Kypeless 0.0-pa8-0

Table of Contents


Next: , Up: (dir)

Kypeless

This manual (updated 28 Jul 2013) is for Kypeless version 0.0-pa8-0, which is a peer-to-peer secure communication program, that provides you a possibility to exchange information in a secure way.

Copyright © 2012-2013 German "p5vq9k" Rimarev.

Kypeless is free and open source software, released under GPLv3 or higher.


Next: , Previous: Top, Up: Top

1 Overview

This is a manual for the Kypeless, a p2p secure communication program.
Kypeless' main purpose is to deliver information to a desired person (further in the text - remote peer) in the way that nobody except him/her can access it.
The fact of existance of such connection is not hidden, though kypeless tries to do it's best to hide the identities of communicating peers from anyone else.

If used with care, Kypeless provides that:

Right now Kypeless allows you to exchange text messages of various size and send files, but a lot more features are planned to be implemented.

Unfortunately, kypeless doesn't have it's own overlay network yet, so it is up to you (user) to get remote peer's address and port. Taking into account how widespread have NATs become nowadays, this can be very difficult, and in some cases you may not be able to establish connection at all.
This is going to be fixed in future releases.

If you are new to Kypeless, you may want to read the Quick Start Guide, and other topics suggested there.
Especially the Design Concept and Security Notices chapters.

Logically, Kypeless consists of two "modules" : The core module (without the gui) is called kypeless-core, and the vanilla FLTK GUI module provided is called kypeless-gui. While used together they form the program called Kypeless.

The official Kypeless website is http://www.kypeless.org.
Kypeless is released under the GNU GPL version 3 or later (see appropriate COPYING file or http://gnu.org/licenses/gpl.html)


Up: Overview

1.1 Goals

Kypeless is being designed as fast and simple secure communication program.

Our first priority is security and simplicity, and only then user-friendlyness. It doesn't mean we do not care about the interface, it rather means that we try to carefully design the core and secure communication protocols first, and only then expand the GUI, adding new features or reorganising it.


Next: , Previous: Overview, Up: Top

2 Installation

Guide on installing Kypeless. Only GNU/Linux installation instructions included. Instructions for BSD users should be very similar.


Next: , Up: Installation

2.1 Installing Dependencies

To build and run Kypeless, you need to have the following libraries installed:

Depending on your system and package manager and also your preferred installation method, there are many different ways to aquire them.

You may download these libraries as source packages and build and install them, following the instructions provided by the developers.

Or, alternatively, you may download pre-built packages for your distribution.
For example, Arch users would type in terminal

     # pacman -S libgcrypt fltk

Debian/Ubuntu users would use this command

     # apt-get install libfltk1.3 libfltk1.3-dev libgcrypt11 libgcrypt11-dev

etc. If you run another GNU/Linux distribution, that should be fairly easy for you to figure out how to install pre-built libraries.


Previous: Installing Dependencies, Up: Installation

2.2 Installing Kypeless

Kypeless is shipped as standard GNU package. So, standard

     $ ./configure; make; sudo make install

commands after downloading and unpacking the package should do the job.

Though, as kypeless is under heavy developement right now, I would not recommend to run make install command after configuring with default prefix. Actually, even if it would be close to being complete, it would still not be very good practice to install packages system-wide like this. That's what your distribution provides package manager for.
I would suggest building and installing Kypeless in a separate directory. After unpacking the archive and entering the created directory:

     $ mkdir build
     $ cd build
     $ ../configure --prefix=`pwd`
     $ make
     $ make install

This should build kypeless and install it in the same directory build you just created. If everything went smooth, the kypeless-gui executable should be located in build/bin.


Next: , Previous: Installation, Up: Top

3 Quick Start Guide

This section is supposed to give you the minimal knowledge needed to use the Kypeless.

It is assumed that you have installed the program and it's dependencies already. Otherwise, please proceed to the Installation section.

There are three simple (not really) basic steps to start using Kypeless, and I recommend reading the fourth section too:


Next: , Up: Quick Start Guide

3.1 Creating Profile

The very first thing you need to do is to create your profile.

Launch the Kypeless. Double-click kypeless-gui if in graphical file manager, or execute it in terminal ( $ ./kypeless-gui ). You need X server running to be able to start it, since what you are launching is graphical user interface built upon FLTK.

After you have launched it, you will see tabbed window with three tabs: Profile, Contacts, ####.

Select the "Profile" tab (should be selected by default.)

Click the "Create profile" button.
Follow the instuctions in dialogs: fill in the file name of your new profile (should match pattern "*.kyp", where * means anything), password for your new profile, and, finally, your username (it should be human-readable string, since that's what other users will see in their contact lists. NAME SURNAME is the template format I recommend). So, for example, "Alfred Boulder" would be a very nice username, and "Alfbd1983" would not.
WARNING: you will not be able to modify any of these 3 values later, so choose wisely. Read this section for more advice on topic: See Protecting Your Profile With Password and Filename.

Then, check all the data once again and execute the profile generation by pressing "Yes" button in the last dialog.
You will need to help the random generator to gather entropy (random events). Almost any event you produce (moving the mouse, pressing a key on keyboard) fills entropy buffer a bit. Possibly the easiest, fastest and securest method is to open a new text file (DO NOT save it, only open it in editor), and start typing perfectly random "text" consisting of all available characters (letters,numbers,symbols,...). You won't need more than 2000 characters on average machine. When the generation is finished, carefully close that file WITHOUT SAVING it.

IMPORTANT: if you, even accidentally, write this random text to disc, your profile security is under severe risk. This text must NEVER get on any long-term storage devices (including system swap, so watch out!). If case of such undesirable event, please do delete your profile and generate it once again from scratch.

After the generation is done, your profile will be automatically loaded and you will see a lot of data in the profile tab. The "Load profile" button will change it's label to "Unload profile", and a neat yellow light will turn on.

That's it, you generated your profile. To unload it when done using, press "Unload profile" button. To load it when using Kypeless next time, press "..." button to select your profile file, enter your password and hit "Load profile" button. If everything is correct, your profile should load. And remember: NEVER rename your profile file. You can move it anywhere, but it's name always must be exactly as specified when generating it.

Note: Since password is not being rechecked, it is a good idea to reload your profile right after you generated it. If you can not load your newly generated profile while entering the correct password, you may have misspelled it the first time. If that's your case, generate your profile from scratch again.


Next: , Previous: Creating Profile, Up: Quick Start Guide

3.2 Preparing to communicate

Now you are ready to exchange PubInfos with someone.

First, load your profile.

Then modify your contact data to be valid. This is done by pressing "Edit MY hostaddr" and "Edit MY hostport" buttons. Read the section, which provides more information about these values: See Locating Remote Peers.

Reminder: please assure that no routers or firefalls are blocking your selected port, and that your provided host adress (IP or DNS) is valid. Otherwise, nobody will be able to connect to you.

Now you are ready to export your PubInfo file. Press the "Export PubInfo" button, and you will see the password input prompt.
This is one more little feature Kypeless provides: encrypting even public keys and uIDs for the best user personality hiding. Only users posessing that password will be able to decrypt your profile. If that is not the feature you really need, leave the default password. After you made your choice, press OK.
Kypeless will write your PubInfo out. Your PubInfo file will be named in the following format: "XXXXXXXX_contact.kyc", where XXXXXXXX is your uID. You can see your uID clearly in the Profile tab (when profile is loaded, of course).

Your PubInfo is a file that describes your profile, provides data for your unambiguous identification and your address, which can be used by anyone to connect to you.

You need to exchange PubInfos with somebody if you want to connect to him/her. It is not that easy, since both PubInfos must reach the other person intact, unchanged and unobfuscated. See the following section for some reading about ways of granting it: See Verifying Contact Truthworthness.

When you got someone's PubInfo (file, obviously, named like "ZZZZZZZZ_contact.kyc"), you need to go to the "Contacts" tab in Kypeless window and import it. Click "Contacts" tab, and press "Import Contact" button. Select the PubInfo file you received, and press "Ok". Enter the correct password (if have no idea what it should be, try the default one), press OK again. The contact will be imported into your contact list, where various information about the remote peer will be stored (public key, name, ip, port, ...).
After importing the contact, you can delete the received PubInfo file, if you wish to. Technically, it's no more needed. Though, I'd recommend keping it at least until you managed to establish a connection to corresponding person. Just in case.

NOTE: When you press "Connect", be sure one of the contacts in list is selected (it will be highlighted then), or Kypeless will simply ignore your click. This note also applies to most of the buttons on the "Contacts" tab.

To allow incoming connections, you must set trustlevel of the contact to at least 1. Select contact in the list by clicking it, press "Set TrustLevel" button, and enter value of at least 1 (or higher, if you already performed some checks on the validity of PubInfo you received).

After performing these simple actions, you should be able to communicate with the remote peer, whom you exchanged PubInfo files, and whose contact data is now stored in your profile in contact list. Make sure that remote peer also followed similar steps, or you won't be able to connect to him/her otherwise.


Next: , Previous: Preparing to communicate, Up: Quick Start Guide

3.3 Connecting and Communicating

You have exchanged PubInfos and there is only one last step left - connect and chat!

Load your profile, go to "Contacts" tab. Select contact of the remote peer whom you want to connect to by clicking it, and then click "Connect".

After doing so you will see a question mark appear in the line entry of selected contact. It does not mean anything about the packet delivery or remote peer's answer - it only means you have to wait.
At the same time, if everything is configured and set up correctly, the remote peer will see an exclamation mark in line entry of your contact. In signalises him/her that you are trying to connect. He/She has 30 seconds to accept or deny the connection request, or it will be denied automatically. These actions are done using the "Transfer/Request window" - open it by pressing the "Tran/Req" button below, select appropriate request in the upper table, and press the "Accept" button.

If the pemote peer declines your connection, the question mark will disappear and connection will return to initial (disconnected) state.
Otherwise, it will turn into an octothorpe (#), which signalises about connection being established. The chat with corresponding contact will open automatically.

That is, basically, all. Be careful to clear chat history time to time since all your messages are stored in secure memory, which is a limited resource. Right now gui segfaults when it runs out of secure memory, so you have been warned.

There is a yellow bar indicator on the right lower corner of Kypeless window, which you should keep track of. The yellow space indicates used secure memory, and the white one shows secure memory remaining. Theoretically, Kypeless works well until there is a lack of secure memory, and then segfaults (It's not that poorly written, the core module handles all memory related errors properly, that's the gui module which segfaults actually. But, being the end user, you do not care about such nuances).
Practically, I would recommend not to let the secure memory usage raise above 75% of total value. It is 1.5Mb of 2000Mb, with default secmem amount, and it is still safe condition (assuming that you and the remote peer exchange short messages less than 10000 symbols each, like most of us usually do), but the cost of mistake (segmentation fault) is too high to take any risks. You can dump the secmem usage stats to standart output, if you press the button named "DUMP SECMEM STATS".
Most secure memory is consumed by chat message buffer, which can be cleared easily, pressing the narrow "Clear Chat History" button in each chat window, messages in that you do not need anymore. Your messages will be gone forever, and the memory will be freed.

Note: Every time you close the Chat window permanently, all your chat history is lost. The only way to preserve it currently is copy-pasting chat contents (ctrl+c and ctrl+v work in kypeless) into some text file somewhere on your PC (if it is confidential data, you'd better store that file on encrypted volume/partition)

The "Disconnect" button does exactly what you expect, in both places where you will find it.

See the Kypeless-gui section for deep explanation of all gui functions.


Previous: Connecting and Communicating, Up: Quick Start Guide

3.4 Sending Files and Long Messages

These features are available since kypeless 0.0-pa8-0.

You must connect to desired remote peer first in order to use these functions.

If you want to send a long message - just do it, as you do with the short ones. Kypeless will automatically detect extra-large messages and send them using the data queue - it means they won't be delivered instantly. Please be aware that it may be risky to send such message, and too large messages are the causes of segfaults in most cases. Kypeless needs roughly three times the size of the message of free secure memory in order for transaction to succeed. So, as they say, "With great power, comes great responsibility".

If you need to send a file, switch to the "Contacts" tab, select the desired contact and press "Send file" button. Select the file you want to send, press "OK". The remote peer will see a request of file receive in "Transfer/Request window", and if the transfer gets accepted, your file will be sent via the data queue.
Transferring files of any size (the upper limit being slightly above 4GB) always consumes relatively small constant amount of secure memory per file.

You can see all the transactions currently in progress in the bottom table of "Transfer/Request window".
You can cancel any of them anytime by pressing "Cancel" button after having selected the undesired transaction in the table.


Next: , Previous: Quick Start Guide, Up: Top

4 Kypeless-gui

This chapter tries it's best to explain the meaning of every single button in the GUI.

The first thing you will see while opening Kypeless with vanilla GUI is tabbed window. Let's see what is in there.

SORRY, SECTION NOT PRESENT YET


Next: , Up: Kypeless-gui

4.1 Profile tab


Next: , Previous: Profile tab, Up: Kypeless-gui

4.2 Contact tab


Next: , Previous: Contact tab, Up: Kypeless-gui

4.3 ### tab


Next: , Previous: ### tab, Up: Kypeless-gui

4.4 Message log


Next: , Previous: Message log, Up: Kypeless-gui

4.5 Statusbar


Next: , Previous: Statusbar, Up: Kypeless-gui

4.6 Chat window


Previous: Chat window, Up: Kypeless-gui

4.7 Transfer/Request window


Next: , Previous: Kypeless-gui, Up: Top

5 Invocation

The format for running the Kypeless program with vanilla GUI is:

     kypeless-gui option ...

With no options, kypeless-gui tries to start the kypeless, allocating default amount of secmem.

kypeless-gui supports the following options:

--secmem amount
-s amount
Allocate amount bytes of secmem instead of the default size. Default size = 1048576 bytes ( 1 Mib )
--help
-h
Print the help message and exit successfully.
--version
-v
Print the version number and licensing information of Kypeless and then exit successfully.


Next: , Previous: Invocation, Up: Top

6 Design Concept

This chapter explains the basic concept of design of the Kypeless, the thing which average user needs to know. It also links to some important security topics, please do not skip these references and read the suggested chapters carefully.

You should keep in mind, that Kypeless' main purpose is to grant secure communication, and the more you understand, the harder it is for the bad guys to fool you. So do not be afraid of a name of this chapter and read ahead bravely.

Each section of this chapter is divided on 2 parts:
The first one is written for regular users, who do not know about cryptography in detail
The second adds some information for more advanced users, who posess such a knowledge.

If you belong to the first group, you can do some reading on topic to get possession of at least some general ideas.

So, the design concept:

It is assumed that you trust the person you are going to communicate with.
It means that the remote peer and you both are interested in the transaction data (whatever it is, text or files or etc.), being kept in secret, and you both are doing your best to do so and do keep your Kypeless profiles secure and private.
If this requirement is not met, all other security measures are useless. This should be pretty obvious point.

It is also assumed that your both keep your computer clean of malware and spyware and etc, or at least try your best to. See Security Notices, for detailed explanation.


Next: , Up: Design Concept

6.1 Profile Concept

Each user is represented by a profile in Kypeless. Your profile is a file on your PC. Pretty simple, eh?

Your profile is your everything - it contains your identity validation key (private-key), your contact list with their identity validation keys (public-keys), your name, and other sensitive info.

Since profile is so important, it is password protected. You must read the security notice about keeping your profile secure.

Advanced:

Kypeless uses asymmetric encryption for authentication, and your profile acts as a keyring for your private-key and your friends' public-keys.
Since kypeless uses D-H algorithm for actual key transfer, exposure of these keys won't lead to any of your conversations being decrypted. It doesn't make your profile security less important, though.


Next: , Previous: Profile Concept, Up: Design Concept

6.2 Connection Concept

While communicating, Kypeless takes care of two things: 1) Verifying the adressate's personality; 2) Transmitting the information securely.

The Kypeless does the second thing, and you, being a user, no dot need to worry about it. But you must be very careful about the first one.

Kypeless needs to 'get aknowledge' about people whom you are going to communicate, so it can verify their identity while establishing connection. After connection is established, the data can be transfered between you and the remote peer.
This is done by importing tiny .kyc PubInfo files - some kind of contact 'visitcards' (containing user public-keys and addresses).

Note: To communicate, two users must exchange their contact info's, which means that both of them have to send their PubInfo's to each other.

There is a Security note you must read right now. See Verifying Contact Truthworthness.

Advanced:

While connection is being established, two peers use asymmetric cryptography to validate each other's identity (using pre-shared public keys) and exchange symmetric encryption keys using D-H. After connection had beed established, the actual data transaction is performed using symmetric cryptography.
See Used Algorithms.


Previous: Connection Concept, Up: Design Concept

6.3 Network Structure

Kypeless is peer-to-peer communication program. It is fully decentralised (has no master server), so it's up to the clients to find each other and aquire each other's addresses, so the connection can be established.

Right now there is no any kind of overlay network supplied with Kypeless, but we are working hard to solve this problem and to implement the overlay network, as an additional daemon/utility/anything.
Anyway, now there is only one way to connect to remote peer - supplying his/her ip or DNS name and port, which are specified in remote peer's PubInfo file you imported. You can change these values for contacts in your profile later.
You may find this tip extremely useful.

Advanced:

I think a simple chord ring should be a sufficient overlay network for kypeless.


Next: , Previous: Design Concept, Up: Top

7 Usage Tips

This chapter provides some useful tips and workarounds on using Kypeless.


Next: , Up: Usage Tips

7.1 Locating Remote Peers

When kypeless gets it's own overlay network implementation, many of these complications will be gone. Until then, enjoy:

Getting connection info about remote client (which is target IP and port) may be rather hard, especially if the IP is dynamic.
Problem with the port may be solved by using the default kypeless port - 32323. Try to stick to it if possible. If not - use 32322, then 32321 and 32320 in specified priority order.

I am really sorry, because suggessions provided below in the following two paragraphs are DIRTY HACKS. There are not many alternatives for now, and these suggessions may come in handy. Sorry once again.

There is a solution for dynamic IP owners - you may set up a free dynamic dns (there are some services providing such feature over the internet). This means that you will get the hostname, which links to your IP, and relinks to your new IP when your IP does change!

If you can not set it up for some reason, get some simple free domain so you could redirect it where ever you want manually. It's a good advice for static IP owners too - it's always easier to remember DNS name nor an IP adress.

Note: Your address and port are included in every PubInfo file you generate, so setting up your adress and port before exchanging PubInfo with anyone is a very good idea.
It is also a very good idea to never change the adress and port you set since then (and that's where DNS names are handy).
Warning: Your hostdata and port MUST be set to your external (WAN) ip and port. This is very important information for users behind NATs. When you initiate the connection, your hostdata and port are sent to remote peer. The remote peer answers exactly to that address, even if it differs from the address defined in his contactlist. So, you are responsible for making yourself accessible.
If you are located behind NAT without any port forwarding enabled, your only hope is that NAT gives you the same WAN port as the one you are using in LAN.
Two clients behind NATs are unable to connect without using port forwarding.

So, in general, only the ones who have static IP addresses or home NATs behing static IP addresses (where they can set up port forwarding) will not have any trouble connecting/receiving connections. For users behind public NATs only one-way connectivity (outgoing connections) is available (maybe sometimes not only such, but usually, yes.)

If you are an advanced user, the section about Network and Packets may help you to set up everything correctly.


Previous: Locating Remote Peers, Up: Usage Tips

7.2 Verifying Contact Truthworthness

Ways of solving the trustworthness problem. Of course these are not the only ones, but you should get the main idea. In all of these suggessions, it is assumed that Alice and Bob have just created their Kypeless profiles, and need to exchange PubInfos in order to communicate.

Method 1:

- Alice and bob exchange their PubInfo in any convinient way, secure or not, and import it into their Kypeless profiles.
- Alice writes down her own PubHash and PubHash of hers new imported contact (which is supposed to be from Bob).
- Bob writes down his own PubHash and PubHash of his new imported contact (which is supposed to be from Alice).
- Alice and Bob meet in person
- Alice verifies if her written down imported contact PubHash matches Bob's own PubHash.
- Bob verifies if her written down imported contact PubHash matches Alice's own PubHash.
- If both keys match, then Alice and Bob have succesfully exchanged PubInfos and now may enjoy their secure communication opportunities! They can both mark contacts of each other with the highest trustlevel possible in their profiles.

Method 2:

The same as the Method 1., but with different 4th step - instead of meeting in person Bob and Alice phone each other or use some real-time voice-transmitting software. It is slightly less secure than the method above, but as long as they both can verify each other's identity by phone it's ok. This method is also worth highest trustlevel mark in their profiles.

Method 3:

Alice and Bob are too lazy to write hashes down, but they both have spare data storage devices, e.g. flash drives. So, they both write their PubInfos onto flash drives and physically exchange them when meeting in person (no intermediary are allowed). Theoretically, all the data should stay intact this way, although checking hashes is always safer.

TODO ADD METHODS

To make your life easier, kypeless introduces a simple trustlevel flag, that you are free to modify for every contact in your profile. It is set to 0 for every new imported contact. It is there only for your convinience, and it does not affect the behavour of Kypeless, with one important exception - contacts with trustlevel set to 0 are not allowed to connect (Their incoming connections are denied automatically). Although I recommend you to stick to the values, suggested in the link below (there is a hint in the Kypeless itself too).
See TODO REF, for detailed description


Next: , Previous: Usage Tips, Up: Top

8 Technical Data

Some technical data about Kypeless. This chapter may be useful to programmers or anyone else who is trying to understand/modify/extend the source code of Kypeless.

If you are a regular user, you don't really need to read this chapter


Next: , Up: Technical Data

8.1 Used Algorithms

Kypeless uses the following algorithms for various tasks:


Next: , Previous: Used Algorithms, Up: Technical Data

8.2 Network and Packets

Kypeless uses single UDP socket for all communication.

This is what Kypeless actually does, while establishing connection (may be useful to understand & debug your connection):
Assume, that Alice wants to connect to Bob. Address means user's hostaddr & hostport in this context:

1. Alice sends packet 10 to Bob. She uses Bob's address, which is being stored in her connection list. She includes her own address , which is stored in her profile, in packet 10. Note: no address validity checks are performed. Alice is "responsible" for both address correctness! Though, if Bob provided false address in his PubInfo, which Alice has imported, he obviously is the one to blame.
2. When (and if) Bob receives Alice's packet, he responds to her with packet 20. He sends it to the address Alice provided in packet 10. Note: not the Alice's address he has saved in his contactlist!
3. If Alice receives Bob's packet 20, the connection is established. Both use the same addresses to send all subsequent packets.


Next: , Previous: Network and Packets, Up: Technical Data

8.3 Core and GUI

As you should already know, logically the Kypeless program consists of two independant parts: kypeless-gui and kypeless-core.

The program is split to make new GUI integration easier, and for some other reasons.

The core module manages all profile, contact and connection related data and is not dependant on the GUI. It is not a library, though, it is just the GUI-independant core of the program.
The GUI module only provides the user interaction with the core module and is dependant on the specific version of it.
You are free to write your own GUI if you want to. It is recommended to stick to the original GUI for now.

Although, if you are writing a gui for kypeless, remember - any security leak in GUI makes all the protection of the core useless. _EVERY_ single security leak.
Well, things are not that bad in reality, but that's what you should assume.


Next: , Previous: Core and GUI, Up: Technical Data

8.4 Core module in detail

This section explains the structure of the core module briefly. You can find more detailed explanation of the fields and functions in the code itself.

TODO


Previous: Core module in detail, Up: Technical Data

8.5 Version Numbering

Kypeless-core has the version number, consisting of the major number, minor number, and the release type string in this format:

     kypeless-core major.minor-releasetype
     
     kypeless-core 0.1-b2

Kypeless-gui is dependant on the kypeless-core, and is written for specific version of it. Since then it shares the version number of kypeless-core, appending it's own version number to it:

     kypeless-gui major.minor-releasetype-guiversion
     
     kypeless-gui 0.1-b2-1

Since users never interact directly with the kypeless-core, the version number of the kypeless-gui is used as the version number of current release of the Kypeless program:

     Kypeless 0.1-b2-1

When version number of kypeless-core changes, the shared version number of kypeless-gui must be changed, and it's guiversion number must be reset to 0. The kypeless-gui's own guiversion number is increased only when gui module was modified, while the core module was not.


Next: , Previous: Technical Data, Up: Top

9 Security Notices

This is the topic you must read if you are beginning to use Kypeless. It explains some very important security related questions - the must-know for every Kypeless user.

The first thing you should understand: (almost exact copy of the paragraph in the 'Design Concept' chapter)

It is assumed that you trust the person you are going to communicate with. It means that the person you are going to communicate with and you both are interested in the transaction data (whatever it is, text or files or etc.), being kept in secret, and you both are doing your best to do so and do keep your Kypeless profiles secure and private. This is pretty obvious point.


Next: , Up: Security Notices

9.1 Genuine Kypeless

You must use only genuine Kypeless executable, or executable compiled from the code you do trust.

If you downloaded the kypetess source tarball, verify it's hash.
If you obtained kypeless from some package repository, make sure that the package is signed, etc.

Do not use custom kypeless builds unless you are absolutely sure on what customizations are inside there!

Do not load your kypeless profile on the machines you can not trust. Ideally, there should be no reason for your profile to leave your PC.


Next: , Previous: Genuine Kypeless, Up: Security Notices

9.2 Keeping Your Computer Clean

(This section should explain that if some untrusted person gains root access to your system, all your security is doomed.) ...


Next: , Previous: Keeping Your Computer Clean, Up: Security Notices

9.3 Keeping Your Profile Secure

There are several suggessions about keeping your profile secure. Since the only thing Kypeless is about being privacy and security, you must read them all.


Next: , Up: Keeping Your Profile Secure

9.3.1 Protecting Your Profile With Password and Filename

The password and the filename of profile are the only two things that protect your profile from being accessed. You must make it VERY difficult to hack. If you do not know what strong password means, DO SPEND YOUR TIME to get such knowledge. If you are able to, consult some security experts about what the strong password means. Consult anyone who can help. If it is not your case, do some reading on topic. Do your best to produce as strong password as you can. The spent time will be worth it.

And what does "filename of the profile protects it" mean? - you might ask.
It may be unusual feature to you, but actually it does. While deriving decryption key, your password gets salted with the filename of your profile file, what means that if you change that filename, you won't be able to decrypt your profile anymore!
Also, it means that hackers won't be able to use rainbow tables while hacking your profile, and that's what all the fuss is about.

So, in order to protect your profile, you have to choose as unique filename as you can. It does not need to be secret (that's the part of security your password is responsible for), but your own very individual filename. And you would better remember that filename, or else what are you going to do when you accidentally rename your profile?
So, "AlfredBoulders_profile.kyp" will be a wise choice, while "OC4N3d8hkKsWkmaL1.kyp" won't.

Note: The password is the only (secret) thing that protects your profile. If your profile gets stolen, you are safe as long as your password is strong enough.
Warning: IF YOU LOSE YOUR PASSWORD - YOUR PROFILE IS LOST FOREVER. I'm not kidding, that is the price of security.
Warning: Never tell your password to anybody. Although it is obvious, I remind you once again - Never ever do it.

It is not the worst idea to write down your password (on the piece of paper, of course, no virtual data carriers do fit this purpose) until you learn it by heart. Of course this piece of paper should be hidden properly. And disposed with care when no longer needed. It is all up to you, you have been warned.


Previous: Protecting Your Profile With Password and Filename, Up: Keeping Your Profile Secure

9.3.2 How To Keep Your Profile Safe

Unfortunately, the strong password being the condition of keeping your profile secure, it is far not the only one. After the strong password was selected and your profile was created, you must care about it's security every-single-time you use Kypeless, or any other program on your computer. Do not panic, I do not mean any annoying actions that you should perform every time you want to load your profile. I mean thinking.

Thinking about consequences that any your action may lead to, about whom you do trust and whom you don't, and plenty of other things that may seem obvious, but are often forgotten by end-users.

Any security system is as secure as it's weakest link. And the hacker who will be attacking you will know this for sure.
It is senseless to guess encryption keys, capture traffic or inject packets when the profile password is "12345". Or, when it is writtten on the sticky note on your workstation.
Or, if the owner of PC left it turned on with administrator account logged in, so that keylogger can be installed easily. Or, if it is not the administrator's account but it is still possible to install a keylogger.
Or, if an attacker has physinal access to the PC while user is away, and boot password protection is off, so he can boot, say, some live CD and replace the original kypeless binary with the malicious one, which sends your password directly to the attacker in plaintext.

And there are thoursands another ways how to get your password and compromise your security without hacking the kypeless, if you are not aware enough.

TODO CONTINUE/COMPLETE SUBSECTION


Previous: Keeping Your Profile Secure, Up: Security Notices

9.4 Validating Contacts

When Kypeless receives a PubInfo of a contact, it can not verify it's truthworthness, since it gets 'aknowledged' to the person/contact for the first time. So, you actually can not know whose PubInfo you have received. Your traffic may be controlled, and the PubInfo may be spoofed. If you got it from public storage in the internet, it might have been faked too. Usually, there is no secure source of information that contacts coming from can be trusted.
The idea is pretty much the same as with the public keys in asymmetric cryptography, if you understand what I am talking about. Deeper explanation of this principle it is outside of the scope of this manual.

There are several ways of solving this problem of trustworthness, which are covered in the Usage Tips chapter. See Verifying Contact Truthworthness.


Next: , Previous: Security Notices, Up: Top

10 Feedback and Contribution

Right now, there is so few code to deal with, that we are not seeking for more coders. Another reason for this is that this project was started with a half-educational purpose of mine, so that's the reason I would like to write the core myself (which is not even conceptually close to complete). The vanilla gui too, actually. I Hope you understand my motives correctly.

But that does not mean we do not search for volunteers. Of course we do. We do search for testers, code reviewers, wiki contributors, package maintainers (in a long-term, as here is nothing to maintain yet), and more testers. Please remind me if I forgot someone.

We are in need of bug reports, testing, code reviews (if anyone would be so kind to do some), any constructive critics, any suggessions, actually your opinions on any part of the project. I mean more or less unprejudiced opinions.

And of course we appreciate donations. The more the better. (You can donate on our webpage via paypal).


Previous: Feedback and Contribution, Up: Top

Appendix A GNU Free Documentation License

Version 1.3, 3 November 2008
     Copyright © 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
     http://fsf.org/
     
     Everyone is permitted to copy and distribute verbatim copies
     of this license document, but changing it is not allowed.
  1. PREAMBLE

    The purpose of this License is to make a manual, textbook, or other functional and useful document free in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.

    This License is a kind of “copyleft”, which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.

    We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.

  2. APPLICABILITY AND DEFINITIONS

    This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The “Document”, below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as “you”. You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law.

    A “Modified Version” of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.

    A “Secondary Section” is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.

    The “Invariant Sections” are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none.

    The “Cover Texts” are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words.

    A “Transparent” copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not “Transparent” is called “Opaque”.

    Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only.

    The “Title Page” means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, “Title Page” means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.

    The “publisher” means any person or entity that distributes copies of the Document to the public.

    A section “Entitled XYZ” means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as “Acknowledgements”, “Dedications”, “Endorsements”, or “History”.) To “Preserve the Title” of such a section when you modify the Document means that it remains a section “Entitled XYZ” according to this definition.

    The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License.

  3. VERBATIM COPYING

    You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.

    You may also lend copies, under the same conditions stated above, and you may publicly display copies.

  4. COPYING IN QUANTITY

    If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.

    If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.

    If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.

    It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.

  5. MODIFICATIONS

    You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:

    1. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission.
    2. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has fewer than five), unless they release you from this requirement.
    3. State on the Title page the name of the publisher of the Modified Version, as the publisher.
    4. Preserve all the copyright notices of the Document.
    5. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.
    6. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below.
    7. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice.
    8. Include an unaltered copy of this License.
    9. Preserve the section Entitled “History”, Preserve its Title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section Entitled “History” in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence.
    10. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the “History” section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission.
    11. For any section Entitled “Acknowledgements” or “Dedications”, Preserve the Title of the section, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein.
    12. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles.
    13. Delete any section Entitled “Endorsements”. Such a section may not be included in the Modified Version.
    14. Do not retitle any existing section to be Entitled “Endorsements” or to conflict in title with any Invariant Section.
    15. Preserve any Warranty Disclaimers.

    If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.

    You may add a section Entitled “Endorsements”, provided it contains nothing but endorsements of your Modified Version by various parties—for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.

    You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.

    The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.

  6. COMBINING DOCUMENTS

    You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers.

    The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.

    In the combination, you must combine any sections Entitled “History” in the various original documents, forming one section Entitled “History”; likewise combine any sections Entitled “Acknowledgements”, and any sections Entitled “Dedications”. You must delete all sections Entitled “Endorsements.”

  7. COLLECTIONS OF DOCUMENTS

    You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.

    You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.

  8. AGGREGATION WITH INDEPENDENT WORKS

    A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an “aggregate” if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included in an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document.

    If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate.

  9. TRANSLATION

    Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail.

    If a section in the Document is Entitled “Acknowledgements”, “Dedications”, or “History”, the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title.

  10. TERMINATION

    You may not copy, modify, sublicense, or distribute the Document except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, or distribute it is void, and will automatically terminate your rights under this License.

    However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.

    Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.

    Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, receipt of a copy of some or all of the same material does not give you any rights to use it.

  11. FUTURE REVISIONS OF THIS LICENSE

    The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.

    Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License “or any later version” applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. If the Document specifies that a proxy can decide which future versions of this License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Document.

  12. RELICENSING

    “Massive Multiauthor Collaboration Site” (or “MMC Site”) means any World Wide Web server that publishes copyrightable works and also provides prominent facilities for anybody to edit those works. A public wiki that anybody can edit is an example of such a server. A “Massive Multiauthor Collaboration” (or “MMC”) contained in the site means any set of copyrightable works thus published on the MMC site.

    “CC-BY-SA” means the Creative Commons Attribution-Share Alike 3.0 license published by Creative Commons Corporation, a not-for-profit corporation with a principal place of business in San Francisco, California, as well as future copyleft versions of that license published by that same organization.

    “Incorporate” means to publish or republish a Document, in whole or in part, as part of another Document.

    An MMC is “eligible for relicensing” if it is licensed under this License, and if all works that were first published under this License somewhere other than this MMC, and subsequently incorporated in whole or in part into the MMC, (1) had no cover texts or invariant sections, and (2) were thus incorporated prior to November 1, 2008.

    The operator of an MMC Site may republish an MMC contained in the site under CC-BY-SA on the same site at any time before August 1, 2009, provided the MMC is eligible for relicensing.

ADDENDUM: How to use this License for your documents

To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:

       Copyright (C)  year  your name.
       Permission is granted to copy, distribute and/or modify this document
       under the terms of the GNU Free Documentation License, Version 1.3
       or any later version published by the Free Software Foundation;
       with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts.  A copy of the license is included in the section entitled ``GNU
       Free Documentation License''.

If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the “with...Texts.” line with this:

         with the Invariant Sections being list their titles, with
         the Front-Cover Texts being list, and with the Back-Cover Texts
         being list.

If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation.

If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.