what is sdchat
SDChat stands for Secure and Decentralized Chat. SDChat is both a protocol and a stack of portable libraries and programs that implement the protocol.
The purpose is to create networks using GPG and RSA for secure chatting (which
doesn't mean anonymously).
Anonymity can be achieved using proxies, Tor and secure networks.
The protocol is based on public key exchange (currently only GPG) and signed data to verify the provenience of messages.
The network is based on nodes connected each other. Each node filters or drops data coming from unknown sources, i.e. from unknown/untrusted public keys.
The base of the protocol is for chat, but it's been designed to be extensible with other protocols.
This first release has been written using the Python
Beware that latest gstreamer releases broke audio and video plugins.
Important: some bugs were found in this release that make gpg keys without email unusable and file transfer broken. Please apply this patch if you mind using these features:
cd /path/to/sdchat-0py patch -p1 < post-release-fixes.patch
Required for sdchat library and ciambela routing server:
Required for glasine:
Optional for glasine plugins:
- Collaboration editor: GtkSourceView 2 and python bindings
- Audio & Video (currently broken): GStreamer and plugins and Python GStreamer and HAL for detecting audio card
- Notifications: libnotify and notify-python
- Spell check: libsexy and sexy-python
SDChat is supposed to work also on Microsoft Windows (at least on XP).
Glasine is a GTK+ frontend to the sdchat library.
Before running glasine there are a few things you must know:
→ You must have at least one secret key in your default gpg
If you have multiple secret keys, Glasine will use the first one by default.
→ SDChat is decentralized. Therefore you must know the address of another
peer address to connect to. If you have a friend that started glasine and you
have his gpg public key you can connect to his host and chat with him.
Glasine will show only contacts whose gpg public key is present in your keyring.
→ Opening Glasine will automatically start a server on your host, listening to all interfaces on the 11111 port by default. This is because P2P is also about serving.
Now you can type ./run.sh on Unix to start glasine.
Ciambela is a server designed for routing packets in an
sdchat network. It has no GPG or RSA identity.
Ciambela can link to other nodes in the network. Usually the link only works for other servers that do routing.
You can think of ciambela like a centralized server where more nodes can connect to. There's no guarantee that connected nodes are trusted or not. Ciambela works at link level while normal chat clients like Glasine work at avatar level (like routers and applications respectively in a TCP/IP network).
Type ./runciambela.sh to start ciambela on Unix. Please read ciambela.conf for a possible configuration.
Why another protocol... There're various protocols that support encryption, audio and video, rooms, etc.. But they all get at least one of these problems:
- No support for either encryption or audio and video or file transfer or ...
- Many ports to NAT, either TCP or UDP
- They are not IMs
- The protocol is uselessly complex
Therefore the need to create such a protocol.
how it works
GPG is used as a kind of universal accounting and authentication system for all sdchat networks, while RSA is used after the GPG handshake to transfer data between two peers.
SDChat identifies nodes and avatars. A node is a direct connection to a peer, an avatar is a gpg-capable peer.
Each avatar has a unique RSA public key and each session between two avatars is
made up of an RSA keypair. That is, transmission between two avatars use
Public session keys and unique keys are exchanged during the GPG handshake, which consist of identifying and validating the GPG keyid of each other.
Public unique keys are used for signing session data. Session keys are used
to actually encrypt the useful part of the transmission.
This is because a peer can receive a packet from an unknown source. It's impossible to actually know the session key prior to know the source.
When one node connects to a network, the node will announce all of its known avatars, and the other node of the other network will do the same. This way, in one pass every avatar know each other (if they want to).
You may have noticed that you need only one TCP port for everything, even
audio and video. SDChat is being designed to only use one port (one NAT for
all) to avoid network filtering problems. There're plenty of multimedia
applications that use other ports (more NATs) for speed matters. At all we
only care about security and simplicity.
For this to work it's necessary to multiplex data and to slow down streaming processes in order to ensure other less consuming protocols like chat, collaboration editing, etc. work also when file tansfer and video are used.
Also we can't use UDP because it's not reliable while security needs reliability.
We remind you the objective is to create a secure chatting network. If you were looking for a file sharing program, drop the idea to use SDChat. File transfer in SDChat is useful for small files, in the order of 1-10Mb. A secure file transfer to support secure discussions.
SDChat protocol is easy and human readable and it's been designed to be
extensible with new sub protocols.
Actually the only identification system is GPG. It's not currently planned to use other systems, but suggestions are welcome.
The documentation is out-of-date and may not reflect the latest implementation in
some cases. It will be updated in the next release of sdchat.
Read the RFC of the protocol.
Git repository browse,
instructions and tarball exports.
Mail us for any doubt or suggestion.