sdchat

what is sdchat

SDChat stands for Secure and Decentralized Chat. SDChat is both a protocol and a stack of portable libraries and programs that implement the protocol.

The purpose is to create networks using GPG and RSA for secure chatting (which doesn't mean anonymously).
Anonymity can be achieved using proxies, Tor and secure networks.

Security

The protocol is based on public key exchange (currently only GPG) and signed data to verify the provenience of messages.

Decentralized

The network is based on nodes connected each other. Each node filters or drops data coming from unknown sources, i.e. from unknown/untrusted public keys.

Chat

The base of the protocol is for chat, but it's been designed to be extensible with other protocols.

download

This first release has been written using the Python language.
Beware that latest gstreamer releases broke audio and video plugins.

→ version 0py, 17 Feb 2010 - screenshots
  sdchat-0py.tar.gz
  sdchat-0py.tar.gz.md5sum

Important: some bugs were found in this release that make gpg keys without email unusable and file transfer broken. Please apply this patch if you mind using these features:

cd /path/to/sdchat-0py
patch -p1 < post-release-fixes.patch

system requirements

Required for sdchat library and ciambela routing server:

Required for glasine:

Optional for glasine plugins:

SDChat is supposed to work also on Microsoft Windows (at least on XP).

getting started

Glasine is a GTK+ frontend to the sdchat library.

Before running glasine there are a few things you must know:

→ You must have at least one secret key in your default gpg keyring.
If you have multiple secret keys, Glasine will use the first one by default.

→ SDChat is decentralized. Therefore you must know the address of another peer address to connect to. If you have a friend that started glasine and you have his gpg public key you can connect to his host and chat with him.
Glasine will show only contacts whose gpg public key is present in your keyring.

→ Opening Glasine will automatically start a server on your host, listening to all interfaces on the 11111 port by default. This is because P2P is also about serving.

Now you can type ./run.sh on Unix to start glasine.

ciambela router

Ciambela is a server designed for routing packets in an sdchat network. It has no GPG or RSA identity.
Ciambela can link to other nodes in the network. Usually the link only works for other servers that do routing.

You can think of ciambela like a centralized server where more nodes can connect to. There's no guarantee that connected nodes are trusted or not. Ciambela works at link level while normal chat clients like Glasine work at avatar level (like routers and applications respectively in a TCP/IP network).

Type ./runciambela.sh to start ciambela on Unix. Please read ciambela.conf for a possible configuration.

why sdchat

Why another protocol... There're various protocols that support encryption, audio and video, rooms, etc.. But they all get at least one of these problems:

Therefore the need to create such a protocol.

how it works

GPG is used as a kind of universal accounting and authentication system for all sdchat networks, while RSA is used after the GPG handshake to transfer data between two peers.

SDChat identifies nodes and avatars. A node is a direct connection to a peer, an avatar is a gpg-capable peer.

Each avatar has a unique RSA public key and each session between two avatars is made up of an RSA keypair. That is, transmission between two avatars use asymmetric encryption.
Public session keys and unique keys are exchanged during the GPG handshake, which consist of identifying and validating the GPG keyid of each other.

Public unique keys are used for signing session data. Session keys are used to actually encrypt the useful part of the transmission.
This is because a peer can receive a packet from an unknown source. It's impossible to actually know the session key prior to know the source.

When one node connects to a network, the node will announce all of its known avatars, and the other node of the other network will do the same. This way, in one pass every avatar know each other (if they want to).

You may have noticed that you need only one TCP port for everything, even audio and video. SDChat is being designed to only use one port (one NAT for all) to avoid network filtering problems. There're plenty of multimedia applications that use other ports (more NATs) for speed matters. At all we only care about security and simplicity.
For this to work it's necessary to multiplex data and to slow down streaming processes in order to ensure other less consuming protocols like chat, collaboration editing, etc. work also when file tansfer and video are used.
Also we can't use UDP because it's not reliable while security needs reliability.

We remind you the objective is to create a secure chatting network. If you were looking for a file sharing program, drop the idea to use SDChat. File transfer in SDChat is useful for small files, in the order of 1-10Mb. A secure file transfer to support secure discussions.

the protocol

SDChat protocol is easy and human readable and it's been designed to be extensible with new sub protocols.
Actually the only identification system is GPG. It's not currently planned to use other systems, but suggestions are welcome.

The documentation is out-of-date and may not reflect the latest implementation in some cases. It will be updated in the next release of sdchat.
Read the RFC of the protocol.

development

We're developing the next release of sdchat from scratch, with a C API using the Vala language and the GObject type system.

  Git repository browse, instructions and tarball exports.
  Mail us for any doubt or suggestion.