- Creating an Account
- Adding and Removing Devices
- Setting or Changing Your Avatar
- Verifying your Buddy's Fingerprints
- Managing Devices Safely
- Adding New Buddies
- Sending and Receiving Messages
- Enabling or Disabling Sounds and Notifications
- Increase or Decrease Chat Font Size
- Let Buddies See When You Are Typing
- Sending a File
- Sending an Audio/Video Recording
- Verifying Cryptocat Downloads
- Deleting Your Account
Creating an Account
Creating an account can be accomplished from the Cryptocat client's login screen, by clicking the Create Account button.
You can also change your account password by clicking on Account > Change Password in the Cryptocat menu bar.
Adding and Removing Devices
When you first log into your Cryptocat account from a new device, you will be required to set up this device and link it to your account. Note that doing so will generate and store sensitive encryption keys on your device; see Managing Devices Safely for more information on managing this sensitive data.
Once you add a new device, you will not be able to change its name and icon in the future. To view your devices at any time, simply open the Account menu and click on Manage Devices, or press Alt+D. In the Device Manager, you will also be able to remove devices attached to your Cryptocat account. There are two things that can happen when you remove a device:
- If you remove the device you are currently logged in from: You will be logged out and your sensitive device information will be deleted on this device.
- If you remove another device from the one you are currently using: The device will be unlinked from your account, but sensitive identity information will remain on it. If you like, you can remove this data by manually deleting it on the device.
Setting or Changing Your Avatar
Cryptocat comes with thirty-eight different animal avatars to help you express your individuality and give your account a personal touch! Will you be a proud lion? A mysterious owl? An adorable puppy? What about your buddies? Avatars are a fun way to give your chat windows something unique.
When you log into Cryptocat for the first time, you will be asked to choose an avatar. If you wish to change your avatar later, you can do so by opening the Set Avatar settings window:
- Windows and Linux: Right click on the Cryptocat icon in your system notification area and open the Settings sub-menu. Then click on Set Avatar.
- Mac: Right click on the Cryptocat icon in your dock and open the Settings sub-menu. Then click on Set Avatar.
Verifying your Buddy's Fingerprints
In order to obtain increased confidence in the authenticity of your buddy's devices, you can verify their fingerprints. A fingerprint is a special value that identifies a particular device. It looks something like this: 99:37:8c:a1:32:05:c5:97:ac:f9:32:d4:18:1e:3e:df.
For example, you may view Bob's devices by right clicking him in your buddy list and selecting View Devices. You may then see that your buddy Bob has a device called "Bob's laptop". But how do you know that this is indeed Bob's laptop, and not some fake device added by a thief? Here is how: you can call Bob on the phone or meet him in real life, and ask him to read you his fingerprints for his devices. If they match the ones you see in your View Devices screen, then you have successfully authenticated Bob's devices. From now on, when you message Bob, you can be assured that your messages are indeed being received by the devices that Bob is claiming are linked to his account.
When any of your buddies adds a new device, Cryptocat will inform you of this. You are encouraged to verify devices with your buddies. It's something you will only need to do once per device and it helps protect your chats against impersonation.
After verifying devices, you can mark them as trusted. You can also choose to only send messages to devices you have marked as trusted. When receiving messages, Cryptocat will always show you which device your buddy used to send that message.
Managing Devices Safely
When you link a new device to your Cryptocat account, Cryptocat will generate sensitive encryption keys and store them on your new device. It is important to note that this sensitive information is not protected in any additional way and that a thief with enough access over your device could obtain this information.Aside from non-sensitive information such as your notification settings, your device information contains the following sensitive details:
- Your identity keys: A thief with access to those keys could impersonate this device in the future, but will not be able to decrypt your past Cryptocat conversations, thanks to Cryptocat's forward secrecy feature.
- Your username: A thief will be able to learn your Cryptocat username.
- Your buddy list: A thief will be able to learn the contents of your Cryptocat buddy list.
- Windows: C:\Users\(Your Username)\AppData\Roaming\Cryptocat\users.db
- Linux: ~/.config/Cryptocat/users.db
- Mac: ~/.config/Cryptocat/users.db
Why isn't device information encrypted?
It is unclear what solid benefits would be given if the Cryptocat client itself encrypted your device information, and having users set a different, per-device password in addition to that of their Cryptocat account can quickly become infeasible in terms of usability for the vast majority of users. Encrypting device information might provide more security, but we deem this extra security to be superficial: all an adversary with code execution capability has to do is wait for you to log into Cryptocat and load your decrypted device information into memory before striking. As such, we do not believe this to be a genuine solution that is worth the price of making regular users remember many passwords for a single account.
Essentially, if you can't trust your device, there's nothing substantial that Cryptocat can do to help you in the first place.
What can I do to increase protection of my device information?
Use full-disk encryption. Under Windows, you can enable device encryption. On Linux, you can use LUKS, dm-crypt or eCryptfs. On Mac, you can use FileVault. This would ensure that all files on your computer are more protected. Your Cryptocat device information will be more difficult to recover so long as your device is turned off when stolen.
Adding New Buddies
Before you can chat with a friend on Cryptocat, you must first send them a buddy request, or accept a buddy request that they send you. This confirms that you both wish to communicate with each other, and adds each of you to the other user's buddy list, where they can see if you are online. In order to send a buddy request:
- Windows and Linux: Either right click on the Cryptocat icon in your system tray and select Add Buddy, or open the Account menu from your buddy list window and select Add Buddy. You can also use the Alt+A keyboard shortcut from the buddy list window.
- Mac: Either right click on the Cryptocat icon in your dock and select Add Buddy, or open the Account menu and select Add Buddy. You can also use the Alt+A keyboard shortcut from the buddy list window.
Remember that your buddy will need to accept your request before you can chat with each other.
Sending and Receiving Messages
Simply click on a buddy in your buddy list to open a chat window, from where you can send them a message, a file, an audio/video recording or even a cute cat sticker. The colored square next to your buddy indicates their current ability to receive and send messages:
- Green: Your buddy is online and will likely immediately receive your message and will be able to respond.
- Orange: Your buddy is offline but messages you send now will be automatically delivered to them the next time they log into Cryptocat.
- Red: Your buddy is offline and currently cannot receive messages. This can be due to problems with their linked devices or a caching issue on the Cryptocat network. Ask your buddy to log into Cryptocat again to automatically refresh their device list.
When you send a message, your message will be half-transparent and fade into fully opaque once it's actually sent to the server. Messages that remain transparent or turn red may have not been sent.
Enabling or Disabling Sounds and Notifications
By default, desktop notifications and notification sounds are enabled in Cryptocat, in order to minimize the chance of you missing an important message. Some users may find these settings bothersome and wish to disable them. Here is how you may do so:
- Windows and Linux: Right click on the Cryptocat icon in your system notification area and open the Settings sub-menu. You may then uncheck the Sounds and Notifications settings.
- Mac: Right click on the Cryptocat icon in your dock and open the Settings sub-menu. You may then uncheck the Sounds and Notifications settings.
Increase or Decrease Chat Font Size
By default, Cryptocat uses a comfortable font size for chats that is meant to accomodate most computer displays. However, you may also adjust the font size on a per-chat-window basis by opening the View menu in your chat window, or by using the following keyboard shortcuts:
- Windows and Linux: Use Ctrl++ and Ctrl+- to increase or decrease font size, and Ctrl+0 to reset font size.
- Mac: Use ⌘++ and ⌘+- to increase or decrease font size, and ⌘+0 to reset font size.
Let Buddies See When You Are Typing
By default, Cryptocat will allow your buddies to see when you are typing a message to them by showing an indicator in the chat window. We recommend you leave this option enabled as it leads to a more fluid chatting experience. However, if you are concerned for your privacy, you may disallow your client from notifying your chat buddy when you are typing a message:
- Windows and Linux: Right click on the Cryptocat icon in your system notification area and open the Settings sub-menu. You may then check or uncheck the Send Typing Indicator setting.
- Mac: Right click on the Cryptocat icon in your dock and open the Settings sub-menu. You may then check or uncheck the Send Typing Indicator setting.
Sending a File
Sending a file to a buddy over Cryptocat is easy, and only you and your buddy will be able to access any files sent, thanks to Cryptocat's strong encryption. Simply open a chat with your desired buddy. Then either drag and drop the file into the chat window, or click the file icon at the right of your chat window, or press Alt+F.
If you get an error saying that your file type is unsupported, that's okay: simply add your file to a .zip archive first and try again. If your buddy is offline, that's okay too: so long as they log back in within the next thirty days, they will still be able to receive and download your file.
Please note that Cryptocat currently imposes a file size limit of 200MB per file.
Sending an Audio/Video Recording
Sending an audio/video message can be a quick way to connect with a buddy. Cryptocat allows you to record minute-long video messages from your webcam and send them, encrypted, to your buddy, for immediate live viewing. You can also send recordings to offline buddies and they will receive them so long as they come back online within the next thirty days.
To begin a recording, simply open a chat with your buddy and click on the red circle icon in your chat toolbar (or press Alt+R). After a brief countdown, your recording will begin. To send your recording, simply click on the blue checkmark. To cancel your recording, click on the red X icon or press Alt+R again.
Please note that your recordings must not exceed 60 seconds in length.
Verifying Cryptocat Downloads
All Cryptocat clients are signed so that you can verify their authenticity. This means that when you download a Cryptocat client, you can check if it indeed came came from Cryptocat's developer. This helps prevent bad guys from tricking you into downloading a counterfeit client.
Note regarding updates: If you download a Cryptocat update using the client's built-in update downloader, a signature check will be performed automatically. You may however perform additional checks with the steps described below.
Verifying Cryptocat for Windows
Right click on Setup.exe and select Properties. In the properties window, click on Digital Signatures. There should be a signature whose details should match the following:
- Name: Open Source Developer, Nadim Kobeissi
- Thumbprint: 17 2b 46 56 59 d0 d2 a2 45 c8 d0 fb 70 ce e3 81 76 2e 21 a5
Verifying Cryptocat for Linux
Since Linux comes with no built-in standard for code signatures (aside from package managers, which are distribution-specific), each Cryptocat for Linux release comes with a PGP signature that can be verified using gpg. First, import the Cryptocat for Linux verification key (using gpg --import):
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
After unzipping your download, you can verify its authenticity by running gpg --verify Cryptocat.zip.asc Cryptocat.AppImage in your command line. This should give you a result resembling the following:
gpg: Signature made Sat 20 Aug 2016 10:02:50 PM DST using RSA key ID 6091B1F8
gpg: Good signature from "Nadim Kobeissi <email@example.com>" [ultimate]
The fingerprint for the above PGP key is:
FA21 CD53 6312 FADF 9B5D D804 AB26 6CB7 6091 B1F8
Verifying Cryptocat for Mac
After opening Cryptocat.pkg, look for the padlock icon at the top right of the installer window. The information within the displayed certificate must match the following:
- Name: Developer ID Installer: Nadim Kobeissi (HC689Z8JM4)
- Issued By: Developer ID Certification Authority
- Organization: Apple Inc.
- Fingerprint (SHA1): B2 0C 50 33 E1 AC BE C1 94 D2 2C A7 DD 7E CC 1C A1 8B 1E 05
You may also verify the installer without first opening it by using this command: pkgutil --check-signature Cryptocat.pkg.
Deleting Your Account
While deleting your Cryptocat account is simple, please make sure you understand the implications:
- Your device keys will not be automatically deleted. We recommend you first manually remove your device keys on every device before deleting your account.
- Your username will immediately become available again for others to register in the future.
- Your buddy list and other user information will be deleted forever and cannot be recovered.
In order to delete your Cryptocat account, open the Account menu, navigate to the Settings submenu and click on Delete Account.