-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Welcome to the Voynich wiki!
Voynich is a Rust library for creating chat applications which are anonymous, end-to-end encrypted and authenticated. It includes an example terminal chat application, voynich-term. It uses Tor onion services for anonymity, and for the outer layer of encryption; in addition, each message is encrypted and authenticated using ephemeral session keys, signed using the onion service secret key.
Voynich uses the identifier of the onion service as your identity as a chat participant - the onion service is your identity. It can generate new onion services on-the-fly, either transient (existing only for the life of the chat session) or persistent (reusing the same onion service in multiple sessions), and since the IP address of a given onion service is hidden, your identity is hidden as well.
In addition to using onion services for anonymity (not to mention basic, TLS-level encryption), Voynich additionally encrypts and authenticates each message using a session key regenerated for each session.
NOTE: The cryptographic code hasn't been audited by anyone but myself - use at your own risk!!!
Voynich uses Tor onion services to allow it to traverse home NATs, as well as to provide anonymity and an extra layer of encryption. Because of this, to use it you'll need to install the Tor service or use an existing Tor service.
Voynich can create onion services dynamically by using the Tor control connection. You can have it create services that are transient, i.e. that only exist for a single chat session, or persistent, meaning you can reuse the same onion service across chat sessions. In a very real way, your onion service address is your identity for the chat session - the secret key for the onion service is used to sign the encryption keys for the session. But, because it is a Tor onion service, there's no easy way for anyone to associate your onion address with you. Additionally, because you can create multiple persistent onion services, you can have different identities depending on the context.
For example, if Alice and Bob know each other, and want to communicate without any eavesdroppers listening in on their conversation, or even knowing who they are, they can each create an onion service, securely communicate each other's onion service addresses out-of-band to each other, and then chat using Voynich.
On the other hand, Alice and Bob can be anonymous to each other as well, for example activists who must keep their anonymity but who communicate anonymously through message boards. They can exchange onion addresses with each other on the message board, and then communicate completely anonymously - if Bob (or a third party) decides he wants to find out Alice's identity, he would have to essentially break the Tor anonymity model, which would be difficult (but not impossible).