Secure Exchange

Communication Privacy made Real




Differentiation <

This is a free not-for-profit web application enabling private communication between virtual names. The secrecy is guaranteed for:

On the flip side, availability is not guaranteed, i.e. the system is vulnerable to DoS attacks. That is on top of content auto-removal by design. In other words, assume no long-term storage and copy everything you need to persist.

Furthermore, authenticity is verified for a name communication is originated from. However, a real individual posing as that name is fundamentally unknown, i.e. trust between names must be established outside this exchange.

Name hijacking can be done by cache poisoning (public keys live in caches for an hour) or with administrative access to the key server (densys.net) - currently residing in Switzerland. Either way is difficult to follow in practice.

Finally, this application sits on top of a browser (tested with Chromium family and Firefox), letting you further exploit capabilities of the Tor browser and mask very fact of interacting with this exchange.

New Names <

Left-hand drop-down menu invites you select a name you pose as or create one if needed. Making a name requires permission to open a new browser tab, which usually not a problem but may require "allow pop-up window" option with some browsers. Going forward, you may open a browser tab per name and pose as a different name in each tab.

When you create a new name, a key pair is created locally. Public key is then published at densys.net for any member of public to download and be able to encrypt their comms addressed to the name you have just created. Private key, or secret, is stored in persistent browser's Indexed DB. This secret allows you to decrypt everything addressed to the name, to delete public key from densys.net if you will, and to form a close group (only you can invite members).

If the secret is lost you are locked out, and the name will be removed automatically after two years of inactivity. Export and import operations are provided to give you a file with all the keys in Indexed DB, so that you can store it securely elsewhere.

Drop-down menu on the right-hand side controls what you read. It can be personal comms addressed to your name (default) or, groups you accepted invites to but do not control, such groups will only appear in the drop-down menu on the right-hand side.

Export <

The button extracts keys stored in browser's persistent Indexed DB and lets you save them as json-formatted file. In fact, they are key pairs - first 32 bytes are a secret key followed by another 32 bytes of the corresponding public one.

"signSecret" is the primary key pair created with the name's creation. If it is present, it means you control the name: you can delete it, form a close group, and invite such group's members. Those members you invited, on the other hand, would only have "growSecret" - a secondary key pair used for encryption-decryption of comms destined to the name.

Two caveats are worth noting. First of all, you can groupify a name and to not invite anyone - that way you are going to sign and encrypt with different key pairs in concordance with the best practice. Secondly, you must trust the names you invite because although they cannot invite others directly, they can divulge exported "growSecret" exposing group comms to a third party.

Purge <

Purging destroys keys and traces locally in the browser. Mainly, it destroys persistent store in browser's Indexed DB. This service does not use cookies, so the last hint of it to overstay is likely the browser's history. In Tor browser, for instance, it is easy to solve with the following Privacy & Security settings:

Import <

It is reverse to the export button - the operation populates browser's Indexed DB with keys from a user-selected file. It is expected that the file was produced by the export operation as described above.

Groupify <

As described in export section above, making a group from a name means adding a second pair of keys to the name. The second public key is added to the key file at densys.net, and the corresponding private key ("growSecret") is added to the local persistent browser's Indexed DB.

This secondary key pair makes it possible for the owner to disclose the secondary private secret to trusted names, forming therefore a close group. The primary key pair, in due course, allows the owner to retain control over the name having been groupified, and, for example, to re-groupify (or re-key) the group any time. Please, mind caveats outlined in the export section above.

Delete <

This button removes name's public key from public domain, effectively freeing up the name for anyone else to take. It also removes local record from browser's Indexed DB. If you ever use this operation, make sure to update your exported file: importing a name record without published key will not be flagged explicitly, although such name would never be able to participate in any exchange.

Invite <

Groupified names will be highlighted in the left-hand side dropdown menu. When selected, you will be able to invite to the group a name from either "To >" field - make sure the field has light-green background, meaning the invitee exists, otherwise nothing would happen.

Recipient will see Accept button in their inbox. Pressing the button will import "growSecret" of the group into recipient's Indexed DB (see groupify operation for details), and they will be able to select the group in the right-hand side dropdown menu and participate in the group's comms.


\//