From Wikibooks, open books for an open world
Jump to: navigation, search

Goldbug - Secure Email Client & Instant Messaging User Manual

Figure 1: GOLDBUG-Logo

Secure Email Client & Instant Messaging

(Status-Notification: October 21 /2016. This text and its images are in the public domain (ie, are open source) and can be used, altered or published by anyone.)


What is Goldbug?[edit]

GoldBug is a secure email program, which does several useful things. In addition to secure email, there is secure, real time, internet chat. This means that every data packet sent and received is carefully encrypted. Further, GoldBug uses only unbroken cyphers and encryption schemes, which is the only reasonable approach to the use of cyphers of any kind. GoldBug also includes methods to avoid using the standard Internet address resolution mechanisms (ie, DNS which was incautiously designed some decades ago and has been interfered with several times by hostile parties), so your use of email and chat can continue even when an attack has rendered much of the Internet inoperable for a time.

When using GoldBug for email or chat you can be sure that no third party (eg, perhaps a criminal wanting to steal banking details) can eavesdrop on your conversations. User-to-user communication remains private and stays within a "protected" space. To do this on your behalf, GoldBug uses high quality multiple encryption, also called hybrid encryption, to make its use both more practical (keys can be easier to remember, easier to change as needed) and more efficient (ie, quicker encryption and decryption). It uses, well established (and not yet broken) cryptographic techniques from well implemented encryption libraries - such as libgcrypt (a part of the Internet standard GnuPG package) and OpenSSL. GoldBug generates the public / private key pairs required (for several asymmetric encryption algorithms) and the secret keys required for much faster symmetric key encryption algorithms as needed, and securely exchanges them with correspondents, so that your are freed from at least some of the intricacies of safely using encryption for your communications.

GoldBug uses the RSA encryption algorithm, or optionally ElGamal and NTRU or McEliece. The last two algorithms are considered safer in today's cryptographic environment with active attackers and which includes, to some extent, quantum computation. At this writing, GoldBug is the only open source implementation of a cryptographic system using both NTRU and McEliece.

GoldBug offers decentralized and encrypted email and decentralized public IRC-style group chat, but also provides for secure file transfer, thus protecting more than only communications between people just now. Another function allows p2p search (ie, peer-to-peer, without an Internet-wide system with a central server such as Google or Bing).

And, with "Rosetta CryptoPad" and "File Encryptor", GoldBug provides for local file encryption, protecting them even if the computer on which they are stored (yours, perhaps?) is broken into somehow (ie, hacked in common parlance), or even physically stolen (laptops, tablets, and smart phones are of course specially vulnerable).

GoldBug is designed in two cooperating parts: a multi-threaded kernel, and a user interface. The two components are written in the C++ language and require the Qt framework as well as several code libraries (eg, libgcrypt). The required libraries are used in Internet Standard protocols, and are not proprietary. Both versions 4.8.x and 5.x of Qt are supported. GoldBug is available for FreeBSD, Linux, OS X, OS/2, and Windows. As well, it has been compiled for ARM architecture CPUs generally, and for the RaspberryPI credit card sized computers (using an ARM CPU implementation) specifically.

The GoldBug project provides a straightforward user interface, suitable even for beginners, which relyies on code from the existing Spot-On project ( Spot-on was developed in Silicon Valley, and as this is written, identifies itself as an exploratory research project investigating a variety of communication and cryptographic algorithms. It is nonetheless sufficiently mature for ordinary use, in particular within GoldBug.

Why is it important that you encrypt your communications?[edit]

Every message you send over the Internet necessarily passes through several intermediate nodes (other peoples' computers) and servers (other peoples', or more often companies', computers set up to provide a service over the Internet); doing so is, in fact, the fundamental nature of the Internet itself. It is obvious therefore, that every packet (ie, a small chunk of an almost always larger transmission) making up any and every Internet transmission is available to an unknown number of third parties while in transit. Many entities (actually identified or merely known to exist, from governments with great resources to individuals with few) have been identified as having an interest in reading those flying packets, perhaps including yours. In addition, malware running on computers here or there (including perhaps your own) may be sending copies of your traffic somewhere other than you intended, making interception of your packets as they zoom across the Internet wires unnecessary. Thus, to have privacy, by protecting their information and communication from the malicious, everyone should encrypt messages before they are even launched onto the Internet; if done properly, this reduces every eavesdropper to frustrated contemplation of unreadable gibberish with almost no hope of making any sense of it. Which, of course, is exactly the situation anyone wishing to read our communications should find themselves.

It is sometimes claimed that anyone with nothing to hide need not bother to do so. This is untrue, as a little thought should make clear, for nearly everyone has come to do financial transactions over the Internet, and criminals are very interested in that. The malicious will also be interested, even if you have offered no offense to anyone throughout your life. And in general, there is the question of whether one can even control his own communication, from private endearments to business planning, to voting (some jurisdictions are allowing voting over the Internet, for convenience, and despite the civic dangers in doing so), and to most anything else. In addition, anyone having access to or control of your communications could use it to create much trouble, from distributing child pornography using your computer without your knowledge to sending threatening messages to the President or the Pope.

Perhaps even more vital is ultimately a question of whether a loss of privacy might be used for censorship (eg, by government or pressure groups) or unjust prosecution (eg, can a presumption of innocence survive widespread eavesdropping on communication?). Free thought itself may be said, without overmuch exaggeration, to be at risk when communication is subject to inference, spoofing, and exploitation by the mendacious. More broadly, responsible government and democracy itself requires thought and discussion of public policy choices, in most cases privately at first, and then of course publicly.

Quality cryptography, properly implemented and used, can offer considerable assurance of the human right to privacy as stated in United Nations and many national charters of rights. It is worth the time and trouble learning how to use it. GoldBug makes quality cryptography available to all, and makes it possible to use it to protect many ordinary activities.

GoldBug Messenger is intended to be a secure and easy to use e-mail client and instant messenger, and in addition includes support for other cryptographic uses. An analogy to automobile use is suggestive. Cars at first did not include such safety provisions as seat belts or anti-lock brakes. The situation was found to be unsatisfactory -- people were killed or injured who need not have been. Today, we use seat belts, airbags, and anti-lock brake systems, in addition to many chassis design provisions. In this analogy, unencrypted email or instant messaging is very like using automobiles without safety equipment. Please encrypt your messages, before you send them out to the Internet. The people you talk to should do the same, and for the same reasons.

But the automobile analogy fails in one respect. GoldBug -- and ALL cryptographic protection of messages -- depends on both ends of the communication link operating in synchrony. This means that both users MUST install compatible cryptography; in most cases, as in the case of GoldBug, this means the same software (within limits, as earlier versions may interact with later ones in some cases). Good cryptographic software checks for this sort of thing and GoldBug does as well. But the fact remains that unless the other user also has, and is using, GoldBug, it will not be possible for GoldBug to protect your privacy. You should tell your friends to use GoldBug! There are versions for most operating systems, for the most important kinds of CPU, and most computer manufacturers. It is easy to keep up to date with the most recent GoldBug version because GoldBug is both freely available (free as in both free beer (no cost) and free to use as you wish since there are no restrictive licenses) and readily available on the Internet.

Why use the name "GoldBug"?[edit]

The GoldBug is a short story by Edgar Allan Poe.

William Legrand has discovered a gold-colored scarab, and his servant, Jupiter, has found a scrap of parchment near the scarab. Legrand has noticed writing on it, and his behavior (including dreams of wealth) concerns Jupiter, who appeals to an acquaintance (the unnamed narrator) for help. He agrees.

After recovering the writing, and decrypting it, the three start out on an adventure as a team ...

The GoldBug story - one of the few to do so in all of literature - integrates encryption as an element of the story. Poe was one of the first to write popular fiction which included cryptography, with his 1843 publication of "The Gold-Bug". It was an instant success and was extremely popular -- the best known of Poe's works during his lifetime.

It was from Poe's famous story that this software project got its name. More than 170 years later, cryptography is more important, even vital, than in Poe's time. Encryption should be the usual way we communicate over the insecure internet.

Encryption: GoldBug provides alternatives to RSA[edit]

GoldBug Messenger includes several alternative cyphers. The reason is a kind of cryptographic common sense. If any becomes inherently insecure (due to advances in mathematical analysis or perhaps to hardware progress (e.g. quantum computing)), another is likely to remain secure.

In addition to RSA, GoldBug has implemented the ElGamal encryption algorithm and also NTRU and McEliece. NTRU, in its most recent versions, and MCEliece (also in the most recent version) are currently thought to be less vulnerable than the others to possible advances in computer hardware performance, notably quantum computing. In fact, there have been some remarkable results proving, under some conditions, that this is so. At this writing, there are no practical quantum computers, but some research has demonstrated that a working quantum computer would have several advantages, including making practical some theoretical attacks against currently secure encryption algorithms. There is considerable research work being done with the aim of making such computers available. None are yet known to be available, but it would be wise to look ahead.

For example, in 02/2016 NIST (the United States government agency which supervises open research and standards in this field) published a Report which stated that RSA is "no longer secure"; this anticipates the possibility of a breakthrough.[1].

GoldBug also provides several optionally available methods for digital signatures, an important aspect of encrypted Internet communciation. Again, these options should allow continuing security in case of cryptanalytic progress against one or another. They include: DSA, ECDSA, EdDSA, ElGamal, and RSA signature algorithms.

And, of course, GoldBug allows each user to choose a key length (longer will be less easily broken than shorter), the encryption cypher to be used in a particular situation, the hash type to be used, and also the "iteration count", and the salt-length in some cases. The advantage for GoldBug users is that each user can individually define these matters, though the defaults were chosen to be sensible in most cases.

It could be called to set manually and individually chosen "Crypto-DNA", which is most important, when end-to-end encryption should be defined. ***?????***

Figure 2: Alternatives to RSA

Figure 2: GoldBug provides alternatives to RSA

RSA, ElGamal, NTRU and McEliece compared[edit]

Currently, GoldBug supports the McEliece, NTRU, ElGamal and RSA encryption algorithms.

The McEliece cryptosystem is an asymmetric encryption algorithm developed in 1978 by Robert McEliece. It was the first such scheme to use randomization in the encryption process. It is a candidate for secure use in an era of quantum computers, as it is immune to attacks using Shor's algorithm and — more generally — to measuring cost states using Fourier sampling. The algorithm is based on the difficulty of inverting a general linear code (which is a problem known to be NP-hard). McEliece, when using a particular type (ie, Goppa codes), has resisted all cryptanalysis to the time of this writing. The McEliece cryptosystem has some advantages over, for example, RSA. as both encryption and decryption are faster, but there are some disadvantages -- keys are much, much, much, larger. (see

NTRU is an asymmetric encryption method developed in 1996 by mathematicians Jeffrey Hoffstein, Jill Pipher and Joseph Silverman. It is based on lattice problems which are widely believed to non-reversible (ie, they are very hard and no way to work them out has been found nor, currently, is one suspected). The most recent version of NTRU is not known to be vulnerable to quantum computer based attacks. However NTRUEncrypt has not, at this writing, been as well studied as more venerable (and more common) methods (e.g. RSA). NTRUEncrypt is standardized by the IEEE as P1363.1 (see

The ElGamal encryption algorithm, or ElGamal cryptosystem, was developed by the cryptographer Taher ElGamal in 1985. It is a public-key encryption scheme which is based on ideas first described by Diffie and Hellman in their pioneering key exchange scheme. The ElGamal encryption scheme is based, as is the Diffie-Hellman key protocol, on operations within a cyclic group of finite order. The ElGamal encryption method is provably IND-CPA secure under the assumption that the decisional Diffie-Hellman problem is not trivial over the underlying group. The ElGamal signature scheme is related to the encryption method, but is not identical. (The ElGamal signature method is not implemented in GoldBug ***contradiction. what is correct???***). ElGamal is not subject to patent licensing (see ).

RSA (named after its inventors Rivest, Shamir and Adleman) is an asymmetric cryptographic algorithm that may be used for both encryption and digital signatures. It uses a pair of keys consisting of a private key used to decrypt or sign data, and a public key. Both keys are generated by GoldBug, at the user's instruction, at some considerable time and effort. Like other asymmetric encryption algorithms, the public key (of a public/private key pair) is transmitted to a correspondent prior to beginning encrypted communications. It may become known to anyone with loss of security. Calculating either key from the other is believed to be computationally infeasible, as in the case of RSA it depends on the difficulty of the integer factorization problem (see Because of recent results regarding RSA's security, only very long RSA keys should be used.

Hybrid Encryption System[edit]

GoldBug implements a hybrid system for authentication of messages and for message confidentiality. The reason for this is that one general class of cyphers (ie, the asymmetric key encryption cyphers, also known somewhat sloppily as public-key/private-key cyphers) is much slower, but more secure in some respects than is the other general class (ie, the symmetric key encryption cyphers). GoldBug uses both to take advantage of their different virtues. GoldBug also generates per-message authentication and encryption keys. These two keys are used for authenticating and encapsulating data, and generally run faster. The two keys are then encapsulated using the public-key of the asymmetric algorithm and sent to another user.

Non-NTRU private keys are evaluated for correctness via the gcry_pk_testkey() function. Public keys must also meet some basic criteria, eg the public-key identifier. ***???***

GoldBug uses the libgcrypt and libntru libraries to generate private and public key pairs. Presently, it optionally generates 12 key pairs during the initialization process. These key pairs may be used uniquely (for up to 12 correspondents) and so key generation need not be often repeated. On the other hand, keys not yet in use are subject to copying should your computer be infiltrated by malware and so may be insecure on first use. Care in storing them is quite important. At present, GoldBug does not support a public key infrastructure (PKI), thus not relying on any third party to provide key authentication. Most cryptosystems in use today have been designed this way, as commercial control of cryptography use is easier when using a PKI with a central key authentication mechanism. Keys in Goldbug must be exchanged (and verified as being correct) in another way; GoldBug provides several. GoldBug also provides a mechanism for securely distributing one time use session keys for data encapsulation. Again, the keys are protected using the public-key system. An additional mechanism allows the distribution of session keys via previously-established private keys. Digital signatures can also be, optionally, applied to the transmitted data, thus assuring the recipient that what was received was what was intended and that there has been no tampering.

Communications between GoldBug nodes which have chosen different key types is possible if the nodes share the same libgcrypt and libntru libraries.

As an example, please consider the following message scheme: EPublic Key(Encryption Key || Hash Key) || EEncryption Key(Data) || HHash Key (EEncryption Key(Data)). ***???*** This is not a good illustration for a user manual.

The private-key authentication and encryption mechanism is identical to the procedure discussed in the Encrypted and Authenticated Containers section.

Block Cipher Modes of Operation[edit]

Encryption algorithms do not encrypt any but the shortest possible messages in one chunk. Instead they work on small blocks of the message, repeated as necessary until the entire message has been encrypted. Just how to deal with the blocks is called the "block mode", of which there are several. Some are insecure. GoldBug uses the CBC block mode with CTS, and does not use insecure block modes. GoldBug's file encryption mechanism supports the GCM algorithm but without the authenticity property provided by that algorithm. Instead, GoldBug uses the encrypt-then-MAC (EtM) approach. The Encrypted and Authenticated Containers section provides more details.

Symmetric Encryption with AES[edit]

Symmetric encryption in GoldBug uses AES, the cypher chosen in NIST's public competition a few years ago, and approved by NIST/NSA for protection of US Government Top Secret material. In GoldBug's implementation, AES always uses a 32-character (256 bit) key generated randomly within GoldBug. Since all characters and special characters are allowed during key generation, the range of possible keys is very large; indeed, sufficiently large that brute force attack is expected to be infeasible with even very fast machines, like those which might be available to a very well resourced attacker; this makes it effectively unbreakable by an attacker using a brute force attack. While asymmetric encryption uses a public/private key pair (only one, the public key, is known to others, the other, the private key, must never become known to anyone else). Symmetric encryption uses a single key, which must be known by both participants (hence symmetrical) and never known to anyone else then or later. AES is also used in the GoldBug's "Gemini"-function (from the Greek "twin"): in that case as well, both sides have to exchange and know the secret key).

GoldBug uses two general cryptographic approaches: asymmetric cypher keys are sent through SSL / TLS encrypted connections. However, the asymmetrically encrypted message can also be secured with a symmetric encryption. Thereafter, GoldBug uses three levels of encryption as this example of encapsulation clarifies:

(simplified, since no HASH / MAC nor signature is shown)

RSA-SSL (AES (ElGamal (message)))

The encrypted text is encrypted again using the AES algorithm (a symmetric one), and this cyphertext is then encrypted by the existing SSL / TLS connection to another user.

It is also possible to exchange a symmetric key (eg, for the AES symmetric cypher) with a correspondent via established asymmetric (SSL / TLS) encryption. The key can be automatically generated or manually defined; this is discussed further below in the Gemini- and Call- functions sections. This kind of end-to-end encryption is unusual compared to other encrypted email or chat applications. User choice of cypher key is possible, but not usually sensible, as GoldBug can generate sufficiently long and randomly chosen keys itself, all of which will almost certainly be harder to attack than any key chosen directly by a user (humans have had a well deserved bad record, for many decades, at choosing patternless keys).

It is important to note that end-to-end encryption is different than point-to-point encryption, and that the difference has major (in)security implications. The term "end-to-end" encryption means that only Alice and Bob (who are the only participants), know the secret key and can therefore communicate securely. Point-to-point encryption, in contrast, encrypts between computer nodes, to which Alice and Bob will have access, often via individual user accounts if the computer node belongs to a company or organization. Messages between them are thus not encrypted after arrival at the computer node and so are, at least in theory, available to all (or to malware) with access to one of the end node computers.

GoldBug provides symmetric cypher algorithm end-to-end encryption, which can be not only manually defined, but can also be updated instantaneously, and automatically if desired.

What is the Echo Protocol?[edit]

GoldBug implements the Echo Protocol which originated in the Spot-on project. Echo is designed to provide an alternative, independent of the normal Internet routing protocols, and so of the eavesdropping and other attacks to which they are vulnerable. It avoids most of those vulnerabilities, at the cost of limiting participants to those who have implemented it themselves, and at the cost of some overhead in test decryption, and inefficiency in the delivery mechanism for messages are merely re-transmitted when they are not meant for the local computer node. It is not a general, Internet-wide, network protocol, optimized for minimum effort delivery; nevertheless, it is quite flexible protocol, and Goldbug supports it with very little user intervention. The Echo Protocol does not require rigid implementation details. Each user may adhere to their own peculiar obligations.

Echo works on the basic assumption that information, and users, can be dispersed over multiple or singular connections and that channel endpoints evaluate the suitability of the received data. Because data may become intolerable ***???***, GoldBug implements its own congestion control algorithm. Received messages that meet basic criteria (eg, correct hashed values) are labeled and duplicates are discarded. Advanced models may define more sophisticated congestion-avoidance algorithms based upon their interpretations of the Echo Protocol.

The Echo Protocol, or sometimes the Echo-System, means - simply expressed - that

•  each message transmission is encrypted ...
•  ... and each Echo network connection node sends each message to its connected neighbors. 
*      And so on.

That´s it.

An example of Echo encryption:  

TLS/SSL (AES (RSA* (Message)))
  • ) Instead of RSA, ElGamal or NTRU may also be used,

First, you write a message. It is encrypted using an asymmetric cypher (in the usual private key / public key way) and follows the mechanism(s) (eg, key length, processing algorithms, ...) of the chosen encryption algorithm, e.g. RSA.

The plaintext message is then hashed (at the sending computer), and the hash plus the encrypted messages are included in one transmission. Only then does anything leave the sending computer.

If the receiver is able to decrypt the cyphertext to plaintext (on the receiving computer), and the hash of the plaintext computed locally is the same as the transmitted hash, the messages was decoded successfully and displayed to the user. If not (ie, the decrypted message is merely gibberish, because the necessary private key is not available at the receiving computer node) the cyphertext of the message, with the included hash of the plaintext message originally sent, are forwarded to all connected nodes in the Echo network; it is assumed that it must be a message for some other user, not the one who has just received it.

Thus the message is sent through an established channel, based on symmetric encryption, if you provide a "call" and set a "gemini" (see below for AES).

Over all, a message is sent through (decentralized and self signed) TLS/SSL Channels, from node to node, eventually reaching the intended user if he or she is registered as part of the Echo Network. The forwarding is done various Goldbug programs in the computer nodes which are part of the Echo network. The mechanism requires no user intervention at any node, and does not depend on a receiving node being on and connected to the Internet.

GoldBug provides two modes of operation for the general Echo Protocol: Full Echo and Half Echo. The Full Echo permits data flow across all participating nodes. The Half Echo defines an agreement between two endpoints. Within this agreement, information from other endpoints is prohibited from traveling along the private channel.

Full Echo[edit]

This is based on the so-called "small world phenomena" from mathematical graph theory. Anyone can reach everyone eventually, after being passed via several hops in a peer-to-peer or friend-to-friend network - or simply that a circle of friends can be reached over an installed and shared echo chat server. At modern Internet operation speeds, there is little penalty in delivery time for messages, even though they are passed around in what appears to be a less than optimally minimal manner.

Half Echo[edit]

The "Half echo" version of the Protocol sends a message in a single hop, i.e. for example from Bob to Alice. Alice does not forward it (as is the default in the pure/full echo). Since this relies on normal Internet routing mechanisms, this requires that the two nodes have each other's IP addresses, rather than merely the IP address of one or more of the computer nodes which are participants in the Echo Network Protocol. This further means that the communicating participants (Alice and Bob, in this case) can more easily be located by an attacker.

In addition to full echo and half echo there is, a third: the Adaptive Echo (AE). A message will be sent only to neighbors, or friends if they know a particular cryptographic token, so they must have it previously received and saved it. No one without that token will get the message forwarded. The discussion below about Adaptive Echo (AE) reports in more detail about this option. Adaptive Echo, in respect to security of the participants identities, is a kind of middle ground between the Full Echo mode and the Half Echo mode.

Echo Accounts[edit]

Finally, the Echo Protocol uses a list of allowed participants. This is used to ensure that only those who have registered as Echo Network participants will ever receive (or can ever send) messages using the Network. Thus, a Web-of-Trust is created, i.e. a network exclusively among friends. This mechanism can be thought of as an unusual sort of firewall, and many different Echo Networks can exist, so there can be multiple Webs-of-Trust. An alternative term, not quite exactly equivalent, is Virtual Private Network.

The Echo Protocol idea is not based on encryption, except insofar as encrypted messages were used during registration, ie, when it was set it. It is a controlled access network, and no user need associate a public key with your IP address (which increases security as against a typical PKI structure), nor even announce your IP to anyone, save when you register as a member of an Echo Network. If you do not, Internet searches using publicly available tools (such as Google or Bing or Whois) will fail; you will be less visible to the Internet at large.

Figure 3: Simulation of the echo-network

Figure 3: Graphical simulation of the echo network: Every node is sending the message to every connected node.

Basically, in an Echo Network, each node sends a message to another node. Messages do not circulate forever, since a record of which messages have been received before is kept (hash value only, not any part of the plaintext content, which should in any case only be available to the intended recipient). Duplicates are discarded by any node which detects them; this is a kind of "Congestion Control".

GoldBug also supports the use of spurious messages ("fake messages"), and simulated communication messages ("impersonated messages"). For these messages, indistinguishable from real messages to any eavesdropper, the encryption is real, but the plaintext content is random characters sent out from time to time. In the chat simulation, a human conversation is faked (also using random content). Thus, traffic analysis (by an eavesdropper) is made much more difficult; this is a valuable technique usable by an attacker with sufficient resources and patience, even in cases in which the cryptography is effective. It is always possible for an eavesdropped to attempt traffic pattern analysis since Internet transmissions travel across publicly accessible wires. Only if there is bogus traffic meaning nothing, can actual traffic be hidden in the noise.

Further, GoldBug implements a novel, and perhaps original, two-pass mutual authentication protocol. The implementation is well-defined with or without SSL/TLS. The protocol is weakened if SSL/TLS is neglected, however.

The Accounts procedure is as follows:

1. Binding endpoints are responsible for defining account information. During the account-creation process, an account may be designated for one-time use. Account names and account passwords each require at least 32 bytes of data.

2. After a network connection is established, a binding endpoint notifies the peer with an authentication request. The binding endpoint will terminate the connection if the peer has not identified itself within a fifteen-second window.

3. After receiving the authentication request, the peer responds to the binding endpoint. The peer submits the following information: HHash Key(Salt || Time) || Salt, where the Hash Key is a concatenation of the account name and the account password. The SHA-512 hash algorithm is presently used to generate the hash output. The Time variable has a small resolution (typically minutes). The peer retains the salt value.

4. The binding endpoint receives the peer's information. Subsequently, it computes HHash Key(Salt || Time) for all of the accounts that it possesses. If it does not discover an account, it increments Time by one minute and performs an additional search. If an account is discovered, the binding endpoint creates a message similar to the message created by the peer in the previous step and submits the information to the peer. The authenticated information is recorded. After a brief period (about approximately 120 seconds), the information is overwritten (ie, destroyed).

5. The peer receives the binding endpoint's information and performs a similar validation process, including the analysis of the binding endpoint's salt. The two salt values must be distinct. The peer will terminate the connection if the binding endpoint has not promptly identified itself (the time limit is about fifteen seconds). Please note that the Accounts system can be promoted ***???*** by including an encryption key. The additional key will allow for finer time resolutions.

If SSL/TLS is not available, the protocol has a vulnerability to a man-in-the-middle attack. A relay station may record the values in the 3rd step and subsequently provide the information to the binding endpoint. The binding endpoint will therefore trust the foreign connection. The recording device may then seize the binding endpoint's response, the values in the 4th step, and provide the information to the peer. If the information is accurate, the peer will accept the binding endpoint's response.

The Echo Grid[edit]

When students speak and teach about the Echo Protocol, then we simply draw an ECHO grid with the letters E_C_H_O and number the nodes of E1 to O4 and connect the letters with a connecting line on the ground. For example, the connection E1-E2 then identifies an IP connection to a neighbor.

Figure 4: The ECHO Grid

Figure 4: The ECHO Grid: To teach about the echo protocol just use the characters E_C_H_O and build an ECHO-Grid-template.

If the individual accounts now point to exchanged keys (instead of IPs) – then a new layer on top of the level of IP connectivity of a P2P / F2F network is produced.

Figure 5: Alice, Bob, Ed and Mary in the ECHO Grid

Figure 5: Alice, Bob, Ed and Mary in the ECHO Grid - Example of the ECHO.

Examples of key-exchange of Alice, Bob, Ed and Mary.[edit]

• Alice (IP = E1) and Bob (IP = C3) exchanged their public keys and are connected via the following IP Neighbors: E1-E3-E5-E6-C3.
• Bob (C3) and Maria (O4) are just friends, they have changed their public key for encryption as well: and use the IP connections of neighbors: C3-C4 H5 H3-H4-H6-O3-O4.
• Finally, Maria (O4) is a friend of Ed (H1). Communicate via either the way: O4-O3-H6-H3 H4-H1 or use the path of O4-O2-O1-O3-H6-H3 H4-H1. Since the echo protocol sends each message to each connected IP neighbor, the path will be successful, to deliver the message to any IP neighbor, which is the fastest.
• Direct IP connections from neighbors such as E1-E3 can by creating a so-called "Echo accounts" are hedged. No other IP address can connect to the so-called "listener" neighbor as E3 to listener E1. Using this method, a web-of-trust will be created - without being dependent on encryption keys - still you need a friend with whom you are trading your chat or e-mail key.
• So-called "Turtle hopping" is much more efficient in an Echo Network: When Ed and Alice exchange a so-called "StarBeam Magnet" for file transfer, then the echo protocol transports packets on the path H1-H3-H5-C4-C3-E6 E5-E3-E1. Mary is not in the route, but you will get the packages as well over the full echo when she knows the StarBeam Magnet. Advantage is that the hopping does not go over the key, but over the IP connections (e.g. the Web of Trust). Basically everything is always encrypted, so why not take the shortest route?
• A so-called "Buzz" and "echo-ed IRC Channel" (E*IRC)-room can e.g. be create or "hosted" by the nearest node O2. Since only the referring user knows the Buzz-Room name, all other neighbors and friends are left out. Benefit: In this example you can talk with unknown friends in one room without using a public-RSA-Key – or to have ever exchanged asymmetric keys. Instead, you can simply use a single-magnetic ("one-time-magnet") for a "buzz" / "E*IRC" room.
• Maria is a mutual friend of Ed and Bob and activates the C/O (care of) function for emails: This allows Ed, to send E-mail to Bob even when he is offline, because: Maria saves the e-mails in her cache until Bob then comes online.
• Furthermore: Alice created a so-called virtual "Email Institution". This is not comparable to a POP3 or IMAP server because the e-mails are only cached: Ed sends his public email key to Alice - and Ed adds the magnets of the "Email institution" by Alice within his program. Now the emails from Bob and  Ed are cached at Alice (in the e-mail Institution), even if Maria  should be offline.

It is helpful to follow the examples in the graph above.

Adaptive Echo (AE) and its AE-tokens[edit]

To explain "adaptive echo", another echo-grid can be drawn with the related points A and E.

Figure 6: The "Hansel and Gretel" - Example of adaptive echo

Figure 6: The "Hansel and Gretel" - Example of the Adaptive Echo: Cryptographic Tokens provide access to messages and graphs or not. A learning, adaptive network.

If you, your chat friend and a created third node point as a chat server insert in the program the same AE token ("Adaptive Echo token"), the chat server will send your message only to your friend - and not to all other connected neighbors or users as it would normally be the case within the full echo mode. With an AE token, no one else will receive your message or can see, that you communicate. So therefore possible neighbors, and potential "recorders" will be excluded, to be able to record any communications and then want to try to break the multiple encryption to come to the message kernel inside the several layers of encryption.

The Adaptive Echo is a complement to the Echo Protocol and substantiates the opinion that the Echo Protocol is a malleable method. Endpoints that bind multiple parties may optionally define Adaptive Echo tokens. Adaptive Echo tokens are composed of authentication and encryption keys as well as details about the choice algorithms. If configured, binding endpoints are able to permit or restrict information travel based on the content of the data. As an example, peers that are cognizant of a specific Adaptive Echo token will receive data from other cognizant peers whereas traditional peers will not. Binding endpoints therefore selectively-echo data.

The Adaptive Echo behaves as follows:

1. A binding endpoint defines an Adaptive Echo token. The information must be distributed securely.

2. A networked peer having the given Adaptive Echo token generates HHash Key(EEncryption Key(Message || Time)) || EEncryption Key(Message || Time) where the Encryption Key and Hash Key are derived from the Adaptive Echo token. The generated information is then submitted to the binding endpoint as Message || Adaptive Echo Information.

3. The binding endpoint processes the received message to determine if the message is tagged with a known Adaptive Echo token. If the message is indeed tagged correctly, the Time value is inspected. If the Time value is within five seconds of the binding endpoint's local time, the message is considered correct and the peer's presence is recorded.

4. As the binding endpoint receives messages from other peers, it inspects the messages to determine if the messages have been tagged with Adaptive Echo tokens. This process creates a network of associated peers. Because peers themselves may be binding endpoints, the Adaptive Echo may be used to generate an artificial trust network.

Adaptive Echo is susceptible to eavesdropping. As an example, if a message that is tagged with an Adaptive Echo token should travel through one or more peers to reach a destination, the peers may record the message and subsequently replay the message to a binding peer. The replay must occur within the acceptance window of the message. Additionally, the binding endpoint's congestion control container must not already contain the message. If both conditions are met, the binding endpoint will consider the peer as trustworthy.

Hansel and Gretel - an example of the Adaptive Echo mode:[edit]

If node A2, E2 and E5 use the same AE token, then point E6 accounts will not receive a message that the node A2 (Hansel) and the node E2 (Gretel) exchange. After all, the node E5 learns about the known token "White pebbles" no to send messages to the node in point E6: the "Wicked Witch". It is a learning or adaptive network.

An "adaptive echo" network thereby reveals no target information (see also " Ants routing "). Remember: the mode of "Half Echo" sends only one hop to connected neighbors and the "Full Echo" sends the encrypted message to all nodes connected via an unspecified number of hops. While "Echo Account" helps or hinders other users almost as a firewall or authorization concept in joining, however, "AE-tokens" keep graphs or paths exclusivity – and it does it also for messages, that are sent via connecting nodes, that know the AE-token.

Chat server administrators can exchange their tokens with other server administrators - if there is trust among themselves defined (so-called "ultra-peering for trust") and they want to build a web of trust based on the Adaptive Echo tokens.

In a network lab or at home with three, four hosts, you can simply try out the Adaptive Echo and repeat this settings:

Use "SPOTON_HOME" as a file in binary directory to launch multiple program instances on a single machine and connect the instances - or just use a network with three or more computers. So then follow this procedure:

  1. First Create a node as a chat server.
  2. Create two nodes as clients.
  3. Connect the two clients to the chat server.
  4. Exchange keys between the clients.
  5. Test the normal communication skills among both clients.
  6. Set an AE token on the server.
  7. Test the normal communication skills among both clients.
  8. 8 Now use the same AE token in a client.
  9. 9 Write down the result: The server node stops sending the message to other nodes, which do not have the AE-token or don’t know it.

This example should be easy to be replicated.

How the ECHO protocol works[edit]

Referring now together the different methods and options, the following chart can provide a complex overview.

Figure 7: How does the ECHO PROTOCOL work?

Figure 7: Graphic: How the Echo Protocol works - Examples.

Shown in the graph are the different usage examples of "Full Echo", "Half Echo" “Adaptive Echo" and "Echo Accounts".

A distinction is made between physical-IP-connections and “virtual-connections” to keys. Keys are therefore not necessarily associated with an IP connection!

Users can replace an asymmetric public key, and also use magnet-URIs with symmetric encryption details, as well as tokens and account credentials.

Connection nodes can accept and prohibit addressed connections - as well as dedicated addressed messages.

Accordingly, different communication scenarios arise.


a. User H4 has an AE token. It does not send messages (via the connecting node H6) in the O-quadrant, when H6 does not know the token.

b. If H3 sends a message to H4, H4 then sends this message not just because it is a combination of "Half echoes".

c. The user E2 cannot connect to the user E1, since he does not know the login for the echo account.

d. Users O1 and O4 chat with each other and knowing only their public key for encryption.

e. User H3 and C5 chat via a URI magnets in the same group chat room (also known as Buzz or E*IRC – echoed IRC).


Initial Setup[edit]

The Goldbug Messenger has both a user interface and a kernel. Both are distributed as binary code (i.e., they are called GoldBug.exe and Kernel.exe under Windows). Source code for both is also available.

The user interface (called “interface” or “GUI” (Graphical User Interface, GUI is GoldBug.exe (in Windows))). It depends on the kernel component which must be activated before every start, before using GoldBug to establish direct connections to your friends, or to a common chat server, or to the echo network.

However, before GoldBug can be started, it must be installed (ie, configured). For instance, you must create your encryption keys. There are currently 8 keys generated, which can take some time (minutes) on slow machines.

After first use (at configuration time), access to your GoldBug system is safeguarded by both a username and a password (or passphrase). Both will be needed each time you use GoldBug; the username may be known to others, and indeed must be so for anyone to send messages to you. The password/passphrase should never, and very seriously so, be known to anyone except that user.

At present, the password/passphrase must be at least 16 characters long. Since the point of using a password at all is to prevent unauthorized access, it should never be anything which can be connected to the user (eg, children / pet / relative names are bad choices, as are license tag numbers or current or past addresses, or birthdays of anyone connected to a user, or mother's maiden names, or ...). Avoid them. A phrase (not to be found in any collection of quotations, of course!) is a reasonable choice, especially if only the first or last or alternating, or some other pattern of letters in each word is used. Thus, "20 years old was I ere I first went to Austria", might be turned into the following password/passphrase: "TwrsldasIerIstnttoia", in which the pattern is to take the last two letters of each word, after the first. Having been published, of course, this is very bad choice, and in any case a reader's first Austrian visit might have been at age 27. The base phrase should be memorable, the scheme for converting it into an unguessable form also memorable, and the final form (ie, the password/passphrase proper) should not be so. Note that it is not necessary to include at least one digit character nor one non-alphanumeric character nor to mix case. Nonetheless, inclusion of either or all (in a memorable way) will defeat many linguistic pattern attacks. Perhaps a "_" between the letters of alternate words might be suitable? Or capitalization, in this case, of the two letters chosen from each alternate word? This has not been done in this example.

Note carefully, however, that too complex a construction rule can be dangerous, as humans (including every reader of this manual and every GoldBug user, even if they do not read this) are notoriously bad at remembering such things correctly. GoldBug's developers suggest trying out at least one practice password/passphrase and seeing if it can be remembered several days or a week later. It is NOT possible to recover a password/passphrase if it becomes lost for any reason, including too much complexity for fallible memory. Consider that if it were so, the very recovery method could be used as an attack on GoldBug's security, and so on your privacy, by the nefarious.

Two Login-Methods[edit]

When you start Goldbug the first time, select (in the blue box) a nickname and also a password/passphrase. There are two methods to gain access to GoldBug: the passphrase method or the Q&A (Question and Answer) method.

Figure 8: Set password-generating key - and activate the kernel

Figure 8: Set password-generating key - and activate the kernel - Initial Start: Generate a password for GoldBug Messenger

The two methods are different, as is explained below:

• Passphrase method: hash (passphrase + salt), which means a " salted hash "is used. The password/passphrase is not itself stored, but only a cryptographic hash of it + a salt. This last considerably increases the difficulty of password/passphrase discovery if the password file becomes known (eg, after an attack the computer storage where password hashes are stored).

• Q/A method: hash (Question, Answer), which means an "HMAC "is used. Neither the question nor the answer is stored on your machine and no salt is generated by the machine. Instead of a question you can also type two passwords without the question mark, of course. Note that the question and the answer must be entered EXACTLY in subsequent logins, and no other input check (eg, "Password Confirmation") is used as in the password method above.

Generation of 10 Encryption Keys[edit]

GoldBug uses separate authentication and encryption keys for data stored on the local computer (eg, password/passphrase data). The key-derivation process is as follows:

1. Generate a cryptographic salt, which is done by the program. The size of the salt is configurable.

2. Derive a temporary key via the PBKDF2 function. The hash algorithm, iteration count, passphrase (or question/answer), and salt are input parameters to the function. All of these parameters are configurable.

3. Using the temporary key from the previous step, derive a new key via the PBKDF2 function. The previous parameters are also used, however, the temporary key replaces the passphrase (or question/answer, if that method were chosen).

4. Separate the derived key into two distinct keys. The encryption key is N bytes long, where N is the recommended key size of the selected cypher. The remaining bytes are the authentication key. The generated authentication key will contain at least 512 bytes.

Kernel Activation[edit]

Once the keys are generated, you can enable the kernel. Press the red button to "Activate" the kernel and then make sure that the file-path is specified for kernel.exe (Windows machines) and is highlighted in green. If incorrect, change the path and pick up the kernel.exe location.

At the initial activation, the project-chat-server's IP address is automatically added as a 'neighbor' and this serves as a temporary chat server through which you can chat with your friends as a test until you have created your own connection node on a remote web server, or for direct connections on your own machine at home. Please use the test server of the GoldBug project ONLY for test trials, as it has limited capacity.

If you want to connect directly without using a third party server, one of the two users must create, in the so-called “Listener Tab”, a Chat-server and enable the firewall for port - and port forwarding in the router - in addition to your machine.

When you start GoldBug Messenger for the first time you are asked, in a pop-up window, if you want to activate the kernel. Otherwise, for all other starts you have to press the red "Activate kernel" button after login – before you can chat. If it's green, the kernel is running.

Note that, after you close the GUI, the kernel continues to run. It is therefore advisable to first disable the kernel and then close the GUI. Another pop-up window will ask you if both are to be closed. Otherwise you are running the kernel without the user interface, which is indeed the operating mode used to set up a server version of GoldBug; this prevents anyone at the local keyboard and display from gaining easy access to the GoldBug kernel.

You can also enable / disable the kernel by pressing the first LED in the status bar at the bottom left. If it is green, the kernel is active - when it is red, the kernel is off.

Your generated keys are stored in the sub-path ...."/.spot-on". If you want to set up a new login with new keys and all user data should be deleted, delete that file and reboot. The same can be achieved in the main menu with the command: "!!! “!!!_Total_Database_Erase_!!!". Do this only very carefully as access to past messages and to those who have only the key being deleted WILL BE LOST.

The user interface has both a full and a minimal mode. From the main menu, you can also choose between "full view" or "minimal view". Anyone uncomfortable with option choices (or wishing more screen space), should choose the minimal view, which hides options.

The full view shows the following additional elements in the tab "Activate kernel".

•  Path to the kernel: Here you can check or change the kernel path. If in the path to the kernel with the "spot-on-kernel.exe" is specified correctly, then the path is highlighted in green. Otherwise, look where the executable file of the kernel is or copy it as well to the executable file of the GUI (goldbug.exe) or adapt the path accordingly.  Note that an incorrect path specification here will prevent most of GoldBug from working. 
•  PID: The PID number identifies the process ID by which the executable is tracked internally by Windows. You can find the same process ID in the Windows Task Manager.  Other operating systems use a similar way of accessing or tracking a process, include the GoldBug executable.
•  Simulacra: This function, if selected, sends a "simulated" chat message to the Echo Network. This "fake" message consists of purely random numbers and makes it harder for attackers to distinguish beween encrypted messages with real content and messages with meaningless random content. Simulacra term may remind user of either the movie "The Matrix", or the philosophy of Baudrillard.
•  Impersonator: In addition to random cipher-text,  fake messages can also be simulated, just as if a real person chats from time to time and sends responses to a chat from the GOLDBUG program to another participant. These messages are filled with random data and so have no actual content at all, but vary in length and content with each message – as simulated in a real chat conversation.  This creates additional work for an attacker, and makes even traffic analysis (often surprisingly useful) useless.
•  Create Settings: At key generation time, you can choose other options such as algorithm, hash type, cipher, salt-length or iteration count.  And you can select a key length;  longer keys are more secure because they force more work on an attacker.  GoldBug suggests 2048 bits or longer.
•  With the "regeneration" function you can also generate individual keys - with new values and options. You can choose new setting values and re-generating the respective keys. You must then exchange your new key with your friends, as the old key will no longer work.  Note that locally stored messages will no longer be accessible to you and those who have only the deleted key will be unreachable.  Note that this is a very drastic step and should be done if and only if necessary.

Just swap your key with a friend - and a first chat can begin! Set the key exchange as follows:

Connect a Neighbour with its IP-Address[edit]

GoldBug supports the SCTP, TCP, and UDP Internet protocol standards. For TCP-based communications, OpenSSL is supported. GoldBug distributes data with or without SSL/TLS. Please note that magnet distribution DOES require SSL/TLS. Communications between the GoldBug Kernel and the GoldBug User Interface also require SSL/TLS via TCP. In essence, the application is generally protocol-neutral in most respects. Note that TLS is the upgraded version of SSL, that insecurities have been identified in the SSL protocol (even the 3.0 version), and TLS is therefore preferred for security reasons.

As a very first profile is set up, it has already been explained above. Enter the username/nickname twice and a 16-digit password/passphrase. See the prior section for advice about this choice. Optionally, select a question / answer phrase instead of the password. Done.

Now setup of the network aspects of GoldBug. If you explore the GoldBug Messenger for the first time, you will be connected through the Project Server. Your friends, with whom you wish to communicate will also be connected and so test messages can be exchanged.

The next step is to set up direct connection with your friends, perhaps with a GoldBug chat server to allow delayed delivery of email if you or they are currently off line. Otherwise direct connection between GoldBug users is available, but requires use of IP addresses to perform the necessary configuration.

Therefore, the next steps explain the

• Connection to a neighbor / chat server,

• create your own chat server and listener

• and other details that can be displayed in the non-minimum-view of the GoldBug GUI.

For beginners, it will probably be easier to select "minimal View" in the GUI. Go then on the tab: "Connecting neighbor". This shows an input field for the IP address of the neighbor or the web server where a spot-on kernel runs and a friend also uses GoldBug Messenger.

Figure 20: Adding an IP address of a neighbor.

Figure 20: Add neighbor IP (simple view)

I enter the IP address of the neighbor nodes in the field. The three digits of the IP address are separated by a fullstop. Umfast a block with two digits, eg 37100100100, then the 37 be placed anywhere in the first block or be entered as 37 on the first two positions. Then press the "Connect" button.

The IP address is then associated with the default port 4710.

If an error message appears, then the IP address has already been entered. To delete all the neighbors, you can then the button "Delete all neighbors" key and enter the IP address again. Note that this may require much work to reinstall the deleted neighbor IP addresses.

Optionally, in the installation path ./spot-on on the hard disk, the file "neighbors.db" is deleted. It is immediately recreated, but without content. When the kernel is enabled (left, first LED in the status bar is green) and a neighbor is also connected (middle LED lights up green), everything has been successfully installed and GoldBug Messenger is online.

Enter an IP address and press the connect button; this should succeed. Those who wish to see more details, should change the GUI from minimal view mode to full view. In this view, it is clear that in addition to the IP address, the associated port of the IP address can be configured individually. By default, GoldBug uses 4710.

Furthermore, the client can also be operated via IPv6; Dynamic DNS is then linked. There will be no sequence number in its IP address, but rather a 'domain name'.

In using the box below additional security options can be set. Setting up a chat server, or spot-on kernel means to establish a "listener", the technical term. This is the default for the TCP protocol, but GoldBug is equipped to set up a listener using UDP or SCTP protocol thirdly. Either of the two latter protocols are better suited for use with streamed data, such as VOIP (Voice over IP). TCP is designed for both connection orientation (a connection is extablished, with handshakes in both directions) and includes error correction at the packet level.

You may chose to connect using TCP, UDP, or SCTP to neighbors or via a server. The neighbor listener, or the server may waive SSL/TLS connections, but if so the transmission will not use the HTTPS protocol, but only the unencrypted over HTTP version. A listener can set the security option to create a permanent SSL certificate. This is the existing SSL for Diffie-Hellman key exchange and -Verhandlungsprozess??? It will not be renegotiated at each connection attempt, which prevents some kinds of attacks, but any attacker who had managed to subvert certificate issuance would be in a good position to eavesdrop, and more. However, it may be that the server or listener has renewed its SSL certificate (perhaps due to expiration?), so it may be sensible to allow ("Exceptions"). This is not recommended, unless the added security is not desired.

Similarly, one can, in turn, set a minimum key size for the SSL/TLS connection which prevents connection setup with those who use shorter keys. Thus, this option can be used to set the minimum key size you require from a server or neighbors. Finally, a GoldBug user can decide to connect to neighbors will full or half echo. With half echo the message packet is sent one hop to the Direct connection only to the neighbors. Suppose your friend has set up your web server and also sits before and you do not want that your echo packets go to third and his friends, then you can define the Half echo that your packets will be not more widespread after receipt by the server , So you chat via a direct IP connection. Both participants see the Half echo of your friend and chatting with the IP address. In the solid echo the chat friend does not have to be an administrator of the node, but can connect multiple clients to each other as a central chat server.

If you want to let GoldBug run as a client through a proxy at your company, behind a firewall or proxy at a University, or on the Tor anonymizing network, you must insert the proxy details for a neighbor.

As a client you can connect using the HTTP protocol within any IT environment, if you can surf within that environment with a browser. It is crucial to address a node Punk on the Web with a GoldBug node that will not possibly limited by the Port forwarding through your firewall or proxy. If this is the case, please tell your friend, GOLDBUG chat server on port 80 or port 443 instead of 4710 to set up and this possibly be provided with login details for Echo account and make these available to you ,

Figure 21: Full view when adding a neighbor

Figure 21: Add a Neighbour IP

The Chat-Function[edit]

You can find after a successful key exchange your chat friend in the tab "Chat".

Add contact by exchanging a key[edit]

As a friend is added and the key is exchanged, has already been discussed above. After the connection to a chat server has been explained in the previous section, you are to begin with two green LED lamps in the status bar and a friend in chat tab normally be able to chat. If this is not the case, check if the two friends use the same version of the program. Then it may be a matter for the advanced user, sometimes debug a private chat server or connect via a direct connection from home to home and also to define their own routers for home Internet connection.

You and your partner, two friends, each must exchange their public keys. First copy out the key and then paste the key of your friend in the tab "Add Friend" ("Add Friend / Key") and press the button enter.

Your friend can send the key by e-mail or via another chat program. Then copy it into this tab and press the "Add" button at the bottom.

You can find your own key as well in the tab "add friends" ("Add Friend / key"). About the big button ("Copy Keys") above you can copy-out your key to the clipboard.

Goldbug uses a public / private key infrastructure, as it is also known, for example, from GnuPG. The public key can be exchanged, and the private key is encrypted on your hard drive.

The different functions of Goldbug have accordingly for security reasons different key pairs. For Email a different key is used than for the chat. But there are in the copy-out button the function to copy out all the keys in a single text (“Overall-key”). Copy here the full text and send this to your friend.

Your friend does the same and you're adding the friend’s key in the text box. (If necessary, it may be necessary to confirm with the right mouse button in the context menu a new friend as a friend (Make-Friend). This will most often be used when a friend sends his key online in a direct IP connection (which is possible too). This function is given in the interface of spot-on – but in the user interface Goldbug this is not available, so that always both participants copy and paste their keys. But if a friend uses the spot-on client here and builds a direct IP connection to a user of the Goldbug client, then it would be theoretically possible to transfer the key also via IP connection instead of copy / paste).

Finally - after key exchange - the friend appears with his nick name in the chat tab or email tab.

Special feature: Repleo[edit]

If you have already received a key of your friend and have inserted it, but now your public key should not be exposed, you do not want it to be know or to be stored in an e-mail program, then you can encrypt your own key with the obtained key of your friend: This is called REPLEO.

When you send a Repleo, your public key is already encrypted with the public key of your friend.

Your friends can also copy and paste the Repleo into the tab "Add Friend / Key" – just change the radio button to Repleo.

A key always starts with a letter "K" or "k" and a Repleo starts always with an "R" or "r". So you can determine whether it is a Key or a Repleo to the corresponding textbox with two radio buttons.

Figure 09: Tab Key: insert key and confirm with the add-button

Figure 09: Tab Key: Exchange a Key or Repleo with a friend and add it to the Key-Tab.

Starting the first chat[edit]

To be able to chat, both participants should ideally use the same and the latest version of the program, have their keys generated and exchanged and be connected on the web to a network node or chat server. If the first two LEDs in the status bar at the bottom light green and the names of your friend appear in chat tab below, it already looks good.

Figure 10: Chat tab

Figure 10: Chat-Tab of GoldBug-Messenger

If the online status of your friend is blue (absent), red (busy) or green (ready to talk), the chat can begin. Either select the friend in the participants table and chat out of the chat Tab, or double-click with the mouse on the desired friend and a pop-up chat window for that dedicated friend opens.

Chatting in a pop-up window Figure 11: Start a pop-up chat window with a double klick

Figure 11: GoldBug Messenger Chat Pop-Up Window

The advantage to chat in the chat tab is, that you can select multiple friends so that the same message reaches all friends. If you use the pop-up chat then you no longer have to pay attention to the highlighting of the right friend in chat tab: Messages in the pop-up window are only sent to one dedicated friend exclusively.

Additional Security Feature: MELODICA[edit]

MELODICA stands for "Multi Encryted LOng DIstance Calling". It refers to call a friend like with a phone - only that a secure end-to-end encryption is enable and built.

The end-to-end passphrase - also called Gemini - should remain a secret between two parties. Therefore, the electronic transmission is always a problem when it can potentially be intercepted. Goldbug has this transmission problem solved by the Gemini which is transmitted with a symmetric encryption by a further encrypted channel. Gemini is the term for twins, i.e. it refers to both parties, which should know the passphrase, technically an end-to-end encryption is generated.

Asymmetrisches Calling[edit]

Figure 13: The icon of the MELODICA Button

Figure 13: MELODICA: Multi-Encrypted Long Distance Calling

The MELODICA button is creating a "Call", a call where the end-to-end encrypted password is transmitted. Strictly speaking, this are two keys, because Gemini is authenticated by another key. This is also MAC Hash called.

Instant Perfect Forward Secrecy (IPFS)[edit]

You can renew the encryption anytime just with pressing the MELODICA button. That means: the paradigm of "Perfect Forward Secrecy" has been extended by two components. On the one hand, one can define the end-to-end passphrase manually and also renew the password "instant" - at any time. Therefore, it is spoken of "Instant Perfect Forward Secrecy" (IPFS).

Compared with many other tools, those offer only one key per online session, or you cannot edit the encryption phrase manually.

Symmetric Calling: Send a Call though an existing Call[edit]

As a further feature in Goldbug you have the opportunity to send a new Gemini through the channel of an existing Gemini. Here, the end-to-end key is sent by an end-to-end connection. The symmetric encryption phrase is therefore not encrypted with an asymmetric encryption (RSA or ElGamal or NTRU, for example) and then through a secure channel (SSL) of point sent to-point, but is itself (symmetrically) encrypted with the existing Gemini and then only sent by the method described.

Finally, in the context menu (right mouse button, go to a friend in the friends list) is a third method for a so-called "Call" added to the MELEDICA Function: 2-way calling. Here is an AES-256 sent by you as a end-to-end encryption to your friend and your friend sends as well as a response an AES-256 to you. Now the first half of your friend and the second half of your own AES is taken and assembled to form a joint AES-256. This is called the method of 2-way security.

This ensures that no third party - if that party would be able to manage to compromise the machine of your friend, a Gemini (or an old Gemini) on his behalf could be sent by a third, external machine (which is actually impossible, since it would mean an unnoticed takeover of a machine or breaking the existing TLS and RSA (or NTRU - or ElGamal) encryption).

By the ping-pong handshake both parties will ensure that both participants are taking their part respectively to each other to agree on a secure end-to-end password - and generate it “Fifty-Fifty” - in the two way calling process.

The secure transport encryption occurs when a sender generates a (manually) defined symmetric key (message) - encoded with an existing symmetric key (layer 1) - and then additionally encrypts it with an asymmetric key (layer 2). And this packet is sent through a secure SSL/TLS-connection (layer 3). Three layers of encryption ensure, that your message is kept safe.

The options for the end-top-end encryption passphrase • firstly to edit it manually • second, to renew it every second within a new call, • thirdly, to send the password through an existing end-to-end encryption, and • fourth, and finally, to be able to generate the end-to-end password in a two-way process, makes it attackers thus very difficult to break the end-to-end encryption of the Goldbug MELEODICA function.

Two-Way-Calling: Define each a Half of the end-to-end encryption key[edit]

From "Perfect Forward Secrecy" (PFS) not only "Instant Perfect Forward Secrey" (IPFS) has derived, but become a "2-Way Instant Perfect Forward Secrecy": 2WIPFS.

Thus, the Goldbug MELODICA function has PFS and the important element of end-to-end encryption decisively developed with this process implementation: The encryption is not new, but merely the method is implemented in a sophisticated process to provide security.

End-to-end encryption is a simple pressing of a button as easy as calling via phone: Simply pick up the phone or hang up. At any time, the communication is encrypted asymmetric and symmetric - end-to-end encryption can be easily switched out - and be replaced (within a SSL channel) by asymmetric or symmetric encryption. This is a new architectural standard that established this method of calling with MELODICA.

The protocol for the plain two-pass key-distribution system is defined as follows:

1. A peer generates 128-bit AES and 256-bit SHA-512 keys via the system's cryptographic random number generator.

2. Using the destination's public key, the peer encapsulates the two keys via the hybrid cryptographic system.

3. The destination peer receives the data, records it, and generates separate keys as in step 1.

4. The destination peer transmits the encapsulated keys to the originating peer as in step 2. Once the protocol is executed, the two peers shall possess identical authentication and encryption keys. Please note that duplicate half-keys are allowed.

Additional Security Feature: Socialist Millionaire Protocol (SMP)[edit]

While Goldbug encrypts the messages three times, first, the message is sent in a secure TLS/SSL Channel, second, every message is asymmetrically encrypted (e.g. by RSA, NTRU or ElGamal), and third, you have the option to “call” with the “MELODICA” function to set an end-to-end symmetric encryption passphrase (with several methods like call within a symmetric encryption or to choose the two-way calling) – it has fourth additionally a further method for security implemented, which is called “SMP” – Socialist Millionaire Protocol (see Wikipedia for further descriptions).It is an asynchronous implementation of the Socialist Millionaire Protocol as defined by

For the SMP-Process you open up a personal pop-up chat window and find the question mark icon next to the username on top. Define a Password with the selection. Then ask your chat friend to set the same password. Third, you click the “Verify” selection. When both participants have set the same password – respective have the same hash of the same password – then the icon of the question mark changes to a “lock” icon.

The idea behind it is to ask in the chat a question to your friend like “What is the name of the city we traveled last year?” or “What was the name of the restaurant we met the first time?” etc.

Both participants normally sing the messages with an RSA (or else) Algorithm to verify, that the used encryption key is from the original sender. But in case the machine would be hacked or in case the Encryption Algorithm would be broken, with the Socialist Millionaire Protocol (SMP) – Process you can authenticate a friend by just entering at both sides the same password.

State Machine Process for the Socialist Millionaire Protocol (SMP) implemented by Instant Messenger ( and Spot-On Applikation (

Please be sure, no to send the password over the chat, but to describe a situation, which leads to the same password. For the first time to test the function both participants could use the word “test” to enter it in the SMP process.

SMP is just another option to authenticate your partner with a common secret.

GoldBug does not distribute zero-knowledge proofs during the various data exchanges. Also, GoldBug uses the SHA-512 of the secrets as the x and y components. Assuming that Alice begins the exchange: Alice: 1. Picks random exponents a2 and a3 2. Sends Bob g2a = g1a2 and g3a = g1a3 Bob: 1. Picks random exponents b2 and b3 2. Computes g2b = g1b2 and g3b = g1b3 3. Computes g2 = g2ab2 and g3 = g3ab3 4. Picks random exponent r 5. Computes Pb = g3r and Qb = g1r g2y 6. Sends Alice g2b, g3b, Pb and Qb Alice: 1. Computes g2 = g2ba2 and g3 = g3ba3 2. Picks random exponent s 3. Computes Pa = g3s and Qa = g1s g2x 4. Computes Ra = (Qa / Qb) a3 5. Sends Bob Pa, Qa and Ra Bob: 1. Computes Rb = (Qa / Qb) b3 2. Computes Rab = Rab3 3. Checks whether Rab == (Pa / Pb) 4. Sends Alice Rb Alice: 1. Computes Rab = Rba3 2. Checks whether Rab == (Pa / Pb) If everything is done correctly, then Rab should hold the value of (Pa / Pb) times (g2a3b3)(x - y), which means that the test at the end of the protocol will only succeed if x == y. Further, since g2a3b3 is a random number not known to any party, if x is not equal to y, no other information is revealed.

SMP Calling[edit]

Forward Secrecy (asymmetrisch)[edit]

Since version 2.7 GoldBug Messenger supports Perfect Forward Secrecy as well for Email. Chat now has as well Perfect Forward Secrecy (FS) now extended with asymmetric keys (as end to end encryption for chat with symmetric keys was already given = "Calling", see above). While the chat is with the permanent chat key always encrypted, we saw above, that a symmetric key can secure this chat with a new layer of end to end encryption. This symmetric key - a kind of AES password - was sent through the permenent asymmetric chat keys. Now the calling feature - to secure the chat with end to end encryption - has been extended: Forward Secrecy is also implemented for calling within the chat over symmetric session keys. This means, you send through your permenent asymmetric chat key to your friend a pair of a session based asymmetric chat keys and use these then to send a symmetric key for the call.

FS-Calling: Calling with Forward Secrecy[edit]

In the end you use the symmetric key (for this call again), but the transfer of the password online is created over a) the permanent chat key b) then over the sessionbased chat keys (forward secrecy). Simply send a asymmetric session key (Forward secrecy) through your asymmetric permenent chat key to send in the end a symmetric key (e.g. AES) through the session based forward secrecy key.

Overview of different ways of Calling[edit]


Goldbug uses an entire bouquet of emoticons - also called smileys. To use the help, double-click on a friend, so that a pop-up chat window for private chat. Now go with the mouse over the send button. In a tooltip that appears smileys are displayed and the input of the ASCI codes for emoticons will be displayed in the chat. In the chat/options-Tab is also the ability to enable & disable the graphical representation of smileys.

Figure 12: List of Emoticons

Figure 12: List of Emoticons in GoldBug Messenger

The E-Mail Function[edit]

In addition to the chat and group chat function of the Goldbug Messenger there is an integrated e-mail system and this extends the communicational functions to a communication suite.

The e-mail client is peer-to-peer based, i.e. the e-mails are sent over the network encrypted connections.

Further, the email client is also able to handle regular email with POP3 and IMAP.



P2P E-Mail: without data retention[edit]

The p2p email network is provided by the integrated architecture of the spot-on kernel. As shown, the e-mail function uses a different encryption key as the chat feature.

So you can to chat to a friend, but refuse to e-mail with him by not giving your encryption keys for email. It makes sense, however, to always copy all the keys as a whole (“Overall-key”), then you have your friend in all the functions present (in addition: also the URL-key and the Rosetta-key will be exchanged, two functions that will be described later).

Of course, the security of a Repleo can also be used for the e-mail function, if you do not want to expose publicly his e-mail key.

Setup of C/O and E-Mail-Institutions[edit]

To this end, there are two different methods for p2p email:

Care-Of-Method (c/o)[edit]

One method is that a third, common friend is used to store the emails there in his cache. Basically, the emails do not require a central server, it can be at home, just a third friend who remains continuously online. It therefore makes sense to have more than one friend in your own friends-list and to network with other common friend friends, who can act as a buffer. Since all the e-mails are encrypted, the friends who make a cache function cannot read your emails. You have the choice of whether the e-mails are authenticated or not authenticated, that means you send the emails just encrypted - without proof, that the encryption-key belongs also to you. This proof is done with a second encryption key for authentication and signing the first encryption key.

The interesting thing about the Goldbug e-mail function - and here it might differ from other p2p Email implementations - is that it is possible to send email also to friends, who are offline. And, that is it hybrid with the POP3/IMAP Email system, so it is currently a model to replace other regular e-mail clients, when the function - respective the GUI - has been more elaborated to the current standards by a subsequent Qt-E-Mail-Client Team.

In summary, GoldBug provides two e-mail models for distributed e-mail. Endpoints may optionally define themselves as institutions or post offices, or both. A brief description of e-mail institutions follows. E-mail institutions are artificially characterized by addresses and names. The information is not considered secret and several endpoints may identify themselves identically. It is the responsibility of an institution to accept subscribers, that is, public-key pairs. Please note that a separate model could consider the use of signature keys instead of key pairs. The data that an institution houses is stored in encrypted containers. Unlike physical institutions, GoldBug institutions are only allowed to read the signature portions of e-mail letters. The signatures allow verification of deposits and withdrawals. The sole difference between e-mail institutions and e-mail post offices is that post offices require the distribution of public-key pairs.

Virtual E-Mail Institution ("VEMI") - Method[edit]

The following example describes, how such a C/O function for e-mails and the creation of a virtual email institution is implemented step by step.

1. First, activate the C/O function in the tab for E-Mail-Settings.

2. Create an institution and choose a name and an address for the institution.

3. Example: Name = "GB mailbox" and address = "Dotcom"

4. Add the E-Mail-Key of your friends in your client and let your friends add the E-Mail-Magnet-URI of your institution in their clients. The magnet will look similar to this:

magnet:? in = GB mailbox & ct = aes256 & pa = Dotcom & ht = xt = urn & sha512: institution

You realize an E-Mail-Magnet at its ending: “URN = institution”. Then you know that the magnet is not a buzz-group-chat magnet and not a star-beam-magnet for file sharing - because they have the extension "buzz" or "starbeam".

After sharing the magnet-URI for Institutions and adding friends E-Mail-Key, your node will cache the emails of your friends - even if necessary for recipients of an E-Mail that should be offline.

You (as the creator of an E-Mail-Institution) need not to expose your own e-mail key with your friends / subscribers of your institution.

You can exchange the Magnet-URI of an E-Mail-Institution in a group chat room (based as well on a Magnet URI with symmetric encryption details). The exchange process for E-Mail-Key & E-Mail-Magnet must therefore expose no further identities.

Feature: Set additional encryption with a "Goldbug":[edit]

Not only the software is called Goldbug, but also the function of the integrated e-mail client to set an additional password on the e-mail.

E-mails to which a "goldbug" password has been set (see later below the description of the file transfer function "StarBeam", here's the additional password called "Nova") can be read by the recipient only, if the corresponding Goldbug-Password is known - the “golden key” to open the e-mail. Thus, you should inform your friends when you send them e-mails that still need an additional password for opening.

An example may be found with the e-mails to your wife: Always encrypt e-mails to your wife additionally with the set Goldbug-Password, which is the city name, which hosted your wedding with your wife.

Figure 14: E-mail tab


To activate the care-of (C/O) caching function, check box "care-of" must be activated in the sub-tab "Email Settings". Then a third friend of two other friends will allow to cache the e-mails in the own client, when both friends are participants in the e-mail own e-mail-contact list.

The second method to cache emails in the p2p email network is to create a virtual email institution. For this purpose, it is also necessary to activate the C/O function with the check box, described above.

Next step is to create a virtual e-mail institution and to announce the created Magnet-URI for E-Mail-Institutions to the friends, which add the Magnet of the E-Mail-Institution to their own client. The last step is, that the public key of the email friends must be added to the node, which provides the E-Mail institution.

The advantage over the first method, however, is that the public email key of the node, that establishes the institution, must be NOT given or known to anyone.

E-mail attachments can also be attached in any case and are automatically encrypted.

E-Mail-Forward-Secrecy Feature[edit]

Email has been extended since version 2015-09-26 of the kernel (GoldBug Version 2.7) with Perfect Forward Secrecy, short: FS. GoldBug and the underlaying kernel architecture is worldwide the first E-Mail client, which supports Forward Secrecy. You send to your e-mail partner over the asymmetric encryption of your permanent email key a sessionbased (forward secrecy) asymmetric key. When your e-mail partner confirms the request and sends his session keys back, then both email participants can use sessionbased asymmetric keys to secure the email communication (with a symmetric ende to end encryption key then). Forward Secrecy has been also implemented in chat for the calling feature (see above: calling with FS).

First E-Mail Client with Forward Secrecy. Choose one of the options.

The permanent public key is used as a transport. That is, the ephemeral public key is shared via the permanent public key. Once the ephemeral public key has been correctly accepted by some recipient, said recipient generates a session private key pair. This session private key pair is transported via the ephemeral public key. The initiator discards the ephemeral pair after receiving the private key pair. Keys are not derived from other keys. Session periods are user-defined.

When you write now an email, you can select 4 modi of encrypting it.

  • Normal: The email is sent as is within the system (echo or poptastic), that means the regular permanent symmetric email key is used, to encrypt your message.
  • Forward Secrecy: Over the encrypted connection sessionbased forward secrecy keys are used - that means you send your message encrypted with sessionbased keys within the permanent email key. This adds another asymmetric layer to your email encryption
  • Pure Forward Secrecy (Pure FS): The message is sent and encrypted only over your sessionbased (symmetric) email keys. This can be called the option to create within the peer-to-peer email "instant" email-addresses and post boxes, which can be deleted after your session. One-Time-Email-Accounts thanks Forward Secrecy.
  • Goldbug: Goldbug sets a password on the email (e.g. AES, symmetric encryption) and you need to inform your email receivers about the password in an oral way. This message is as well sent over your asymmetric email keys.

In case you click the Email-text checkbox-option "plain", all encryption is set back to plaintext - so that the receiver and all intermediate transmitters can read it anytinme.

The process or protocol can be described with this example:

1. I send you my post address. It's public.
2. You send me your post address. It's public.
3. Our addresses are permanent. The addresses only change when we move.

--- Days Later ---

1. I create a unique envelope, an ephemeral envelope.
2. I send you, and only you, my unique envelope. Clearly, I use your postal address to send it. Supposedly, only you can read it. I may sign my bundle too.

 --- Same Day ---

1. You receive my unique envelope and verify it, if you like.
2. You create a special letter.
3. You bundle the special letter inside the unique envelope that I sent you. Once you seal it, only I can open it.
4. You return the unique envelope using my post address. Optionally, you may sign the bundle.
--- Still Same Day ---

1. I receive your bundle. Inside your bundle is my unique envelope.
2. Inside my unique envelope, which only I can open, is your special letter.

1. We use the special letter as often as we wish. Once. Twice. Etc.

A set of session keys are returned via the ephemeral key. This bundle is post-marked by the permanent keys. The first bundle is transported via the permanent keys. They need not be, but they are. That is, you could transport the ephemeral key (one-way) via the permanent key and return the set of session keys via the ephemeral key.

In conclusion, the ephemeral keys are destroyed after the protocol completes and only the set of session keys persists.

Further Research

Keep in mind, that one would transform the permanent keys into transport keys. If they are compromised, public ephemeral keys are discovered. This concept creates a creative research area within echo environments. Here are some immediate concepts.

1. Participants constantly create ephemeral key pairs and exchange session keys via these ephemeral entities. Participants are notified if pool depletion would occur. This exchange would be automatic... as simple as status messages. Messaging is performed only via the session keys.

2. Instead of one set of private sessions keys, exchange a set of sets of private sessions keys.

3. Use OTR within the permanent keys.

Chris Schum resumes: "Forward Secrecy offers a substantial increase in encrypted traffic protection for little or no cost. By using unique keys, information in a session can be protected even if the server is compromised in the future." [2]

POPTASTIC: Encrypted Chat & E-Mail over POP3 & IMAP[edit]

If POP3 or IMAP settings have been defined in the POPTASTIC settings, GoldBug offers encrypted chat and encrypted e-mail over a POP3-server with the POPTASTIC Key.

Further, if you add in the add friends tab not the POPTASTIC Key, but an e-mail-address, you can use the POTPASTIC function also for regular e-mail, which is plaintext-e-mail to an @-e-mail-addresses.

Chat over POPTASTIC[edit]

Poptastic is a global innovation in communications: Encrypted Chat via POP3. The encrypted chat - and of course encrypted e-mail - over POP3 (or IMAP) can be described as follows: With the Poptastic function you can now use all e-mail accounts, for example from Gmail, Yahoo or, for encrypted chat.

So why using a dedicated chat server or plugins for encryption, when you can just use an e-mail address for the chat and also e-mail? The 30-year-old POP3 protocol and set-up email servers can now be used for encrypted chat with this function. The e-mail server is simply converted as a chat server.

The program automatically detects whether it is an e-mail via POP3 or a chat message.

The chat and email function is proxy-capable and can therefore be operated even from work or university or behind a firewall, and over a network gateway.

Figure 24: Poptastic Settings: Encrypted Chat via POP3 and IMAP servers

Poptatsic Seetings

E-Mail over POPTASTIC[edit]

Just as there is chat over POPTASTIC, it is also possible to e-mail via POPTASTIC. Since POPTASTIC is a key with which the friend is entered (via friend-adding Tab), the POPTATSIC-contact or e-mail-address is provided with a lock symbol and additionally marked with a background color to indicate that the exchange of messages happens only encrypted.

When you insert an email-address in friend-add-Tab, this contact is also added to the contact list at the email tab - but without a locked icon and without background color. This indicates that here e-mail messages with this contact are sent unencrypted. This is so far the case, if someone does not use the GoldBug client. However, if the contact also uses GoldBug, both can permanently encrypted email, when the POPTATSIC key has been entered in the tab "friend-adding". Email over Poptastic is a simple and permanently encrypted email, by simply one POPTATSIC-key-exchange at the beginning of the installation.

Setup of POPTASTIC[edit]

Detailed description of the setup options:

From the main menu "View / View" Messengers of GOLDBUG your own e-mail address and the POP 3 or IMAP server details are stored. These are the same data that are entered eg Thunderbird e-mail client or Outlook, for example:

Incomming Server Server:
Port: 995
Password: ********

Outgoing Server Server:
Port: 587
Password: ********

Please press each test button to check the functionality of the server entries. Then save the entries with the "OK" button. (If it is used in the selection menu instead of POP3 or IMAP, the value "Disabled", the program does not send encrypted emails anymore). Then you can all Jumpsuit encryption key (or key for the Poptastic) exchange with a friend for a new installation. If you and your friend have changed and entered the jumpsuit key or the Poptastic key, the chat can start in a running kernel by default. In Gmail, you should, if necessary, set the option in the Web that retrieved POP3 messages are deleted from the INBOX. To connect, you should also define the security setting in Gmail so that all local e-mail client can connect to Gmail: (1) Settings / Forward and POP & IMAP / POP Download: Enable POP for all mail (2) Settings / Accounts & Import / Change Account Settings: Other Settings / [New window] / Security / Access for less secure / unkown Apps: Enabled. It is recommended that, if necessary, set up an extra email account for a first test and further use. Note that new e-mail accounts are possibly limited to 30 days for the sending of e-mails (eg Gmail for 500 chat lines or emails per day).

Group-Chat in IRC-Style[edit]

The Goldbug Messenger has besides to E-mail and Chat also as already mentioned a group-chat feature. This works similar to an IRC chat. The transmission of messages to all group participants will be here again fully encrypted using the echo protocol. Ultimately, all the participants will be able to read the content in a group-chat, who know a particular symmetric end-to-end key, that defines the chat room in the p2p network.

Therefore, it is spoken of an echo-ed IRC (or short: “e*IRC”) – which opens to IRC chat new options, because the transport route of the e*IRC chats are also always encrypted - as today regular POP3 or IMAP e-mails have also at least an encryption for the transport, e.g. with TLS 1.3. Hopefully the traditional IRC-chat will therefore increasingly take account of such safety features. The e*IRC-chat can represent a model of a new generation of IRC.

The encryption details of the group-chats are again defined by a magnet-URI (defined ending: URN=buzz).

At the start of the program Goldbug the developer-chat-room is opened, which can serve as an example for echoed group IRC-chat.

To join a private channel, just type in the room name or use the above-mentioned method of magnet-URI links. The magnet link next to the room name has additional values for the encryption embedded such as keys, hash or cipher for encryption type. If you just typing the room name, and add no magnet-URI, the additional encryption details are set to the value of “0000” and the encryption of the room is only based on the room name.

When you have entered all the values, press the "Join" button – or: if you have inserted a magnet-URI, then use the pull-down menu and select "de-magnetize". The magnet is again broken down into its individual components and encryption details and the chat room is created and entered on the basis of the given encryption values.

If the room is open, you can save the chat-room as a bookmark or at any time printout the corresponding magnet-URI of your chat-room. Also you can send Magnet-URI-bookmarks to your friends to invite them into a room.

To send a message, write some text and hit the send button.

The e*IRC chat room can be public or private, that depends on to how many people you are sending the magnet-URI or the individual encryption values. To announce a public e*IRC chat-room you can add a Magnet-URI on your website and everyone knows, how he can come in your chat room - with "de-magnetize"!

Ultimately, it works like having a chat - with the only difference that the ISP and more rooting server cannot look into the communication because it's encrypted – comparable to your connection for online banking.

So with the echo protocol it makes no difference whether you are talking to friends or your bank manager.

If you want to use the chat room as a private room, you can even share with friends the magnet-URI for the chat-room - without exchanging each other’s public (asymmetric) key for chat. Just create a one-time-magnet and -room and protect your public chat key!

This feature is one of the peculiarities of the Goldbug program that you can chat easily encrypted without having previously to exchange asymmetric keys or you can can swap asymmetric keys in a private IRC-room – as a protected asymmetric key in a private chat-room (based on symmetric keys (Magnet-URI keys)).

Goldbug allows a secure key transfer with the Repleo and additionally the key exchange over a one-time magnet (OTM) for a private chat room - your public key does not need to be public!

While other applications share the public-key with all friends or even in a DHT and partly also relate its own IP-address to the keys - that above presented architecture for the transport of encryption keys is much safer and forward-looking.

Figure 15: IRC group-chat within the echo

Echoed IRC = e*IRC

FileSharing: with Starbeam[edit]

As in any messenger file-sharing between several persons - or a file transfer between two defined groups of people – is provided in Goldbug. The file sharing function is called “Starbeam”.

For this purpose, it is necessary to point to the following steps: • Adding or Creating a SB-magnet-URI • Optional: encrypt the file with a pass phrase called "Nova" • Optional: encrypt the file with the file encryption tool. • Select the file and a SB-Magnet: How to transfer the file encrypted.

Figure 16: Starbeam tab for file transfer

Figure 16: StarBeam-Tab

The tab "StarBeam" for the file sharing consists of three sub-tabs: one for uploading, one for downloading and one for creating or adding a SB-magnet. Many users still know it by an Emule or Torrent Client: more easily it cannot be: upload, download, and a tab for pasting the magnet-URI.

StarBeam-Magnets with encryption values[edit]

A magnet-URI is a standard that is known from many file-sharing programs (often in the Gnutella network) and also eDonkey / eMule ed2k-links or torrent links corresponds. The evolution of the magnetic URI standards by the GOLDBUG Messenger underlying spot-on library lies in the design of the magnet URI with encryption values. Magnets are so used to create a bundle of cryptologic information or keep together. SB-magnet URIs are therefore referred to the community as a crypto-Torrents, since they can be linked to a web page as a torrent link and access to a file - can be linked - or even as a channel for different files.

Through this dual-use effect a magnet cannot be assigned to a single file or a specific IP address. A file name does not appear in the crypto Torrent or SB-magnet, as yet, even at the - is more advanced example of links or - compared with Gnutella, eMule and torrent link. However, while numerous opinions see the link of Gnutella, eDonkey and Torrent Links-critical, consists in a collection of encryption values no reason to discredit these values. Your homepage or independent portals Find Starbeam so advanced technology. In addition to the strategic decisions of the selection of a link standards but it comes at the use aspect to maintain the security of the file transfer between two private users.

For the flow of private file transfer from friend to friend some more information: Before you will send a file, you can consider if you simply appending send an email to an email within GOLDBUG. This is the version of choice when the file is smaller than 10 MB. Larger files should be operated only on the Star Beam function.

Before shipping You can also consider to encrypt the file on the hard disk. These holds the GOLDBUG Messenger in the main menu under Tools / Tools tool for file encryption ready. With a double passphrase, the file is encrypted in it. Some pack the files into a zip and encrypt it before sending or uploading. The zip encryption is very easy to crack 96 bits, so far so you should use a key as it is now recommended for RSA with 2048 bits. No matter how you put your file now vorbereites - such as it is, as plain binary, or encrypted with the GOLDBUG tool from Starbeam - yes it is encrypted again several times with the echo protocol.

Just like you can put an additional password to an email at email ("gold bug" mentioned in the e-mail function, see above), you can also click on the file - or more precisely set another password on the used magnetic UIR file transfer. This is called "Nova". Even if the file transfer is successful successful or a third stranger could poop the previous multiple encryption (which is not likely), is introduced with the Nova password an end-to-end encryption, which is safe as long as the common Password is exclusively for both partners under wraps. To send a file using an encrypted channel must be created. This works again (indicated at the end URN = SB-Star Beam) with the creation of a magnet. To file for package file packet is - also file chunk or file link called - transmitted over this channel using the HTTPS protocol (which can based on TCP, UDP, and SCTP also connections). Therefore, it is an interesting question whether a transfer of a large, encrypted file using Starbeam over SCTP, TCP or UDP protocol, ceteris paribus, is transmitted correctly and fastest.

Thus it is clear that in Starbeam no specific file is changed, but are generally exchanged only encrypted channels. It's like a "wormhole" to "Stars" to stay with the term. And this channel is defined by a magnetic-URI link.

Figure 17: SB-Magent URIs & Novas

Figure 17: Magnet and Novas for StarBeam File Sharing

Ideally, you have your own magnet URI for each file. That would be then a one-time Magnet (OTM), a magnet is used only once for a file. (OTM thus corresponds to the idea of an OTP - a one-time pad . A string that is only used once OTP is often considered in cryptographic processes as crucial to establish security). You can also use permanent magnet but a URI, then it's like, a subscription video channel in which, for example, every Monday a file is sent.

This opens eg also Torrent portals new possibilities, it must no longer exist portal, linked in the thousands of links. The portal itself requires only a single magnetic UIR in this decentralized network echo, in order to send Consecutive then gradually a file after the other through the wormhole. Who's afraid that the neighbor connected could disapprove a file transfer, then you need to switch only on p2p and f2f with Echo accounts a Web-of-Trust to create. Connect your node only to a trusted friend by finding all the credentials of the echo accounts for sharing and a magnetic-UIR file for your channel. At once you have transferred a file from the magnet URI, so you can delete or keep the magnet URI. You Erstellst the magnet as OTM and activate the check box for OTM, then it deletes itself after file transfer by itself. Man, that's like Mission Impossible.

So you can share with your sister and securely transmitted over the Internet without having to unencrypted upload it somewhere your journal your vacation. The tool of GOLDBUG-File Encryptor you can of course also use it if you want somewhere to upload to an online hosting a file. However, as these files if necessary to control and encrypted files are marked with a question mark, although it should be an exclamation point, it makes sense, the encrypted file right from point to point, from friend to friend to transfer over GOLDBUG.

As mentioned, it is recommended that called on the file transfer at least one. Nova added as additional passphrase. For if the transmission of the SB-magnet URI should be monitored - You must crypto Torrent somehow transferred online to your friend - then everyone who knows the magnet URI can also receive the file as well.Therefore, it makes sense to protect the file with a Nova - a password that have changed both friends possibly orally, in the past or through a second channel. The Nova also builds on the end-to-end encryption standard AES on (if you do not think up you own a passphrase). And it must - before - the file transfer begins, have been stored in the node of the receiver.

If a recipient has a file packet, a chunk or link received, he is able to upload this again - in other magnet URI channels - or to give it again in the same channel. This is similar to a rewind function: The file is simply played back again again like on a cassette recorder or MP3 player via the echo network. The file can be also sent many hours or days later. Anyone who has obtained a copy of a magnet URI channel becomes a satellite television, and can the data into a wormhole or better: import Starbeam Magnet URI again. To perform the transfer, you need only one connection to a neighbor or friend and can secure them with an echo-account, so that only friends can connect with each other.

The transmission of the Echo protocol is more effective than using a protocol similar to the " Turtle hopping "(see Wikipedia) to run because, depending on the configuration of the echo-network here (Full echo, half echo, Adaptive Echo, Super Echo) and the basic encryption nodes with only low bandwidth do not necessarily act as a bottleneck, but on further optimize echo paths the desired download speed.

SB-Upload: Transfer of a file[edit]

If you have a magnet URI defined or generated, it appears not only in the sub-tab for the magnets, but also in the table in the sub-tab for upload / seed. Select the check box of a self-magnetic. Also choose the file. Finally, you might even decide if you transfer to an additional password - want to place - called Nova. For the first test, you can skip this first time. The chunk size (Pulse-size) can be left as pre-defined. The echo is transmitted as an HTTP post or -Get, corresponds to the transfer of a website. If the pulse size is made larger, the website is as it were longer transmitted. Then push the button "Transmit" / "Transfer". Finally, the magnet URI copy and send it to your friend. If he has copied him, you can start the transfer with the deactivation of the pause function. The magnet URI can printout in the right side splitter to transfer table. Figure 18: Transfer a file


To load a file with Starbeam, you need turn a SB-magnet URI or sometimes colloquially referred to as Crypto-Torrent. This you can find on websites linked or can you this from a friend who wants to send you a file obtained. Copy then the magnet URI in the sub-tab for the magnet URIs easy. Share your boyfriend that you have inserted the magnet URI and he can start the transfer. Previously, you should not select the check box "Receiving" / "reception" in the download sub-tab. Then should start the download, once a sender sends a file via the echo and through the channel of the magnet. With the other settings on this page you can also define the size and the path to the download area. The successfully downloaded parts are called Mosaics. The files to be transferred are links (or in the community also: Chunks) called.

Figure 19: Download files

Figure 19: StarBeam-Magnets added to SB-Tab

Werkzeug: Star-Beam Analyzer[edit]

If a file does not even have been successfully transferred, this can be checked with the Star Beam Analyzer tool. This determines whether all mosaics are available or whether left or chunks missing. If there are missing links, the SB-analyzer creates a magnetic URI, the friend can enter into his upload tab again. Then only the missing links or chunks are sent again. The file would also complete, if the transmitting station ("Resend" =) three times a day for the echo to the "Rewind" - sending function. Note that a magnet is a channel and existing files will be renewed in your mosaic path then when no one-time magnet is used.

Outlook in terms of Crypto-Torrents[edit]

Create Starbeam magnet URIs so new ways of thinking when it comes to the use of crypto Torrents about the echo protocol?

Web-Seachengine with URL-Database[edit]

Database Setup[edit]





Pandamonium WebCrawler[edit]

RSS-Reader and URL-Import[edit]

Chat/E-Mail-Server Setup[edit]

Create a Chat-/E-Mail-Server with a Listener[edit]

Once you are least in the minimal view, a chat server or listener is set up as fast as in the previously described tab a connection is made to a neighbor. Again, for Erinnering: "Connect" in the tab, you connect your GOLDBUG with another node or neighbors, and with the tab "chat server" you create a server or listener, so that others can connect to you. No matter which method you can always send messages when the second or third LED in the status bar and a neighbor is connected. The right (third) LED in the status line thus indicates that you have set up your own chat server on your computer.

Moreover, you will have to enter the local IP address of your machine. This is not the IP address of the router, but the network IP address of the device on which you have installed GOLDBUG. Again, you use the pull down menu selections and can choose the local IP. As a port is then defined automatically 4710. Dücke the button "Set" and the entry of your listener is successful if the third LED lights. If you have a client who is on your server, or you're connected in the "Connect-neighbor" -Tabulator from You to another chat server, or friend, then you can also head "Go Live" button. This is communicated to your chat server via the existing connections show your friends and neighbors and friends as well as their friends. "Go Live" Thus says "Broadcast IP + port" your chat server to your friends and neighbors. Then you can also connect automatically to your chat server. So you have to tell an IP address or you can enter more friends Your IP address manually. Everything is then automatically and your server is to your friends and their friends as a peer available. So Easy A chat server can be created.

Figure 22: Setting up a EMPP chat server - Simple View

Figure 22: Create Chat Server (Simple view)

The echo protocol from the messaging area or for the chat server creation and referred to as "EMPP" and stands for " Echoed Messaging and Presence Protocol "- certainly based on XMPP protocol elaborated as little regard to encryption applies and due to poor upgrading with encryption capabilities and options even at cryptologists and data protection in terms of the architecture may be true, despite existing Popularity technically antiquated. If you still want to define additional features in the non-minimal view, is a frequently used function of the echo accounts. Mark in the table to the listener you created, and then give the account credentials a, ie name and password. Share your friends with how the account name and the password is for it and he is when he makes contact with neighboring asked via a pop-up window, enter these credentials. Likewise, you can also back between IPV4 IPV6 and choose when you create a listener / chat server will. Also, multiple chat servers can be created by using a different port is selected. Test several listener on port 4710 or 80 or 443 and decide whether you want to define this listener for friends with an echo account, or for simple connections to be established in peer mode without account log are running. Echo Account define whether to build up a F2F network or a P2P network, because the account credentials you create a web-of-trust, trust only your friends can connect to the login password with. If you are running a peer, you can also click on a LAN party of a closed network knob notify all participants with the go-live that your node has opened a listener for the guests, for example.

Configure your IP address as a chat server: Figure 23

Figure 23 Create Chat Server - Advanced view

Security options allow in the enlarged view for creating a chat server / listener further define the SSL key size and vorzuhalten also a permanent SLL certificate. Also you can - if you have a permanent, stable IP address - these include in the SSL certificate. These three measures make it attackers from to replace the SSL certificate or fake - because it would immediately recognized when a supposititious other certificate would impersonate the original: for example, because the client does not expect a new, but the old, permanent certificate or because the IP address is missing or is not consistent. The SSL key size defined this.

Create a server / listener home behind a router / Nat:[edit]

If you do not have a web server or can not find a general neighbors on the web, you can also chat server at home behind your router set up. Your friend must then not, he can directly connect as a client to your listener. But one of them must create a listener. If you want to make this behind your router / Nat home, take as geannt the machine for the listener eg .. Then local IP address you need in your router also forward the port, that port 4710 must be forwarded by the router to - spot-on Kernel.exe - 4710. Then, the kernel needs as well as the GoldBug.exe in your Windows Firewall be allowed. If you do everything correctly routed, the friend can connect his clients to your (external) IP address of the router (see, eg, under and port 4710. The important thing is that your router forwards the connection attempt from the Internet at the selected port to your local machine. This is a common and safe procedure and does not open any access to your computer, but on the port and the application is in this case as in many other programs defined that only packet be allowed in this sense. You can and must this define everything yourself and GOLDBUG does not contain code that automatically forward ports in the router, or opens or even automatically sets up a listener. Thus, it is safer and demand-oriented than other applications, configure the purposes of Nutzerfeundlichkeit themselves and this Although effort to lose weight, but also offer many ignorant people who know the technical details of port forwarding, port opening and listener-definiton, by default. So when you hear the first of them, be sure that other programs that often automatically adjust everything and the fact that this program allows these options as manual settings by yourself, you should not put you off, give it a try and in the to trust you set technique because it blut works as described on port released, if necessary port forwarding and setting up a listener.

Usage of GoldBug within the TOR-Network[edit]

If you want to run your GOLDBUG chat about the Tor network, this is also very comfortable, so that a Tor exit node will only see the passphrase of GOLDBUG. Here is the chat server to a normal web outside of the Tor network; occasional participant in the gate community are in the process of designing the installation of a GOLDBUG chat server / listener inside the Tor network.

Since the echo protocol is not necessarily a DHT needs, but just a simple HTTP connection to a neighbor that can potentially be mapped through the Tor network, it is a very simple architecture, chat safely through a proxy or a proxy network to operate.

This is also potential for further testing, experiment descriptions and documentation are given if necessary, to bring the synergies of the clients inside and outside the network forward together and explore information technology. If you want to test or use a proxy, for example, in your company or university with the GOLDBUG messenger, then this is not critical, because it is a SSL / TLS or HTTPS connection established - which is hardly different for the proxy administrators as SSL / HTTPS connection to an HTTPS website in banking or logging into your Web e-mail.

Encrypted traffic remains encrypted traffic and ports 443 or 80 can be achieved at any GOLDBUG friend.


Tool: Encryption of files[edit]

GOLDBUG has additional tools for encryption. In the main menu, choose Tools and you will see the tool used to encrypt files on your hard drive ("File Encryption Tool")

Figure 25: Tool for file encryption

GoldBug Tool: Figure 25: Encrypt Files on your Hard Disk

To encrypt a file on your hard disk specify the same path and select an different extension or a modification of the file name - then enter the password and pin (both must be at least 16 characters) and press the radio selection buttons ***???*** define whether supply the file or to be un-encrypted. Cypher algorithm and hash type can also be selected as a signature in the encryption can be included as an option in order to ensure that the encryption was done by you (or anyone else). ***????*** The file encryption tool is available to replace other software; for instance, the widely used Truecrypt system has been abandoned by its developers and there is some doubt about its actual security. You can encrypt or to backup individual files before transferring them to, for instance, a cloud storage server. Not all of them encrypt files for security when they are received; if their systems are breached, your data may be exposed. Even if you simply leave the encrypted file on your own equipment, or ask a friend to keep the files, if the encrypted version is the only one on your system (or on your friend;s), no theft or break in to your system or his will expose the information in the file.

However, NOTE CAREFULLY, you must not forget the password and pin you have chosen. There is no feasible way to recover the data from an encrypted file. GoldBug's encryption algorithms are well chosen and there are no known clever hacks to reverse them. There is advice here on how to choose a password / passphrase. As in all cases, important data should be backed up, and the back up copies stored safely. If encryption is involved, "keeping safely" means not only physical safety (away from fire, flood, or other disaster) but in such a way that the data can be recovered if needed. This means that passwords / passphrases MUST NEVER BE FORGOTTEN OR LOST.

Tool: The Rosetta CryptoPad[edit]

The tool Rosetta Crypto pad takes its name from the Rosetta Stone, which is now in London at the British Museum (see Wikipedia). It was critical to decyphering of ancient Egyptian by Champollion in the early 1800s. GOLDBUG Rosetta Cryptopad consists of two dishes - as well as chat and e-mail have such own key. Swap here with a friend the Rosetta Key, give text, select the friend and whether it is encryption or decryption - and press "konverieren" button. ***???*** Then the output is shown and this you can simply print-out with the copy function and ship via conventional online communication channels such as @ -E-mail or other chat. Slow Chat by manual encoding of your chat text. ***???***

It is an alternative to GnuPG (and yes it is based also on the GnuPG underlying library Libgcrypt).

Figure 26: The Rosetta CryptoPad

Figure 26:Rosetta crypto pad

Tool: Echo Public Key Share (EPKS)[edit]

Overview of Features and further Development & Evaluation[edit]

•         Spot-On is the underlaying library of the GOLDBUG Instant Messenger.
•         Spot-On has a GUI and is quite configurable, GOLDBUG aims to be a desktop / mobile messenger application, with a smaller set of options to fit mobile or tablet devices.
•         Spot-On is a c ++ library and originally an exploratory research project investigating an encrypted communication and data transfer protocol termed the "echo protocol", or briefly "EMPP" protocol: Echoed Message and Presence Protocol. The package includes the Which 'libspot-on' library, and is found at  Spot-On enables personal and group messaging, decentralized peer2peer email, echoed IRC / Chat channels Buzz, and secure file transfer with multiple encryption options (SSL, RSA (PGP / GnuPGP) / ElGamal, AES, libgcrypt, OpenSSL, etc). IP Addresses are independent of the  Encryption Keys. It is programmed in C ++ and is the underlaying library for chat, email and messaging applications like the GOLDBUG Instant Messenger App.  Spot-On can be deployed by every c-developer into chat and file sharing apps.

Short overview of Features:

•         Accounts: Enter your password at set up time.  It is not transferred to a server;  a hash comparison is done on both sides.
•         All data on your hard disk (.db files) can be encrypted with high quality cryptography.
•         Gemini (end-to-end encryption key) is secured by a MAC Gemini hash.
•         Secure Key Transfer: Repleo encrypts your public key.
•         Chat over door with GoldBug.
•         Instant Forward Secrecy with MELODICA Button: Change the encryption key end to end whenever you want .
•         Provision for additional ready to use passwords for emails (based on the AES cypher).
•         Exchange peer2peer emails to off line friends.
•         E-Signatures : Emails can be sent and received with or without cryptographic authentication. 
•         Star Beam (SB) : Send files anonymously and encrypted. 
•         The echo protocol uses TCP & UDP transport; UDP is suited for VoIP echoed.
List of possible criteria for evaluation in future releases
•       Tiered application: kernel and user Interface Processes?
•       Add proxy capabilities?
•       Send email messages to offline friends?
•       Send email with encrypted attachments?
•       Having different keys for chat, email, Cryptopad, file transfer, etc.?
•       Is the key stuck to your IP address?
•       Mutual authentication access?
•       No hashing of a file and sending it with hash and transmitter / receiver's ID to neighbors, would it then be identifiable?
•       Are there alternative to RSA, ElGamal like or NTRU? Can a NTRU-user chat to a RSA user?
•       You can use SSL or not? Selectable SSL ciphers?  Remove SSL in favor of TLS?
•       Selectable hash algorithms?
•       Just need connectivity, no key exchange, keys are optional?
•       You are more autonomous?
•       Trust is not needed, or can be added as you define it?
•       Technical simplicity?
•       Anonymous seeds?
•       You can not deterministically determine who is reading Which message;  there is no destination ID or info added?
•       Free of Web-of-Trust Graphs and no mapping of connections?
•       It's different, it's fun?
•       Local database stores all info in encrpyted .db 's?
•       Re-encode support of locally-encrypted data?
•       Optional authentication of messages?
•       You can communicate without public keys, using magnets?
•       Support for TCP and UDP and SCTP communications?
•       Support the multi-layer of encryption?
•       Having multi encryption? eg SSL + RSA + AES? Or even ciphertext over SSL + RSA + AES   (Rosetta Cryptopad ciphertext sent over encrypted channels)?  Deprecate or remove SSL?
•       multiple listeners are possible?
•       A kernel is given a name? Multi-threaded ?.
•       IRC-like channels?
•       Simple IP-based firewalls?
•       You can define many points of connections?
•       Do scramblers send out fake messages ?
•       You can store messages in friends?
•       You have the option to use to end-to-end key for communication?
•       You have the option to renew the end-to-end key each time you want (not only session based)?
•       Encrypted file transfer protocol (Starbeam)?
•       Using a one time magnet (OTM) for a crypto channel?
•       Having ipv6 support?
•       Having Qt 5 and up deployed?
•       hops are not forwarding, no routing, is it always a new wrap the message and send to just to your friend? router-less and forwarding-less protocol?
•       Sending a message to a friend to his dedicated connection and not to all connections?
•       Hiding the key exchange online?  How to do securely?
•       Use several encryption keys on one file transfer?
•       Adding a passphrase on a file transfer?
•       Use it as client without a listener?
•       ... Over 40 criteria.  An analysis in a master's thesis - with different implementations in different synthesis tools compared, would be a great contribution.

Digital encryption[edit]

of your private communication in the context of ...

Principles of the protection of private speech, communication and life: Universal Declaration of Human Rights, 1948 (Art. 12)[edit]

No one Shall be Subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against interference or attacks investigated.

International Covenant on Civil and Political Rights, 1966 (Art. 17)[edit]

1. No one Shall be Subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation. 2. Everyone has the right to the protection of the law against interference or attacks investigated.

European Convention on Human Rights, 1950 (art. 8)[edit]

1.Everyone has the right to respect for his private and family life, his home and his correspondence. 2.There shall be no interference by a public authority with the exercise of this right except as is examined in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Charter of Fundamental Rights of the European Union, 2000 (Art. 7, 8)[edit]

Article 7. Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications. Article 8. Protection of personal data 1.Everyone has the right to the protection of personal data: concerning him or her. 2.Such data must be processed fairly for specified purposes and on the basis of the consent of the person Concerned or someother legitimate basis laid down by law. Everyone has the right of access to data has been collected Which: concerning him or her, and the right to have it rectified. 3.Compliance with synthesis rules Shall be subject to control by at independent authority.

Basic Law eg for the Federal Republic of Germany 1949 (art. 2, para. 1 i. V. m. Art. 1, para. 1)[edit]

Article 2 [personal freedoms] (1) Every person shall have the right to free development of his personality insofar as he does not violate the rights of others or offend against the constitutional order or the moral law.

Article 1 [human dignity - human rights - legally binding force of basic rights] (1) Human dignity shall be inviolable. To respect and protect it Shall be the duty of all state authority.

Further: Article 1 and Article 10: Art. 1 [human dignity - human rights - Legally binding force of basic rights] (1) Human dignity shall be inviolable. To respect and protect it shall be the duty of all state authority. (2) The German people acknowledge inviolable and inalienable human rights as the basis of every community, of peace and of justice in the world. (3) The Following basic rights shall bind the legislature, the executive and the judiciary as directly applicable law type.

10 [privacy of correspondence, posts and telecommunications].

Secrecy of correspondence - secrecy of telecommunications (Art. 10 para 1 of the Basic Law.) § 88 Section 1 of the secrecy of telecommunications - Telecommunications Act:[edit]

(1) The telecommunications secrecy of the content of telecommunications and their specific circumstances, in particular the fact that someone is involved in a telecommunication process or was. Telecommunications secrecy extends to the circumstances of unsuccessful connection attempts.

(2) In order to maintain the secrecy of telecommunications is obligatory for every service provider. The duty of confidentiality continues even after the end of the activity, by which it was begun.

(3) The debtor under paragraph 2, it is prohibited, or to procure another over the businesslike for the provision of telecommunications services, including the protection of their technical systems beyond what is necessary knowledge of the content or the circumstances of its telecommunications. You may know of facts which are subject to the secrecy of telecommunications, use it only for the purpose referred to in clause 1. The use of such knowledge for other purposes, particularly passing to others is permissible only if this Act or any other statutory provision provides for this and explicitly refers to telecommunications operations. The obligation under § 138 of the Penal Code shall prevail.

(4) the telecommunications plant is located on board an aircraft, or water, so a duty to maintain secrecy shall not against the person who drives the vehicle or to its delegate.

§ 206 violation of postal or telecommunications secrecy (1) Whoever without authority of another person gives a notice of facts that are subject to postal or telecommunications secrecy and have become known to him as owner or employee of a company that businesslike provides postal or telecommunications services, with imprisonment up to five years or a money penalty.

(2) Likewise, anyone who illegally as owner or employee of a company referred to in paragraph 1. 1 a mission that has been entrusted to such an undertaking for the transmission and is closed, opens or gives to its contents without opening the closure under application of technical means knowledge, suppressed 2. a such an undertaking entrusted to transmit broadcast or 3. Any of the paragraph 1 or permitted in paragraph 1 or 2 referred to acts or promotes.

(3) The provisions of paragraphs 1 and 2 shall apply to persons who first tasks of supervision of operations referred to in paragraph 1 companies perceive, 2nd by such organization or with its authorization to the provision of postal or telecommunications services entrusted or 3 . are engaged in the manufacture of the operation of such a company serving system or work on them.

(4) Whoever without authority of another person gives a notice of facts that have become known to him to be outside the postal or telecommunications sector tätigem officials on the basis of an authorized or unauthorized interference with the postal or telecommunications secrecy, with imprisonment up to two years or with money penalty.

(5) The postal secrecy the circumstances of postal traffic of certain persons as well as the contents of mail. The telecommunications secrecy, the content of telecommunications and their specific circumstances, in particular the fact that someone is involved in a telecommunication process or was. Telecommunications secrecy extends to the circumstances of unsuccessful connection attempts.

United States Constitution: search and seizure (expectation of privacy, US Supreme Court interpretation)[edit]

The US Constitution was adopted by the people of what would become the United States, and upon adoption became the basic law and governmental structure of the new country. Shortly after its adoption, several amendments were added, according to the provisions of the new Constitution, and became part of it. The first group (ten) have come to be known as the Bill of Rights. The Constitution, as amended, is still the fundamental law of the US. One of the Amendments is (with original capitalization):

The right of the people to be secure in Their persons, houses, papers, and effects, against unreasonable searches and seizures, Shall not be violated, and no Warrants Shall issue, but upon probable cause, supported by Oath or affirmation, and particularly Describing the place to be searched, and the persons or things to be seized.

Precisely what these words mean, in a world of telephones, telegraphs, radio, the Internet, ..., in a specific instance, has been elaborated through explicitly enacted Federal law, various court decisions -- especially by the Federal Courts and most especially the US Supreme Court. Additionally, the various states have each adopted Constitutions and enacted law; some provisions of these are relevant to such issues. One person's understanding of the meaning of the words here may not match the vector sum (in the odd sense of common and statute law) of those interpretations.

Release history[edit]

Version Date Changes
2.7 02015-09-26September 26, 2015 Forward Secrecy in Email & Chat Release.
2.6 02015-08-01August 1, 2015 Serverless Key Share-Release.
2.5 02015-06-19June 19, 2015 URL-Websearch-Release.
2.1 02015-04-20April 20, 2015 Virtual-Keyboard-Release.
1.9 02015-02-23February 23, 2015 Socialist-Millionaire-Protocoll-(SMP)-Release.
1.8 02015-01-24January 24, 2015 E-Mail-Client-Release: Plaintext-Emails over POP3/IMAP.
1.7 02014-12-06December 6, 2014 Poptastic-XMAS-Release: Encrypted chat over POP3.
1.6a 02014-11-09November 9, 2014 2-Way-Instant-Perfect-Forward-Secrecy: "2WIPFS"-Release.
1.5 02014-10-10October 10, 2014 Alternative Login-Method Release
1.3 02014-09-30September 30, 2014 NTRU Release
1.1 02014-09-09September 9, 2014 Vector Update Release
1.0 02014-09-07September 7, 2014 File-Encryption Tool Release
0.9.09 02014-08-20August 20, 2014 Smiley Release
0.9.07 02014-07-13July 13, 2014 Adaptive Echo Release
0.9.05 02014-05-31May 31, 2014 Added Example Project Chat Server Release
0.9.04 02014-04-22April 22, 2014 SCTP & Institution Release.
0.9.02 02014-03-13March 13, 2014 StarBeam Analyzer Release
0.9.00 02014-02-07February 7, 2014 Tablet Gui Release.
0.8 02013-12-23December 23, 2013 Rosetta CryptoPad Release.
0.7 02013-12-19December 19, 2013 StarBeam Filesharing Release
0.6 02013-10-24October 24, 2013 El-Gamal Release
0.5 02013-09-16September 16, 2013 Signature-Keys Release
0.4 02013-09-03September 3, 2013 Kernel-Improvement Release
0.3 02013-08-26August 26, 2013 Geo-IP-Release
0.2 02013-08-22August 22, 2013 SSL-Release
0.1 02013-07-27July 27, 2013 based on the release of the same day of the Echo/Chat-Kernel-Servers and Application, going back on another previous research project."/>

Web Page[edit]

More information can be found on the website:

Open Sourcecode[edit]

GoldBug's source code may be found at:

Compiling Information[edit]

Wer auf der Webseite von GoldBug schaut, findet hier jeweils die aktuelle Veröffentlichung, insbesondere für Windows. Wer jedoch fortgeschrittenere Computer-Kenntnisse hat, ein Programm auch selbst vom Quellcode kompilieren kann oder es an diesem Beispiel erlernen möchte, findet hier die Hinweise, wie dabei vorzugehen ist für das Betriebssystem Windows.

Die Kompilierung aus dem Quellcode ermöglicht es Dir, zu sehen, wie der Quelltext sich in eine Binärdatei (.exe) bildet und welche Programmbibliotheken zu ergänzen sind, damit die ausführbare Datei laufen kann.

1. Lade das Qt-Tool-Kit herunter. Wähle die Offline Installation mit MingGW: z.B. Qt 5.5.1 for Windows 32-bit (MinGW 4.9.2, 1.0 GB) unter der URL:

2. Lade sodann den Quelltext herunter. Für Windows sind alle benötigten Abhängigkeiten und Programmbibliotheken bereits integriert im Pfad des Qelltextes. Die GoldBug Gui und den Spot-On Kernel findetst Du bei GitHub unter dieser URL: Um den Quelltext herunterzuladen kannst Du auf der Webseite den Master-Tree als Zip im Browser herunterladen oder du verwendet einen GIT-Klienten für Windows.

Für Linux lade alle diese Programmbibliotheken:

  • Qt 4.8.5 oder Qt 5.1.x, 
  • libGeoIP 1.5.1, 
  • libcrypto 0.9.8 or later, 
  • libgcrypt 1.5.x, and 
  • libssl 0.9.8 or later. Further:
  • libsqlite3-dev
  • libgcrypt11-dev
  • libssl-dev
  • libgeoip-dev

Die libGeoIP Programmbibliothek ist optional und kann auch umgangen werden, wenn die ausgewählte die Qt-PRO-Projektdatei entsprechend konfiguriert wird. Prüfe bitte, ob Du für Linux alle genannten oder aktuellere Versionen dieser Programmbibliotheken auf Deiner Maschine installiert hast. Für Windows sind wie gesagt die nötigen Programmbibliotheken dem Quellcode bereits beigefügt (DLL-Dateien). 

3. Nachdem Du Qt installiert hast, starte das Programm Qt-Creator aus dem Qt-Verzeichnis.

4. Wähle aus dem entpackten Quellcode-Pfad die relevante .pro Datei aus und kompiliere die GUI und den Kernel mit Qt Creator. Für die Kompilierung von GoldBug installiere also Qt5 und wähle dann die .pro Datei Diese Datei öffnet beide Unter-Pro-Dateien für Kernel und Gui. Klicke dann in QT-Creator einfach den grünen Forward-Pfeil und die Kompilierung startet. Am Ende des Kompilierungsprozesses aus dem Qt-Creator sollte dann die GoldBug.exe startbar sein. Wenn Du die exe.Datei in einen eigenen Pfad auf Deine Festplatte geben willst, musst Du auch alle benötigten DLL-Dateien hinzufügen sowie die Unterpfade z.B. für die Sound- oder Qt-Dateien.

Du kannst mit dem Qt-Terminal-Fenster GoldBug natürlich auch mit manuellen DOS-Befehlen kompilieren, ohne Qt-Creator zu nutzen.


Windows: qmake -o Makefile 
make or mingw32-make
or choose in Qt-Creator:

GB does not provide checksums for the binary downloads as the source is given for those who want to build on their own. GB has a build date in the gui so the sums might differ for each compile.

FURTHER INFO for other .pro files:

If header (h) or interface (ui) files have changed, please perform a distclean before building the application.

Absolute cleaning: make distclean or mingw32-make distclean

FreeBSD: qmake -o Makefile

Linux: qmake -o Makefile

OS X: qmake -spec macx-g++ -o Makefile

Windows: qmake -o Makefile
make or mingw32-make

Publication list[edit]

  • Adams, David / Maier, Ann-Kathrin (2016): BIG SEVEN Study, open source crypto-messengers to be compared - or: Comprehensive Confidentiality Review & Audit of GoldBug, Encrypting E-Mail-Client & Secure Instant Messenger, Descriptions, tests and analysis reviews of 20 functions of the application GoldBug based on the essential fields and methods of evaluation of the 8 major international audit manuals for IT security investigations including 38 figures and 87 tables., URL: - English / German Language, Version 1.1, 305 pages, June 2016
  • Demir, Yigit Ekim: Güvenli ve Hizli Anlik Mesajlasma Programi: GoldBug Instant Messenger programi, bu sorunun üstesinden gelmek isteyen kullanicilar için en iyi çözümlerden birisi haline geliyor ve en güvenli sekilde anlik mesajlar gönderebilmenize imkan taniyor (Translated: "Goldbug Instant Messenger Application is the best solution for users, who want to use one of the most secure ways to send instant messages"), News Portal Tamindir