Home

Awesome

imgs/0fclogo.png

end-to-end discreet web chat with strong cryptography

0fc enables you to run a secure in-browser group chat with isolated chatrooms, having some special features:

0fc was started as testing playground for some sophisticated use-cases of Themis/WebThemis, but became interesting enough to release it as a separate blob of code.

IMPORTANT: To be considered really secure, 0fc should be validated by third parties and deployed properly. No cryptographic tool should be trusted without third-party audit. Before that happens (if it ever does), there's a protocol description at the end of this document, which allows you to take a look at the inner workings of 0fc and make your own judgement. We ourselves are aware of a few rarely possible threats unrelated to cryptography, but rather to the way browser works (see Threat model section of blog post).

0fc backend is written in Python, front-end is WebThemis-based, so it works in Google Chrome-based browsers only (yet).

0fc is licensed via Apache 2 license. We would be happy if you build something based on this code and 0fc's protocol; if you'd like any help with this, get in touch.

Read the blog post to learn more about 0fc and underlying technologies.

Installing and using

0fc consists of two components: a server and client.

0fc server

0fc server requires:

First, you will need to install python dependencies:

pip install -r requirements.txt

Having done so, you can run the server:

python3 server.py

by default server will listen to port 5103. To change the port add -p <port>:

python3 server.py -port 333

0fc client

0fc client already comes compiled in /static/ folder. Bear in mind that it has server keys hardcoded; if you regenerate the keys, you will need to rebuilt the client (see below).

Using 0fc

... is quite self-explanatory. You may create new room, generate tokens and invite people to join, or enter existing token to enter the room.

Rebuilding 0fc client

If you'd like to recompile 0fc client (PNaCl object) yourself, here's what you have to do:

  1. To build PNaCl object you need to install NaCl SDK and create enviromant variable PNACL_ROOT with path to installed SDK files.
  2. Clone 0fc repository with submodules from github:
git clone https://github.com/cossacklabs/0fc
cd 0fc
git submodules update --init --recursive
  1. Build webthemis:
cd webthemis
make
  1. Build 0fc PNaCl module:
cd ..
make

You're done!

Architecture

imgs/0fclogo.png

0fc consists of 2 classical components: client and server.

Clients are responsible for:

Server is responsible for:

Over websocket link, clients talk to server via SecureSession Themis object, which provides high-level transport security. Server keys are hardcoded into clients, so trust is established based on correlation between real server key and server key fed to client in binaries.

Within this SecureSession link, SecureCell-encrypted messages are transmitted.

Protocol & scheme

imgs/0fc_prot.png

Room creation

Inviting others (key sharing)

Message exchange

Key management

Server communication

Key rotation

Room orchestration

Chat history

Want to know more?

Read our blog post with some background on 0fc development and various security considerations.