forked from cwtch.im/docs.cwtch.im
better layout
This commit is contained in:
parent
8e34f8f5a6
commit
6745833768
|
@ -2,4 +2,22 @@
|
||||||
sidebar_position: 1
|
sidebar_position: 1
|
||||||
---
|
---
|
||||||
|
|
||||||
# An Introduction to Cwtch P2P Chat
|
# An Introduction to Cwtch P2P Chat
|
||||||
|
|
||||||
|
Cwtch uses Tor v3 Onion Services to establish anonymous, peer-to-peer connections between Profiles.
|
||||||
|
|
||||||
|
## How P2P Chat Works Under the Hood
|
||||||
|
|
||||||
|
In order to chat with your friends in a peer-to-peer conversation both must be online.
|
||||||
|
|
||||||
|
After a successful connection both parties engage in an **authentication protocol** which:
|
||||||
|
|
||||||
|
* Asserts that each party has access to the private key associated with their public identity.
|
||||||
|
* Generates an ephemeral session key used to encrypt all further communication during the session.
|
||||||
|
|
||||||
|
This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable*
|
||||||
|
i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the
|
||||||
|
fact - it is impossible to definitely prove that the exchange happened at all.
|
||||||
|
|
||||||
|
One the authentication process is successful then both you and your friend can communicate away assured that no one else
|
||||||
|
can learn anything about the contents or the metadata if your conversation.
|
||||||
|
|
|
@ -4,9 +4,15 @@ sidebar_position: 1
|
||||||
|
|
||||||
# An Introduction to Cwtch Groups
|
# An Introduction to Cwtch Groups
|
||||||
|
|
||||||
|
**Note: Metadata Resistant Group Communication is still an active research area and what is documented here
|
||||||
|
will likely change in the future.**
|
||||||
|
|
||||||
By default, Cwtch only supports peer-to-peer, online, chat. In order to support multi-party conversations, and offline
|
By default, Cwtch only supports peer-to-peer, online, chat. In order to support multi-party conversations, and offline
|
||||||
delivery, an (untrusted) third-party is required. We call these entities ["servers"](/docs/servers)
|
delivery, an (untrusted) third-party is required. We call these entities ["servers"](/docs/servers)
|
||||||
|
|
||||||
|
These servers can be set up by anyone and are intended to be always online. Most importantly, all communication with a
|
||||||
|
server is designed such that the server learns as little information as possible about the contents or metadata.
|
||||||
|
|
||||||
In many respects communication with a server is identical to communication with a regular Cwtch peer,
|
In many respects communication with a server is identical to communication with a regular Cwtch peer,
|
||||||
all the same steps are taken however the server always acts as the inbound peer, and the outbound
|
all the same steps are taken however the server always acts as the inbound peer, and the outbound
|
||||||
peer always uses newly generated **ephemeral keypair** - so that each server session is disconnected.
|
peer always uses newly generated **ephemeral keypair** - so that each server session is disconnected.
|
||||||
|
@ -14,6 +20,10 @@ peer always uses newly generated **ephemeral keypair** - so that each server ses
|
||||||
As such, peer-server conversations only differ in the *kinds* of messages that are sent between the two parties,
|
As such, peer-server conversations only differ in the *kinds* of messages that are sent between the two parties,
|
||||||
with the server storing all messages that it receives and thus allowing any client to query for older messages.
|
with the server storing all messages that it receives and thus allowing any client to query for older messages.
|
||||||
|
|
||||||
|
The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently
|
||||||
|
require people who want to use servers within cwtch to [opt-in to the Group Chat experiment](/docs/groups/enable-experiment)
|
||||||
|
in order to add, manage and create groups on untrusted servers.
|
||||||
|
|
||||||
## How Groups Work Under the Hood
|
## How Groups Work Under the Hood
|
||||||
|
|
||||||
When a person wants to start a group conversation they first randomly generate a secret `Group Key`. All group communication will be encrypted using this key.
|
When a person wants to start a group conversation they first randomly generate a secret `Group Key`. All group communication will be encrypted using this key.
|
||||||
|
|
|
@ -16,48 +16,9 @@ Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a sa
|
||||||
For a more in depth look at the security, privacy and underlying encryption technology used in Cwtch, please
|
For a more in depth look at the security, privacy and underlying encryption technology used in Cwtch, please
|
||||||
consult our [Security Handbook](https://docs.openprivacy.ca/cwtch-security-handbook/)
|
consult our [Security Handbook](https://docs.openprivacy.ca/cwtch-security-handbook/)
|
||||||
|
|
||||||
## Identity, or What exactly is a Cwtch Profile?
|
# Getting Started
|
||||||
|
|
||||||
With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with
|
|
||||||
the Tor Network.
|
|
||||||
|
|
||||||
This is the identifier that you can give out to people and that they can use to contact you via Cwtch
|
|
||||||
|
|
||||||
** See also: [Create a profile](/docs/profiles/create-a-profile)**
|
|
||||||
|
|
||||||
## Peer to Peer, 2-party Conversions
|
|
||||||
|
|
||||||
![](/img/BASE_3.png)
|
|
||||||
|
|
||||||
In order to chat with your friends in a peer-to-peer conversation both must be online.
|
|
||||||
|
|
||||||
After a successful connection both parties engage in an **authentication protocol** which:
|
|
||||||
|
|
||||||
* Asserts that each party has access to the private key associated with their public identity.
|
|
||||||
* Generates an ephemeral session key used to encrypt all further communication during the session.
|
|
||||||
|
|
||||||
This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable*
|
|
||||||
i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the
|
|
||||||
fact - it is impossible to definitely prove that the exchange happened at all.
|
|
||||||
|
|
||||||
One the authentication process is successful then both you and your friend can communicate away assured that no one else
|
|
||||||
can learn anything about the contents or the metadata if your conversation.
|
|
||||||
|
|
||||||
## Offline Delivery via Untrusted Routing Servers, and Group Conversations
|
|
||||||
|
|
||||||
**Note: Metadata Resistant Group Communication is still an active research area and what is documented here
|
|
||||||
will likely change in the future.**
|
|
||||||
|
|
||||||
In order to get around the limitation of being always-online, Cwtch has built in support for hosting
|
|
||||||
conversations on **Untrusted Servers**.
|
|
||||||
|
|
||||||
These servers can be set up by anyone and are intended to be always online. Most importantly, all communication with a
|
|
||||||
server is designed such that the server learns as little information as possible about the contents or metadata.
|
|
||||||
|
|
||||||
The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently
|
|
||||||
require people who want to use servers within cwtch to [opt-in to the Group Chat experiment](/docs/groups/enable-experiment)
|
|
||||||
in order to add, manage and create groups on untrusted servers.
|
|
||||||
|
|
||||||
|
You can download the latest version of Cwtch from [https://cwtch.im/download/](https://cwtch.im/download/)
|
||||||
|
|
||||||
### Install
|
### Install
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,9 @@
|
||||||
sidebar_position: 1
|
sidebar_position: 1
|
||||||
---
|
---
|
||||||
|
|
||||||
# An Introduction to Cwtch Profiles
|
# An Introduction to Cwtch Profiles
|
||||||
|
|
||||||
|
With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with
|
||||||
|
the Tor Network.
|
||||||
|
|
||||||
|
This is the identifier that you can give out to people and that they can use to contact you via Cwtch.
|
Loading…
Reference in New Issue