# SecureBit.chat v4.02.985 - ECDH + DTLS + SAS
**The world's first P2P messenger with ECDH + DTLS + SAS security, Lightning Network payments and military-grade cryptography**
[](https://github.com/SecureBitChat/securebit-chat/releases/latest)
[](https://securebitchat.github.io/securebit-chat/)
[](https://opensource.org/licenses/MIT)
[]()
---
## โจ What's New in v4.02.985 - ECDH + DTLS + SAS
### ๐ก๏ธ Revolutionary ECDH + DTLS + SAS Security System
* **Complete PAKE removal** - Eliminated libsodium dependency and PAKE-based authentication
* **ECDH key exchange** - Elliptic Curve Diffie-Hellman for secure key establishment
* **DTLS fingerprint verification** - Transport layer security validation using WebRTC certificates
* **SAS (Short Authentication String)** - 7-digit verification code for MITM attack prevention
* **Single code generation** - SAS generated once on Offer side and shared with Answer side
* **Mutual verification** - Both users must confirm the same SAS code to establish connection
* **Enhanced MITM protection** - Multi-layer defense against man-in-the-middle attacks
* **Real-time verification** - Immediate feedback on connection security status
### ๐ ASN.1 Full Structure Validation (BREAKING CHANGE)
* **Complete ASN.1 DER parser** for comprehensive key structure verification
* **OID validation** for algorithms and curves (P-256/P-384 only)
* **EC point format verification** (uncompressed format 0x04)
* **SPKI structure validation** with element count and type checking
* **Key size limits** (50-2000 bytes) to prevent DoS attacks
* **BIT STRING validation** ensuring unused bits are 0
* **Fallback support** from P-384 to P-256 for compatibility
* **High-risk vulnerability fix** where keys with valid headers but modified data could be accepted
### ๐ Enhanced Key Security
* **Full structural validation** according to PKCS standards
* **Complete rewrite** of `validateKeyStructure()` method
* **Enhanced validation** for all key import/export operations
* **Military-grade key verification** exceeding previous standards
### ๐ Comprehensive Connection Security Overhaul
* **Advanced mutex framework** with 15-second timeout protection
* **Race condition prevention** through atomic key generation
* **Multi-stage validation pipeline** with automatic rollback
* **Enhanced MITM protection** with unique encryption key fingerprints
* **Session ID anti-hijacking** with mutual authentication challenges
* **Package integrity validation** for all connection operations
### ๐ Secure Key Storage System
* **WeakMap-based isolation** for all cryptographic keys
* **Private key storage** replacing public key properties
* **Secure access methods** with validation and rotation
* **Emergency key wipe** capabilities for threat response
* **Key security monitoring** with lifetime limits enforcement
* **Backward compatibility** maintained through getters/setters
### ๐ก๏ธ Production-Ready Security Logging
* **Environment-aware logging** (production vs development)
* **Data sanitization** preventing sensitive information leaks
* **Rate limiting** and automatic memory cleanup
* **Secure debugging** without exposing encryption keys
* **Privacy protection** while maintaining useful diagnostics
### ๐ฑ Progressive Web App (PWA)
* **Install directly** on mobile and desktop devices
* **Offline mode support** with session persistence
* **Improved performance** through smart caching and service workers
* **Native app experience** without app store requirements
### ๐ Secure File Transfer
* **End-to-end encrypted** file transfers over pure P2P WebRTC channels
* **File chunking** with individual encryption per block
* **Hash validation** for every chunk to prevent tampering or MITM attacks
* **Automatic recovery** for lost packets and interrupted transfers
* **AES-GCM 256-bit + ECDH P-384** encryption for files
* **SHA-384 checksums** for integrity enforcement
### ๐ Enhanced Security Testing
* **Comprehensive data leakage testing** of chat sessions
* **Verified MITM and replay attack resistance**
* **Enhanced memory cleanup algorithms** for session termination
* **Isolated file streams** separated from chat channels
---
## ๐ Try It Now
### ๐ [Live Demo โ SecureBit.chat](https://securebitchat.github.io/securebit-chat/)
*No installation required โ works directly in your browser with military-grade encryption.*
**New:** Install as PWA for native app experience on mobile and desktop!
---
## โจ What Makes SecureBit.chat Unique
### ๐ Industry Leader
* **Dominates in 11/15 security categories** vs Signal, Threema, Session
* **First messenger** with Lightning Network integration
* **Military-grade cryptography** exceeding government standards
* **Zero servers** โ truly decentralized P2P architecture
* **PWA technology** โ install like native apps without app stores
### โก Lightning Network Pioneer
* **Instant satoshi payments** for secure sessions
* **Pay-per-session model** โ no ads, no data harvesting
* **WebLN integration** with all major Lightning wallets
* **Sustainable economics** for private communication
### ๐ 15-Layer Military Security
1. **WebRTC DTLS** โ Transport encryption
2. **ECDH P-384** โ Perfect forward secrecy
3. **AES-GCM 256** โ Authenticated encryption
4. **ECDSA P-384** โ Message integrity
5. **Replay protection** โ Timestamp validation
6. **Key rotation** โ Every 5 minutes/100 messages
7. **MITM verification** โ Out-of-band codes
8. **Traffic obfuscation** โ Pattern masking
9. **Metadata protection** โ Zero leakage
10. **Memory protection** โ No persistent storage
11. **Hardware security** โ Non-extractable keys
12. **Session isolation** โ Complete cleanup
13. **Mutex framework** โ Race condition protection
14. **Secure key storage** โ WeakMap isolation
15. **Production logging** โ Data sanitization
16. **ASN.1 validation** โ Complete key structure verification
17. **OID validation** โ Algorithm and curve verification
18. **EC point validation** โ Format and structure verification
### ๐ญ Advanced Privacy
* **Complete anonymity** โ no registration required
* **Zero data collection** โ messages only in browser memory
* **Traffic analysis resistance** โ fake traffic generation
* **Censorship resistance** โ no servers to block
* **Instant anonymous channels** โ connect in seconds
* **Secure file transfers** โ encrypted P2P file sharing
---
## ๐ก๏ธ Security Comparison
| Feature | **SecureBit.chat** | Signal | Threema | Session |
| --------------------------- | ----------------------------- | ---------------------------- | --------------------- | ---------------------- |
| **Architecture** | ๐ Pure P2P WebRTC | โ Centralized servers | โ Centralized servers | โ ๏ธ Onion network |
| **Payment Integration** | ๐ Lightning Network | โ None | โ None | โ None |
| **File Transfer** | ๐ P2P encrypted + chunked | โ
Encrypted via servers | โ
Encrypted via servers | โ
Encrypted via servers |
| **PWA Support** | ๐ Full PWA installation | โ None | โ None | โ None |
| **Registration** | ๐ Anonymous | โ Phone required | โ
ID generated | โ
Random ID |
| **Traffic Obfuscation** | ๐ Advanced fake traffic | โ None | โ None | โ
Onion routing |
| **Censorship Resistance** | ๐ Hard to block | โ ๏ธ Blocked in some countries | โ ๏ธ May be blocked | โ
Onion routing |
| **Data Storage** | ๐ Zero storage | โ ๏ธ Local database | โ ๏ธ Local + backup | โ ๏ธ Local database |
| **Economic Model** | ๐ Payโperโsession | โ ๏ธ Donations dependent | โ
Oneโtime purchase | โ ๏ธ Donations dependent |
| **Metadata Protection** | ๐ Full encryption | โ ๏ธ Sealed Sender (partial) | โ ๏ธ Minimal metadata | โ
Onion routing |
| **Key Security** | ๐ Nonโextractable + hardware | โ
Secure storage | โ
Local storage | โ
Secure storage |
| **Perfect Forward Secrecy** | ๐ Auto rotation (5 min) | โ
Double Ratchet | โ ๏ธ Partial (groups) | โ
Session Ratchet |
| **Open Source** | ๐ 100% + auditable | โ
Fully open | โ ๏ธ Only clients | โ
Fully open |
| **ASN.1 Validation** | ๐ Complete structure verification | โ ๏ธ Basic validation | โ ๏ธ Basic validation | โ ๏ธ Basic validation |
**Legend:** ๐ Category Leader | โ
Excellent | โ ๏ธ Partial/Limited | โ Not Available
---
## ๐ Quick Start
### Option 1: Use Online (Recommended)
1. **Visit:** [https://securebitchat.github.io/securebit-chat/](https://securebitchat.github.io/securebit-chat/)
2. **Install PWA:** Click "Install" button for native app experience
3. **Choose:** *Create Channel* or *Join Channel*
4. **Complete:** Secure key exchange with verification
5. **Select:** Session type (Demo / Basic / Premium)
6. **Communicate:** With militaryโgrade encryption + secure file transfers
### Option 2: SelfโHost
```bash
# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat
# Serve locally (choose one method)
python -m http.server 8000 # Python
npx serve . # Node.js
php -S localhost:8000 # PHP
# Open browser
open http://localhost:8000
```
---
## ๐ Secure File Transfer
### Features
* **P2P Direct Transfer** โ No servers involved, direct WebRTC channels
* **Military-Grade Encryption** โ AES-GCM 256-bit + ECDH P-384
* **Chunk-Level Security** โ Each file chunk individually encrypted
* **Hash Validation** โ SHA-384 checksums prevent tampering
* **Automatic Recovery** โ Retry mechanisms for interrupted transfers
* **Stream Isolation** โ Separate channels from chat messages
### Supported File Types
* **Documents:** PDF, DOC, TXT, MD
* **Images:** JPG, PNG, GIF, WEBP
* **Archives:** ZIP, RAR, 7Z
* **Media:** MP3, MP4, AVI (size limits apply)
* **General:** Any file type up to size limits
### Security Guarantees
* End-to-end encryption with perfect forward secrecy
* MITM attack prevention through hash validation
* Zero server storage โ files transfer directly P2P
* Complete cleanup after transfer completion
---
## โก Lightning Network Integration
### Session Types
* **๐ฎ Demo:** 6 minutes free (testing)
* **โก Basic:** 1 hour for 50 satoshis
* **๐ Premium:** 6 hours for 200 satoshis
### Supported Wallets
| Wallet | WebLN | Mobile | Desktop |
| ----------------- | :---: | :----: | :-----: |
| Alby | โ
| โ
| โ
|
| Zeus | โ
| โ
| โ
|
| Wallet of Satoshi | โ
| โ
| โ |
| Muun | โ ๏ธ | โ
| โ |
| Breez | โ
| โ
| โ |
| Strike | โ
| โ
| โ
|
*And many more WebLNโcompatible wallets.*
---
## ๐ง Technical Architecture
### Cryptographic Stack
```
๐ File Transfer Layer: AES-GCM 256-bit + SHA-384 + Chunking
๐ Application Layer: AES-GCM 256-bit + ECDSA P-384
๐ Key Exchange: ECDH P-384 (Perfect Forward Secrecy)
๐ก๏ธ Transport Layer: WebRTC DTLS 1.2
๐ Network Layer: P2P WebRTC Data Channels
โก Payment Layer: Lightning Network + WebLN
๐ฑ PWA Layer: Service Workers + Cache API
๐ ASN.1 Layer: Complete DER parsing and validation
```
### Security Standards
* NIST SP 800โ56A โ ECDH Key Agreement
* NIST SP 800โ186 โ Elliptic Curve Cryptography
* RFC 6090 โ Fundamental ECC Algorithms
* RFC 8446 โ TLS 1.3 for WebRTC
* RFC 3874 โ SHA-384 Hash Algorithm
* RFC 5280 โ X.509 Certificate Structure
* RFC 5480 โ Elliptic Curve Subject Public Key Information
### Browser Requirements
* Modern browser with WebRTC support (Chrome 60+, Firefox 60+, Safari 12+)
* HTTPS connection (required for WebRTC and PWA)
* JavaScript enabled
* Lightning wallet with WebLN (for payments)
* Service Worker support for PWA features
---
## ๐บ๏ธ Development Roadmap
**Current:** v4.02.442 โ ASN.1 Validation & Enhanced Security Edition โ
* Complete ASN.1 DER parser for key structure validation
* Enhanced key security with OID and EC point verification
* Breaking changes for improved security standards
* Full PKCS compliance for all cryptographic operations
**Previous:** v4.01.441 โ PWA & File Transfer Edition โ
* Progressive Web App installation
* Secure P2P file transfer system
* Enhanced security testing and MITM protection
* Improved memory cleanup algorithms
**Next Releases**
### v4.5 (Q2 2025) โ Mobile & Desktop Apps
* Native mobile applications (iOS/Android)
* Electron desktop application
* Push notifications
* Crossโdevice synchronization
* Enhanced PWA features
### v5.0 (Q4 2025) โ QuantumโResistant Edition
* CRYSTALSโKyber postโquantum key exchange
* SPHINCS+ postโquantum signatures
* Hybrid classical + postโquantum schemes
* Quantumโsafe migration path
### v5.5 (Q2 2026) โ Group Communications
* P2P group chats (up to 8 participants)
* Mesh networking topology
* Group Lightning payments
* Anonymous group administration
* Group file sharing
### v6.0 (2027) โ Decentralized Network
* DHTโbased peer discovery
* Builtโin onion routing
* Decentralized identity system
* Node incentive mechanisms
---
## ๐งช Development
### Project Structure
```
securebit-chat/
โโโ index.html # Main application
โโโ manifest.json # PWA manifest
โโโ sw.js # Service worker
โโโ browserconfig.xml # Browser configuration for PWA
โโโ src/
โ โโโ components/ui/ # React UI components
โ โ โโโ DownloadApps.js # PWA download/install component
โ โ โโโ FileTransfer.js # File transfer UI component
โ โ โโโ ... # Other UI components
โ โโโ crypto/ # Cryptographic utilities
โ โ โโโ ASN1Validator.js # Complete ASN.1 DER parser
โ โโโ network/ # WebRTC P2P manager
โ โโโ session/ # Payment session manager
โ โโโ transfer/ # File transfer system
โ โ โโโ EnhancedSecureFileTransfer.js # Secure P2P file transfer
โ โโโ pwa/ # PWA management
โ โ โโโ install-prompt.js # PWA installation prompts
โ โ โโโ offline-manager.js # Offline mode management
โ โ โโโ pwa-manager.js # PWA lifecycle management
โ โโโ styles/ # CSS styling
โ โโโ pwa.css # PWA-specific styles
โ โโโ ... # Other stylesheets
โโโ logo/ # Wallet logos and icons
โโโ docs/ # Documentation
โโโ README.md # This file
```
### Technology Stack
* **Frontend:** Pure JavaScript + React (via CDN)
* **PWA:** Service Workers + Cache API + Web App Manifest + Install Prompts
* **Cryptography:** Web Crypto API + custom ECDH/ECDSA + ASN.1 DER parser
* **Network:** WebRTC P2P Data Channels
* **File Transfer:** Enhanced secure P2P streaming with chunked encryption
* **Payments:** Lightning Network via WebLN
* **Offline Support:** Smart caching with offline-manager
* **Styling:** TailwindCSS + custom CSS + PWA-specific styles
### Development Setup
```bash
# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat
# No build process required โ pure clientโside
# Just serve the files over HTTPS
# For development
python -m http.server 8000
# For production
# Deploy to any static hosting (GitHub Pages, Netlify, etc.)
```
---
## ๐ก๏ธ Security
### Security Audit Status
* โ
Internal cryptographic review completed
* โ
P2P protocol security analysis completed
* โ
File transfer security validation completed
* โ
MITM and replay attack resistance verified
* โ
ASN.1 validation and key structure verification completed
* ๐ Professional security audit planned Q3 2025
* ๐ Postโquantum cryptography review for v5.0
### Vulnerability Reporting
See **SECURITY.md** for detailed security policy and reporting instructions.
Contact: **[SecureBitChat@proton.me](mailto:SecureBitChat@proton.me)**
### Security Features
* Perfect Forward Secrecy โ Past messages and files secure even if keys compromised
* Outโofโband verification โ Prevents manโinโtheโmiddle attacks
* Traffic obfuscation โ Defeats network analysis
* Memory protection โ No persistent storage of sensitive data
* Session isolation โ Complete cleanup between sessions
* File integrity โ SHA-384 hash validation prevents tampering
* Chunked encryption โ Individual encryption per file block
* **ASN.1 validation** โ Complete key structure verification according to PKCS standards
* **OID validation** โ Algorithm and curve verification for cryptographic operations
* **EC point validation** โ Format and structure verification for elliptic curve keys
---
## ๐ Performance
### Benchmarks
* Connection setup: < 3 seconds
* Message latency: < 100 ms (P2P direct)
* File transfer speed: Up to 5 MB/s per connection
* Throughput: Up to 1 MB/s per connection
* Memory usage: < 50 MB for active session
* Battery impact: Minimal (optimized WebRTC)
* PWA install size: < 2 MB
* **Key validation time:** < 10 ms (ASN.1 parsing)
### Scalability
* Concurrent connections: Limited by device capabilities
* Message size: Up to 2000 characters
* File size: Up to 100 MB per file
* File types: All formats supported
* Group size: Up to 8 participants (v5.5)
---
## ๐ License
MIT License โ see **LICENSE** file for details.
### Open Source Commitment
* 100% open source โ full transparency
* MIT license โ maximum freedom
* No telemetry โ zero data collection
* Communityโdriven โ contributions welcome
---
## ๐ค Contributing
We welcome contributions from the community!
### How to Contribute
1. Fork the repository
2. Create a feature branch: `git checkout -b feature/amazing-feature`
3. Commit your changes: `git commit -m "Add amazing feature"`
4. Push to the branch: `git push origin feature/amazing-feature`
5. Open a Pull Request
### Contribution Areas
* ๐ Cryptography โ Security improvements and audits
* ๐ Network โ P2P optimization and reliability
* โก Lightning โ Payment integration enhancements
* ๐ File Transfer โ EnhancedSecureFileTransfer improvements
* ๐ฑ PWA โ Install prompts, offline management, and PWA lifecycle
* ๐จ UI/UX โ Interface improvements, FileTransfer and DownloadApps components
* ๐ Documentation โ Guides, tutorials, translations
* **๐ ASN.1 Validation** โ Enhanced key structure verification and parsing
### Development Guidelines
* Follow existing code style
* Add tests for new features
* Update documentation
* Respect securityโfirst principles
* Test PWA functionality across devices
* **Validate all cryptographic operations** with enhanced ASN.1 parsing
---
## ๐ Contact & Support
### Official Channels
* Email: **[SecureBitChat@proton.me](mailto:SecureBitChat@proton.me)**
* GitHub: **Issues & Discussions**
* Security: **[SecureBitChat@proton.me](mailto:SecureBitChat@proton.me)**
### Community
* Discussions: GitHub Discussions for feature requests
* Issues: Bug reports and technical support
* Wiki: Documentation and guides
---
## โ ๏ธ Important Disclaimers
### Security Notice
While SecureBit.chat implements military-grade cryptography and follows security best practices, no communication system is 100% secure. Users should:
* Always verify security codes out-of-band
* Keep devices and browsers updated
* Be aware of endpoint security risks
* Use reputable Lightning wallets
* **File transfers are protected with the same military-grade cryptography as chat messages**
* **All cryptographic keys now undergo complete ASN.1 structure validation**
### Legal Notice
This software is provided "as is" for educational and research purposes. Users are responsible for compliance with local laws and regulations regarding:
* Cryptographic software usage
* Private communications
* Bitcoin/Lightning Network transactions
* File sharing and transfer
### Privacy Statement
SecureBit.chat:
* Collects zero data - no analytics, tracking, or telemetry
* Stores nothing - all data exists only in browser memory
* Requires no registration - completely anonymous usage
* Uses no servers - direct P2P connections only
* **Files are transferred directly P2P with zero server storage**
---
## ๐ฏ Why Choose SecureBit.chat?
### For Privacy Advocates
* True zero-knowledge architecture
* Military-grade encryption standards
* Complete anonymity and untraceability
* Resistance to censorship and surveillance
* **Secure P2P file sharing without servers**
* **Complete ASN.1 validation for cryptographic keys**
### For Bitcoin/Lightning Users
* Native Lightning Network integration
* Sustainable pay-per-session model
* Support for all major Lightning wallets
* No KYC or account requirements
### For Mobile Users
* **Progressive Web App installation**
* **Offline mode support**
* **Native app experience without app stores**
* **Works on all modern mobile devices**
### For Developers
* 100% open source transparency
* Modern cryptographic standards
* Clean, auditable codebase
* Extensible modular architecture
* **PWA best practices implementation**
* **Complete ASN.1 DER parser for key validation**
### For Everyone
* **Install like native apps**
* **Works offline with session persistence**
* Works on all modern devices
* Intuitive user interface
* Professional security standards
* **Secure file transfers included**
* **Enhanced key security with ASN.1 validation**
---
**SecureBit.chat Security Team**
*Committed to protecting your privacy with military-grade security*
**Report vulnerabilities:** SecureBitChat@proton.me
---
**Latest Release: v4.02.442** โ ASN.1 Validation & Enhanced Security