# SecureBit.chat v4.2.12 - ECDH + DTLS + SAS
**The world's first P2P messenger with ECDH + DTLS + SAS security and military-grade cryptography**
[](https://github.com/SecureBitChat/securebit-chat/releases/latest)
[](https://securebitchat.github.io/securebit-chat/)
[](https://opensource.org/licenses/MIT)
[]()
---
## β¨ What's New in v4.2.12 - ECDH + DTLS + SAS
### π‘οΈ Revolutionary ECDH + DTLS + SAS Security System
* **Complete PAKE removal** - Eliminated libsodium dependency and PAKE-based authentication
* **ECDH key exchange** - Elliptic Curve Diffie-Hellman for secure key establishment
* **DTLS fingerprint verification** - Transport layer security validation using WebRTC certificates
* **SAS (Short Authentication String)** - 7-digit verification code for MITM attack prevention
* **Single code generation** - SAS generated once on Offer side and shared with Answer side
* **Mutual verification** - Both users must confirm the same SAS code to establish connection
* **Enhanced MITM protection** - Multi-layer defense against man-in-the-middle attacks
* **Real-time verification** - Immediate feedback on connection security status
### π ASN.1 Full Structure Validation (BREAKING CHANGE)
* **Complete ASN.1 DER parser** for comprehensive key structure verification
* **OID validation** for algorithms and curves (P-256/P-384 only)
* **EC point format verification** (uncompressed format 0x04)
* **SPKI structure validation** with element count and type checking
* **Key size limits** (50-2000 bytes) to prevent DoS attacks
* **BIT STRING validation** ensuring unused bits are 0
* **Fallback support** from P-384 to P-256 for compatibility
* **High-risk vulnerability fix** where keys with valid headers but modified data could be accepted
### π Enhanced Key Security
* **Full structural validation** according to PKCS standards
* **Complete rewrite** of `validateKeyStructure()` method
* **Enhanced validation** for all key import/export operations
* **Military-grade key verification** exceeding previous standards
### π Comprehensive Connection Security Overhaul
* **Advanced mutex framework** with 15-second timeout protection
* **Race condition prevention** through atomic key generation
* **Multi-stage validation pipeline** with automatic rollback
* **Enhanced MITM protection** with unique encryption key fingerprints
* **Session ID anti-hijacking** with mutual authentication challenges
* **Package integrity validation** for all connection operations
### π Secure Key Storage System
* **WeakMap-based isolation** for all cryptographic keys
* **Private key storage** replacing public key properties
* **Secure access methods** with validation and rotation
* **Emergency key wipe** capabilities for threat response
* **Key security monitoring** with lifetime limits enforcement
* **Backward compatibility** maintained through getters/setters
### π‘οΈ Production-Ready Security Logging
* **Environment-aware logging** (production vs development)
* **Data sanitization** preventing sensitive information leaks
* **Rate limiting** and automatic memory cleanup
* **Secure debugging** without exposing encryption keys
* **Privacy protection** while maintaining useful diagnostics
### π± Progressive Web App (PWA)
* **Install directly** on mobile and desktop devices
* **Offline mode support** with session persistence
* **Improved performance** through smart caching and service workers
* **Native app experience** without app store requirements
### π Secure File Transfer
* **End-to-end encrypted** file transfers over pure P2P WebRTC channels
* **File chunking** with individual encryption per block
* **Hash validation** for every chunk to prevent tampering or MITM attacks
* **Automatic recovery** for lost packets and interrupted transfers
* **AES-GCM 256-bit + ECDH P-384** encryption for files
* **SHA-384 checksums** for integrity enforcement
### π Enhanced Security Testing
* **Comprehensive data leakage testing** of chat sessions
* **Verified MITM and replay attack resistance**
* **Enhanced memory cleanup algorithms** for session termination
* **Isolated file streams** separated from chat channels
---
## π Try It Now
### π [Live Demo β SecureBit.chat](https://securebitchat.github.io/securebit-chat/)
*No installation required β works directly in your browser with military-grade encryption.*
**New:** Install as PWA for native app experience on mobile and desktop!
---
## β¨ What Makes SecureBit.chat Unique
### π Industry Leader
* **Dominates in 11/15 security categories** vs Signal, Threema, Session
* **First messenger** with enhanced ECDH + DTLS + SAS security
* **Military-grade cryptography** exceeding government standards
* **Zero servers** β truly decentralized P2P architecture
* **PWA technology** β install like native apps without app stores
### π 15-Layer Military Security
1. **WebRTC DTLS** β Transport encryption
2. **ECDH P-384** β Perfect forward secrecy
3. **AES-GCM 256** β Authenticated encryption
4. **ECDSA P-384** β Message integrity
5. **Replay protection** β Timestamp validation
6. **Key rotation** β Every 5 minutes/100 messages
7. **MITM verification** β Out-of-band codes
8. **Traffic obfuscation** β Pattern masking
9. **Metadata protection** β Zero leakage
10. **Memory protection** β No persistent storage
11. **Hardware security** β Non-extractable keys
12. **Session isolation** β Complete cleanup
13. **Mutex framework** β Race condition protection
14. **Secure key storage** β WeakMap isolation
15. **Production logging** β Data sanitization
16. **ASN.1 validation** β Complete key structure verification
17. **OID validation** β Algorithm and curve verification
18. **EC point validation** β Format and structure verification
### π Advanced Privacy
* **Complete anonymity** β no registration required
* **Zero data collection** β messages only in browser memory
* **Traffic analysis resistance** β fake traffic generation
* **Censorship resistance** β no servers to block
* **Instant anonymous channels** β connect in seconds
* **Secure file transfers** β encrypted P2P file sharing
---
## π‘οΈ Security Comparison
| Feature | **SecureBit.chat** | Signal | Threema | Session |
| --------------------------- | ----------------------------- | ---------------------------- | --------------------- | ---------------------- |
| **Architecture** | π Pure P2P WebRTC | β Centralized servers | β Centralized servers | β οΈ Onion network |
| **Payment Integration** | β None | β None | β None | β None |
| **File Transfer** | π P2P encrypted + chunked | β
Encrypted via servers | β
Encrypted via servers | β
Encrypted via servers |
| **PWA Support** | π Full PWA installation | β None | β None | β None |
| **Registration** | π Anonymous | β Phone required | β
ID generated | β
Random ID |
| **Traffic Obfuscation** | π Advanced fake traffic | β None | β None | β
Onion routing |
| **Censorship Resistance** | π Hard to block | β οΈ Blocked in some countries | β οΈ May be blocked | β
Onion routing |
| **Data Storage** | π Zero storage | β οΈ Local database | β οΈ Local + backup | β οΈ Local database |
| **Economic Model** | β
Open-source | β οΈ Donations dependent | β
Oneβtime purchase | β οΈ Donations dependent |
| **Metadata Protection** | π Full encryption | β οΈ Sealed Sender (partial) | β οΈ Minimal metadata | β
Onion routing |
| **Key Security** | π Nonβextractable + hardware | β
Secure storage | β
Local storage | β
Secure storage |
| **Perfect Forward Secrecy** | π Auto rotation (5 min) | β
Double Ratchet | β οΈ Partial (groups) | β
Session Ratchet |
| **Open Source** | π 100% + auditable | β
Fully open | β οΈ Only clients | β
Fully open |
| **ASN.1 Validation** | π Complete structure verification | β οΈ Basic validation | β οΈ Basic validation | β οΈ Basic validation |
**Legend:** π Category Leader | β
Excellent | β οΈ Partial/Limited | β Not Available
---
## π Quick Start
### Option 1: Use Online (Recommended)
1. **Visit:** [https://securebitchat.github.io/securebit-chat/](https://securebitchat.github.io/securebit-chat/)
2. **Install PWA:** Click "Install" button for native app experience
3. **Choose:** *Create Channel* or *Join Channel*
4. **Complete:** Secure key exchange with verification
5. **Verify:** Security codes and start a secure chat
6. **Communicate:** With militaryβgrade encryption + secure file transfers
### Option 2: SelfβHost
```bash
# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat
# Serve locally (choose one method)
python -m http.server 8000 # Python
npx serve . # Node.js
php -S localhost:8000 # PHP
# Open browser
open http://localhost:8000
```
---
## π Secure File Transfer
### Features
* **P2P Direct Transfer** β No servers involved, direct WebRTC channels
* **Military-Grade Encryption** β AES-GCM 256-bit + ECDH P-384
* **Chunk-Level Security** β Each file chunk individually encrypted
* **Hash Validation** β SHA-384 checksums prevent tampering
* **Automatic Recovery** β Retry mechanisms for interrupted transfers
* **Stream Isolation** β Separate channels from chat messages
### Supported File Types
* **Documents:** PDF, DOC, TXT, MD
* **Images:** JPG, PNG, GIF, WEBP
* **Archives:** ZIP, RAR, 7Z
* **Media:** MP3, MP4, AVI (size limits apply)
* **General:** Any file type up to size limits
### Security Guarantees
* End-to-end encryption with perfect forward secrecy
* MITM attack prevention through hash validation
* Zero server storage β files transfer directly P2P
* Complete cleanup after transfer completion
---
---
## π§ Technical Architecture
### Cryptographic Stack
```
π File Transfer Layer: AES-GCM 256-bit + SHA-384 + Chunking
π Application Layer: AES-GCM 256-bit + ECDSA P-384
π Key Exchange: ECDH P-384 (Perfect Forward Secrecy)
π‘οΈ Transport Layer: WebRTC DTLS 1.2
π Network Layer: P2P WebRTC Data Channels
π± PWA Layer: Service Workers + Cache API
π ASN.1 Layer: Complete DER parsing and validation
```
### Security Standards
* NIST SP 800β56A β ECDH Key Agreement
* NIST SP 800β186 β Elliptic Curve Cryptography
* RFC 6090 β Fundamental ECC Algorithms
* RFC 8446 β TLS 1.3 for WebRTC
* RFC 3874 β SHA-384 Hash Algorithm
* RFC 5280 β X.509 Certificate Structure
* RFC 5480 β Elliptic Curve Subject Public Key Information
### Browser Requirements
* Modern browser with WebRTC support (Chrome 60+, Firefox 60+, Safari 12+)
* HTTPS connection (required for WebRTC and PWA)
* JavaScript enabled
* Service Worker support for PWA features
---
## πΊοΈ Development Roadmap
**Current:** v4.02.442 β ASN.1 Validation & Enhanced Security Edition β
* Complete ASN.1 DER parser for key structure validation
* Enhanced key security with OID and EC point verification
* Breaking changes for improved security standards
* Full PKCS compliance for all cryptographic operations
**Previous:** v4.01.441 β PWA & File Transfer Edition β
* Progressive Web App installation
* Secure P2P file transfer system
* Enhanced security testing and MITM protection
* Improved memory cleanup algorithms
**Next Releases**
### v4.5 (Q2 2025) β Mobile & Desktop Apps
* Native mobile applications (iOS/Android)
* Electron desktop application
* Push notifications
* Crossβdevice synchronization
* Enhanced PWA features
### v5.0 (Q4 2025) β QuantumβResistant Edition
* CRYSTALSβKyber postβquantum key exchange
* SPHINCS+ postβquantum signatures
* Hybrid classical + postβquantum schemes
* Quantumβsafe migration path
### v5.5 (Q2 2026) β Group Communications
* P2P group chats (up to 8 participants)
* Mesh networking topology
* Anonymous group administration
* Group file sharing
### v6.0 (2027) β Decentralized Network
* DHTβbased peer discovery
* Builtβin onion routing
* Decentralized identity system
* Node incentive mechanisms
---
## π§ͺ Development
### Project Structure
```
securebit-chat/
βββ index.html # Main application
βββ manifest.json # PWA manifest
βββ sw.js # Service worker
βββ browserconfig.xml # Browser configuration for PWA
βββ src/
β βββ components/ui/ # React UI components
β β βββ DownloadApps.js # PWA download/install component
β β βββ FileTransfer.js # File transfer UI component
β β βββ ... # Other UI components
β βββ crypto/ # Cryptographic utilities
β β βββ ASN1Validator.js # Complete ASN.1 DER parser
β βββ network/ # WebRTC P2P manager
β βββ session/ # Payment session manager
β βββ transfer/ # File transfer system
β β βββ EnhancedSecureFileTransfer.js # Secure P2P file transfer
β βββ pwa/ # PWA management
β β βββ install-prompt.js # PWA installation prompts
β β βββ offline-manager.js # Offline mode management
β β βββ pwa-manager.js # PWA lifecycle management
β βββ styles/ # CSS styling
β βββ pwa.css # PWA-specific styles
β βββ ... # Other stylesheets
βββ logo/ # Wallet logos and icons
βββ docs/ # Documentation
βββ README.md # This file
```
### Technology Stack
* **Frontend:** Pure JavaScript + React (via CDN)
* **PWA:** Service Workers + Cache API + Web App Manifest + Install Prompts
* **Cryptography:** Web Crypto API + custom ECDH/ECDSA + ASN.1 DER parser
* **Network:** WebRTC P2P Data Channels
* **File Transfer:** Enhanced secure P2P streaming with chunked encryption
* **Payments:** Lightning Network via WebLN
* **Offline Support:** Smart caching with offline-manager
* **Styling:** TailwindCSS + custom CSS + PWA-specific styles
### Development Setup
```bash
# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat
# No build process required β pure clientβside
# Just serve the files over HTTPS
# For development
python -m http.server 8000
# For production
# Deploy to any static hosting (GitHub Pages, Netlify, etc.)
```
---
## π‘οΈ Security
### Security Audit Status
* β
Internal cryptographic review completed
* β
P2P protocol security analysis completed
* β
File transfer security validation completed
* β
MITM and replay attack resistance verified
* β
ASN.1 validation and key structure verification completed
* π Professional security audit planned Q3 2025
* π Postβquantum cryptography review for v5.0
### Vulnerability Reporting
See **SECURITY.md** for detailed security policy and reporting instructions.
Contact: **[SecureBitChat@proton.me](mailto:SecureBitChat@proton.me)**
### Security Features
* Perfect Forward Secrecy β Past messages and files secure even if keys compromised
* Outβofβband verification β Prevents manβinβtheβmiddle attacks
* Traffic obfuscation β Defeats network analysis
* Memory protection β No persistent storage of sensitive data
* Session isolation β Complete cleanup between sessions
* File integrity β SHA-384 hash validation prevents tampering
* Chunked encryption β Individual encryption per file block
* **ASN.1 validation** β Complete key structure verification according to PKCS standards
* **OID validation** β Algorithm and curve verification for cryptographic operations
* **EC point validation** β Format and structure verification for elliptic curve keys
---
## π Performance
### Benchmarks
* Connection setup: < 3 seconds
* Message latency: < 100 ms (P2P direct)
* File transfer speed: Up to 5 MB/s per connection
* Throughput: Up to 1 MB/s per connection
* Memory usage: < 50 MB for active session
* Battery impact: Minimal (optimized WebRTC)
* PWA install size: < 2 MB
* **Key validation time:** < 10 ms (ASN.1 parsing)
### Scalability
* Concurrent connections: Limited by device capabilities
* Message size: Up to 2000 characters
* File size: Up to 100 MB per file
* File types: All formats supported
* Group size: Up to 8 participants (v5.5)
---
## π License
MIT License β see **LICENSE** file for details.
### Open Source Commitment
* 100% open source β full transparency
* MIT license β maximum freedom
* No telemetry β zero data collection
* Communityβdriven β contributions welcome
---
## π€ Contributing
We welcome contributions from the community!
### How to Contribute
1. Fork the repository
2. Create a feature branch: `git checkout -b feature/amazing-feature`
3. Commit your changes: `git commit -m "Add amazing feature"`
4. Push to the branch: `git push origin feature/amazing-feature`
5. Open a Pull Request
### Contribution Areas
* π Cryptography β Security improvements and audits
* π Network β P2P optimization and reliability
* π File Transfer β EnhancedSecureFileTransfer improvements
* π± PWA β Install prompts, offline management, and PWA lifecycle
* π¨ UI/UX β Interface improvements, FileTransfer and DownloadApps components
* π Documentation β Guides, tutorials, translations
* **π ASN.1 Validation** β Enhanced key structure verification and parsing
### Development Guidelines
* Follow existing code style
* Add tests for new features
* Update documentation
* Respect securityβfirst principles
* Test PWA functionality across devices
* **Validate all cryptographic operations** with enhanced ASN.1 parsing
---
## π Contact & Support
### Official Channels
* Email: **[SecureBitChat@proton.me](mailto:SecureBitChat@proton.me)**
* GitHub: **Issues & Discussions**
* Security: **[SecureBitChat@proton.me](mailto:SecureBitChat@proton.me)**
### Community
* Discussions: GitHub Discussions for feature requests
* Issues: Bug reports and technical support
* Wiki: Documentation and guides
---
## β οΈ Important Disclaimers
### Security Notice
While SecureBit.chat implements military-grade cryptography and follows security best practices, no communication system is 100% secure. Users should:
* Always verify security codes out-of-band
* Keep devices and browsers updated
* Be aware of endpoint security risks
* **File transfers are protected with the same military-grade cryptography as chat messages**
* **All cryptographic keys now undergo complete ASN.1 structure validation**
### Legal Notice
This software is provided "as is" for educational and research purposes. Users are responsible for compliance with local laws and regulations regarding:
* Cryptographic software usage
* Private communications
* File sharing and transfer
### Privacy Statement
SecureBit.chat:
* Collects zero data - no analytics, tracking, or telemetry
* Stores nothing - all data exists only in browser memory
* Requires no registration - completely anonymous usage
* Uses no servers - direct P2P connections only
* **Files are transferred directly P2P with zero server storage**
---
## π― Why Choose SecureBit.chat?
### For Privacy Advocates
* True zero-knowledge architecture
* Military-grade encryption standards
* Complete anonymity and untraceability
* Resistance to censorship and surveillance
* **Secure P2P file sharing without servers**
* **Complete ASN.1 validation for cryptographic keys**
### For Mobile Users
* **Progressive Web App installation**
* **Offline mode support**
* **Native app experience without app stores**
* **Works on all modern mobile devices**
### For Developers
* 100% open source transparency
* Modern cryptographic standards
* Clean, auditable codebase
* Extensible modular architecture
* **PWA best practices implementation**
* **Complete ASN.1 DER parser for key validation**
### For Everyone
* **Install like native apps**
* **Works offline with session persistence**
* Works on all modern devices
* Intuitive user interface
* Professional security standards
* **Secure file transfers included**
* **Enhanced key security with ASN.1 validation**
---
## π§ Development Workflow
### Making Changes and Recompiling
When you make changes to the source code, you need to recompile the assets. Here's the proper workflow:
#### 1. **CSS Changes** (Tailwind classes, styles)
```bash
# Rebuild only CSS
npm run build:css
# Or watch for changes during development
npm run watch
```
#### 2. **JavaScript/JSX Changes** (React components, logic)
```bash
# Rebuild only JavaScript
npm run build:js
# Or rebuild everything
npm run build
```
#### 3. **Full Rebuild** (recommended after major changes)
```bash
# Complete rebuild of all assets
npm run build
```
#### 4. **Development with Live Server**
```bash
# Build and start development server
npm run dev
# Or use custom server
npm run serve
```
### File Structure After Build
```
βββ assets/
β βββ tailwind.css # β Generated from src/styles/tw-input.css
β βββ fontawesome/ # β Local Font Awesome assets
β βββ fonts/ # β Local Google Fonts
βββ dist/
β βββ app.js # β Generated from src/app.jsx
β βββ app-boot.js # β Generated from src/scripts/app-boot.js
β βββ qr-local.js # β Generated from src/scripts/qr-local.js
βββ src/ # β Source files (edit these)
βββ app.jsx
βββ scripts/
βββ styles/
βββ components/
```
### Important Notes
- **Always rebuild after changes** to see them in the browser
- **CSS changes** require `npm run build:css`
- **JS/JSX changes** require `npm run build:js`
- **Source files** are in `src/` directory
- **Generated files** are in `assets/` and `dist/` directories
- **Never edit** files in `assets/` or `dist/` directly
### Troubleshooting Build Issues
#### CSS not updating?
```bash
# Clear cache and rebuild
rm assets/tailwind.css
npm run build:css
```
#### JavaScript errors?
```bash
# Check for syntax errors in source files
npm run build:js
```
#### All changes not showing?
```bash
# Hard refresh browser (Ctrl+F5) or clear browser cache
# Then rebuild everything
npm run build
```
---
**SecureBit.chat Security Team**
*Committed to protecting your privacy with military-grade security*
**Report vulnerabilities:** SecureBitChat@proton.me
---
**Latest Release: v4.02.442** β ASN.1 Validation & Enhanced Security