logo
ECHAT CLIENT Back to Home Page



EChat is a 2 part program consisting of a server component and a client component. The client component (EChatC.exe) runs as a Desktop Application.

EChat is short for Encrypted Chat, as all conversation data is fully encrypted using a 256 bit random key. Each client must have a UserID, and a password is required to activate the Client program and connect to the server. When the Client connects to the server, it sends the UserID and a Public ECC (Elliptical Curve Cryptography) key. The server uses that Public key and it's own Private key to generate a "Shared Secret". The server then sends it's Public ECC key back to the Client. The Client uses it's own Private ECC key and the Public key from the server to generate the same "Shared Secret" as the server. The Client then Encrypts a hash of the password, and sends it back to the server. The server decrypts the password hash and verifies that it matches the UserID. It then encrypts a randomly generated 256 bit Key using the "Shared Secret" and sends it back to the Client. The "Shared Secret" is only used once, and all further transmission uses the Random Key.

The first time the Client program is run, there will be no UserID or Password configured and the program will be allowed to start. Run the menu "Setup". You will be prompted to enter a UserID of 3 to 10 characters. Then enter a password. If you have to change the password in the future, you will have to enter the current password before changing it. When you restart the program, you will be prompted for the Password.

The Port will default to 531, but it can be changed. The IP Version will default to 4. The Server can be entered as a Domain Name or an IP Address (Default is 127.0.0.1/::1). Domain Names can only be used if they are properly registered, or you have entered them into the "HOSTS" file.

Pass on your UserID to the server operator by some means such as email, and it will be added to the database along with a blank Password hash. Do not send your Password using insecure communication such as email, as the server operator will not be able to use it. Once the server operator has entered your UserID into the database, you can attempt to connect with the server. You should get a message saying "xxxxxx has Invalid Password". The server operator will recover a hash of your password and add it to a User database. Once that is done, you should be able to connect and get a message "xxxxxx has joined the conversation!", and your Userid should appear in the User List on the right side along with any other connected users.

These programs in theory support non-Latin character sets (eg. Chinese/Arabic), but these have not been tested extensively.

The client and server also support IPv6, but these have experienced very limited testing due to the lack of a native IPv6 network.

Server Component

NOTE: The Cryptography routines will probably work on all versions of Windows, but the TCP/IP portion of the program will only work on dual stack systems that support both IPv4 and IPv6. This more or less restricts it to Windows Vista or later.

Back to Top


| Home Page


address