intro notes #1
|
@ -2,12 +2,64 @@
|
|||
sidebar_position: 1
|
||||
---
|
||||
|
||||
# Cwtch Intro
|
||||
# What is Cwtch?
|
||||
|
||||
Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app.
|
||||
|
||||
* **Decentralized and Open**: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.
|
||||
* **Privacy Preserving**: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.
|
||||
* **Metadata Resistant**: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.
|
||||
|
||||
|
||||
|
||||
** See also: [Create a profile](/docs/profiles/create-a-profile)**
|
||||
|
||||
# Security, Encryption and Safety
|
||||
|
||||
## Identity, or What exactly is a Cwtch Profile?
|
||||
|
||||
With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with
|
||||
the Tor Network.
|
||||
|
||||
This is the identifier that you can give out to people and that they can use to contact you via Cwtch
|
||||
|
||||
## Peer to Peer, 2-party Conversions
|
||||
|
||||
![](/img/BASE_3.png)
|
||||
|
||||
In order to chat with your friends in a peer-to-peer conversation both must be online.
|
||||
|
||||
After a successful connection both parties engage in an **authentication protocol** which:
|
||||
|
||||
* Asserts that each party has access to the private key associated with their public identity.
|
||||
* Generates an ephemeral session key used to encrypt all further communication during the session.
|
||||
|
||||
This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable*
|
||||
i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the
|
||||
fact - it is impossible to definitely prove that the exchange happened at all.
|
||||
|
||||
One the authentication process is successful then both you and your friend can communicate away assured that no one else
|
||||
can learn anything about the contents or the metadata if your conversation.
|
||||
|
||||
## Offline Delivery via Untrusted Routing Servers, and Group Conversations
|
||||
|
||||
**Note: Metadata Resistant Group Communication is still an active research area and what is documented here
|
||||
will likely change in the future.**
|
||||
|
||||
**TODO: Expand**
|
||||
|
||||
In many respects communication with a server is identical to communication with a regular Cwtch peer,
|
||||
all the authentication and encryption steps above are taken however the server always acts as the inbound peer, and the outbound
|
||||
peer always uses newly generated **ephemeral keypair** as their "longterm identity".
|
||||
|
||||
As such, peer-server conversations only differ in the *kinds* of messages that are sent between the two parties,
|
||||
with the server relaying all messages that it receives and also allowing any client to query for older messages.
|
||||
|
||||
Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messenging app.
|
||||
|
||||
## Getting Started
|
||||
|
||||
|
||||
|
||||
### Install
|
||||
|
||||
Install on OS of choice:
|
||||
|
@ -16,8 +68,3 @@ Install on OS of choice:
|
|||
- Android
|
||||
- MacOS
|
||||
- Linux
|
||||
|
||||
### Use
|
||||
|
||||
**[Create a profile](/docs/profiles/create-a-profile)**
|
||||
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 38 KiB |
Loading…
Reference in New Issue