
List of server REST API calls. SafeChat server implement s REST |
|
API, so that all API calls are in the following form, where |
|
parameters and values are url encoded: |
|
|
|
@code |
|
https://safechat.ch/api-call.php?param1=value1¶m2=value2[...] |
|
@endcode |
|
|
|
So for method get() a valid call could be: |
|
@code |
|
https://safechat.ch/get.php?start=100 |
|
@endcode |
|
|
|
*/
|
|
|