-
Notifications
You must be signed in to change notification settings - Fork 0
/
BitMessage.mw
238 lines (153 loc) · 10.2 KB
/
BitMessage.mw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
{{Header}}
{{#seo:
|description=BitMessage email alternative. Asynchronous, decentralized, encrypted communication.
|image=Bitmessage.png
}}
[[File:Bitmessagelogo.png|thumb|Bitmessage Logo|border]]
{{intro|
BitMessage email alternative. Asynchronous, decentralized, encrypted communication.
}}
= Introduction =
[https://wiki.bitmessage.org/index.php/Main_Page BitMessage] is a P2P asynchronous communications protocol used to send encrypted messages to another person or to many subscribers. The PyBitmessage client is written in Python with a Qt GUI. BitMessage is decentralized and trustless, meaning that users do not need to place faith in entities like root certificate authorities. The design employs strong, self-authenticating, Bitcoin-style addresses which prevents adversaries from spoofing messages so they appear to be legitimate.
For a comparison of BitMessage with other open source communications software, refer to the [https://wiki.bitmessage.org/index.php/FAQ#How_does_Bitmessage_compare_to_other_messaging_methods FAQ].
== Design ==
The BitMessage protocol is quite flexible and robust: <ref>The development of Android clients has unfortunately stalled. Connecting with a mobile client also requires a full node running on the user's PC.</ref>
* Messages for offline recipients are stored for up to 28 days before being deleted.
* Proof-of-Work is relied upon to prevent spamming.
* Sender and recipient metadata is hidden by broadcasting all messages to everyone, thereby acting as a simple private information retrieval (PIR) system.
* [[#Email_Bridging_Services|Bridging services]] between the BitMessage network and legacy / regular email exist. <ref>The popular [https://bitmessage.ch/term.html bitmessage.ch] service was taken offline on 1 January 2020. </ref>
* Additional features include subscription support and Chans (Decentralized Mailing Lists). <ref>https://wiki.bitmessage.org/index.php/Decentralized_Mailing_List</ref>
* Stronger anonymity is possible by running BitMessage in {{project_name_long}}, since it works reliably.
For other use cases, refer to the [https://wiki.archlinux.org/title/Bitmessage Arch BitMessage wiki].
BitMessage has not yet been independently audited by professionals to verify its security claims. That said, miscreants did use it to run a ransomware operation (over Tor) without being caught, demonstrating that it is somewhat "battle-tested." <ref>https://www.bleepingcomputer.com/news/security/chimera-ransomware-uses-a-peer-to-peer-decryption-service/</ref> While the {{project_name_short}} Project will never condone criminal abuse of technology, it is hoped that dissidents in oppressive states can profit from the protocol's underlying strength.
== Email Bridging Services ==
<u>Note</u>: Bridging services are not required to use Bitmessage.
Bitmessage Mail Gateway (BMG) is a service that allows for seamless integration of email (webmail or email client) and the Bitmessage network.
As of January 1, 2020, the service at bitmessage.ch that was referenced in this section is offline. For more information, see: [https://bitmessage.ch/term.html Notice of Service Termination].
= BitMessage Installation and Operations =
== Installation ==
The following instructions perform steps to install BitMessage from source code as well as digital signature verification, which is optional but recommended for better security. Once the installation process is complete, BitMessage can be started and the networking appropriately configured.
Bitmessage developers use [https://git-scm.com/ git] to sign their source code. <ref>https://github.com/Bitmessage/PyBitmessage/issues/108</ref> Git is a distributed version control system ([https://en.wikipedia.org/wiki/Version_control VCS]) that has the ability to tag specific points in history -- such as version release points -- as being important. These (git) tags can be signed and verified with GNU Privacy Guard (GPG). For a basic overview of Tagging please read: [https://git-scm.com/book/en/v2/Git-Basics-Tagging Git Basics - Tagging].
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = While git is cryptographically secure, it is <u>not</u> foolproof. See [https://en.wikipedia.org/wiki/Web_of_trust Web of Trust] for further information.
}}
Note: Unless directed otherwise, run the following commands in {{project_name_workstation_long}} ([[Qubes|{{q_project_name_long}}]]: <code>{{project_name_workstation_vm}}</code> App Qube).
{{Box|text=
Installation from source code method part 1/2.
'''1.''' Install package dependencies for compilation.
([[Qubes|{{q_project_name_short}}]] users note: Run this single command in <code>{{project_name_workstation_template}}</code> Template.)
{{CodeSelect|code=
sudo apt install git python3 openssl libssl-dev python3-msgpack python3-qtpy
}}
'''2.''' Download the source code from GitHub.
{{CodeSelect|code=
git clone https://github.com/Bitmessage/PyBitmessage $HOME/PyBitmessage
}}
'''3.''' Navigate to any Bitmessage directory.
{{CodeSelect|code=
cd ~/PyBitmessage
}}
'''4.''' List all git tags.
{{CodeSelect|code=
git tag
}}
Example printout:
<pre>
0.6.2
0.6.3
0.6.3.2
</pre>
Note: The output has been truncated.
'''5.''' Further steps.
The next box will document digital signature verification and the over next box how to complete the installation.
}}
{{Box|text=
Digital signature verification.
'''1.''' Download the GPG public key of Pete Šurda, BitMessage core developer.
{{always_verify_signatures_reminder}}
{{gpg_key_download}}
{{CodeSelect|code=
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 52C97EBC095A2C0863C098C80C5F50C0B5F37D87
}}
When finished, the output should appear similar to the following screenshot.
'''Figure:''' ''GPG Key Importation''
[[File:Bitmessage_import_gpg_key.png]]
'''2.''' Verify the public key fingerprint.
{{CodeSelect|code=
gpg --fingerprint 52C97EBC095A2C0863C098C80C5F50C0B5F37D87
}}
At the time of writing, the output will appear like the following screenshot.
'''Figure:''' ''GPG Key Verification''
[[ File:Bitmessage_verify_gpg_fingerprint.png]]
'''3.''' Verify the git tag(s).
At the time of writing, <code>0.6.3.2</code> was the most current tag. There might be a newer tag.
{{CodeSelect|code=
git tag --verify 0.6.3.2
}}
When the tag has been verified the output should show a "Good signature" similar to the screenshot below.
'''Figure:''' ''Successful Verification''
[[File:Bitmessage_verify_git_tag.png]]
{{GnuPG-Warning}}
If the following "gpg: BAD signature" message appears, the source code has been corrupted or altered during the download process.
<pre>gpg: BAD signature from "Peter Surda <[email protected]>" [unknown]</pre>
In this event, delete the source code and either wait 10-15 minutes for the Tor circuits to change, or open up the [[Arm]] Tor Controller in {{project_name_gateway_long}} ([[Qubes|{{q_project_name_short}}]]: <code>{{project_name_gateway_vm}}</code>) and type "n" to create new Tor circuits. Wait for a random period of time before repeating the steps to download the source code and verify the git tag(s).
'''4.''' Done.
The process of digital signature verification is complete.
}}
{{Box|text=
Installation from source code method part 2/2.
'''1.''' Checkout the git tag version.
{{CodeSelect|code=
git checkout --quiet 0.6.3.2
}}
'''2.''' Done.
Installation of Bitmessage is complete.
}}
== Start BitMessage ==
Start BitMessage by running the following command.
{{CodeSelect|code=
~/PyBitmessage/src/bitmessagemain.py
}}
When BitMessage starts for the first time, this prompt will appear: <i>"Bitmessage won't connect unless you let it."</i> Choose: <i>"Let me configure special network setting first"</i> → press <<i>OK</i>>.
'''Figure:''' ''BitMessage Network Settings''
[[File:Bitmessage_enable_networking.png]]
Make the following changes:
* Proxy type: <code>SOCKS5</code>
* Server hostname: <code>127.0.0.1</code>
* Port: <code>9050</code>.
Press <<i>OK</i>> and the application should be fully functional.
'''Figure:''' ''SOCKS5 Proxy Configuration''
[[File:Bitmessage_configure_networking.png]]
== Upgrade BitMessage ==
To upgrade BitMessage run the following command.
<pre>
cd $HOME/PyBitmessage
git pull
</pre>
== Send Attachments ==
While explicitly attaching files is not supported, technically any file can be sent within the message body. <ref>https://tedjonesweb.blogspot.com/2013/06/how-to-send-files-like-e-mail.html</ref>
First convert the file with base64 and then copy and paste the contents of the text file.
<pre>
base64 < binary.file > text.file
</pre>
Do not forget to include receiver instructions on how to decode it. In order to decode the file, the recipient can copy and paste the code into a file and convert it with the following command.
<pre>
base64 -d < text.file > binary.file
</pre>
It is not very practical to send large files with BitMessage. Alternatively, a file or archive containing a collection can be GPG-encrypted and uploaded to untrusted cloud storage, with a link sent to the intended recipient(s). Two methods of encryption are possible: relying on a contact's public key or using symmetric encryption and sending the password in BitMessage. For GPG symmetric encryption, follow this example:
<pre>
gpg -vv -c --cipher-algo AES256 your-file.tar.gz
</pre>
Note that the output of <code>diceware</code> (pre-installed from {{project_name_short}} 14 onward) can be used for secure passwords.
== Backup User Data ==
To backup the BitMessage profile and all user-generated program data:
* Copy the folder under this path to your shared folder: ''/home/user/.config/PyBitmessage''
** Private keys are stored in the <code>keys.dat</code> database file. <ref>https://wiki.bitmessage.org/index.php/Keys.dat</ref>
** Other data-like inbox contents, contacts and black / white-list information are stored in the <code>messages.dat</code> <ref>https://wiki.bitmessage.org/index.php/Messages.dat</ref> database file.
* Copy the folder to this location to restore BitMessage data for new installs.
It is recommended to use [[Multiple Whonix-Workstation|Multiple {{project_name_workstation_short}}]] to safely separate BitMessage identities and running instances. For better security, do not run separate BitMessage instances concurrently in this configuration.
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]