cwtch.im
/
docs.cwtch.im
4
0
Fork 3
Code Issues 2 Pull Requests Projects Releases Wiki Activity

sketch of group intro

This commit is contained in:
Sarah Jamie Lewis 2022-05-31 14:08:02 -07:00
parent 5f77ab5223
commit beb861a6b8
1 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
docs/groups/introduction.md
View File

@ -2,4 +2,34 @@
sidebar_position: 1
---
# What are Cwtch Groups?
# An Introduction to Cwtch Groups
By default, Cwtch only supports peer-to-peer, online, chat. In order to support multi-party conversations, and offline
delivery, an (untrusted) third-party is required. We call these entities ["servers"](/docs/servers)
In many respects communication with a server is identical to communication with a regular Cwtch peer,
all the same steps are taken however the server always acts as the inbound peer, and the outbound
peer always uses newly generated **ephemeral keypair** - so that each server session is disconnected.
As such, peer-server conversations only differ in the *kinds* of messages that are sent between the two parties,
with the server storing all messages that it receives and thus allowing any client to query for older messages.
## How Groups Work Under the Hood
When a person wants to start a group conversation they first randomly generate a secret `Group Key`. All group communication will be encrypted using this key.
Along with the `Group Key`, the group creator also decides on a **Cwtch Server** to use as the host of the group.
For more information on how Servers authenticate themselves see [key bundles](https://docs.openprivacy.ca/cwtch-security-handbook/key_bundles.html).
A `Group Identifier` is generated using the group key and the group server and these three elements are packaged up
into an invite that can be sent to potential group members (e.g. over existing peer-to-peer connections).
To send a message to the group, a profile connects to the server hosting the group (see below), and encrypts
their message using the `Group Key` and generates a cryptographic signature over the `Group Id`, `Group Server`
and the decrypted message (see: [wire formats](https://docs.openprivacy.ca/cwtch-security-handbook/message_formats.html) for more information).
To receive message from the group, a profile connected to the server hosting the group and downloads *all* messages (since
their previous connection). Profiles then attempt to decrypt each message using the `Group Key` and if successful attempt
to verify the signature (see [Cwtch Servers](https://docs.openprivacy.ca/cwtch-security-handbook/server.html) [Cwtch Groups](https://docs.openprivacy.ca/cwtch-security-handbook/groups.html) for an overview of attacks and mitigations).