Help

Creating an Account

Creating an account can be accomplished from the Cryptocat client's login screen, by clicking the Create Account button.
You can also change your account password by clicking on Account > Change Password in the Cryptocat menu bar.


Adding and Removing Devices

When you first log into your Cryptocat account from a new device, you will be required to set up this device and link it to your account. Note that doing so will generate and store sensitive encryption keys on your device; see Managing Devices Safely for more information on managing this sensitive data.

Once you add a new device, you will not be able to change its name and icon in the future. To view your devices at any time, simply open the Account menu and click on Manage Devices, or press Alt+D. In the Device Manager, you will also be able to remove devices attached to your Cryptocat account. There are two things that can happen when you remove a device:


Setting or Changing Your Avatar

Cryptocat comes with thirty-eight different animal avatars to help you express your individuality and give your account a personal touch! Will you be a proud lion? A mysterious owl? An adorable puppy? What about your buddies? Avatars are a fun way to give your chat windows something unique.

When you log into Cryptocat for the first time, you will be asked to choose an avatar. If you wish to change your avatar later, you can do so by opening the Set Avatar settings window:


Verifying your Buddy's Fingerprints

In order to obtain increased confidence in the authenticity of your buddy's devices, you can verify their fingerprints. A fingerprint is a special value that identifies a particular device. It looks something like this: 99:37:8c:a1:32:05:c5:97:ac:f9:32:d4:18:1e:3e:df.

For example, you may view Bob's devices by right clicking him in your buddy list and selecting View Devices. You may then see that your buddy Bob has a device called "Bob's laptop". But how do you know that this is indeed Bob's laptop, and not some fake device added by a thief? Here is how: you can call Bob on the phone or meet him in real life, and ask him to read you his fingerprints for his devices. If they match the ones you see in your View Devices screen, then you have successfully authenticated Bob's devices. From now on, when you message Bob, you can be assured that your messages are indeed being received by the devices that Bob is claiming are linked to his account.

When any of your buddies adds a new device, Cryptocat will inform you of this. You are encouraged to verify devices with your buddies. It's something you will only need to do once per device and it helps protect your chats against impersonation.

After verifying devices, you can mark them as trusted. You can also choose to only send messages to devices you have marked as trusted. When receiving messages, Cryptocat will always show you which device your buddy used to send that message.


Managing Devices Safely

When you link a new device to your Cryptocat account, Cryptocat will generate sensitive encryption keys and store them on your new device. It is important to note that this sensitive information is not protected in any additional way and that a thief with enough access over your device could obtain this information.

Aside from non-sensitive information such as your notification settings, your device information contains the following sensitive details: Your device information is stored in:

Why isn't device information encrypted?

It is unclear what solid benefits would be given if the Cryptocat client itself encrypted your device information, and having users set a different, per-device password in addition to that of their Cryptocat account can quickly become infeasible in terms of usability for the vast majority of users. Encrypting device information might provide more security, but we deem this extra security to be superficial: all an adversary with code execution capability has to do is wait for you to log into Cryptocat and load your decrypted device information into memory before striking. As such, we do not believe this to be a genuine solution that is worth the price of making regular users remember many passwords for a single account.

Essentially, if you can't trust your device, there's nothing substantial that Cryptocat can do to help you in the first place.

What can I do to increase protection of my device information?

Use full-disk encryption. Under Windows, you can enable device encryption. On Linux, you can use LUKS, dm-crypt or eCryptfs. On Mac, you can use FileVault. This would ensure that all files on your computer are more protected. Your Cryptocat device information will be more difficult to recover so long as your device is turned off when stolen.


Adding New Buddies

Before you can chat with a friend on Cryptocat, you must first send them a buddy request, or accept a buddy request that they send you. This confirms that you both wish to communicate with each other, and adds each of you to the other user's buddy list, where they can see if you are online. In order to send a buddy request:

Remember that your buddy will need to accept your request before you can chat with each other.


Sending and Receiving Messages

Simply click on a buddy in your buddy list to open a chat window, from where you can send them a message, a file, an audio/video recording or even a cute cat sticker. The colored square next to your buddy indicates their current ability to receive and send messages:

When you send a message, your message will be half-transparent and fade into fully opaque once it's actually sent to the server. Messages that remain transparent or turn red may have not been sent.


Enabling or Disabling Sounds and Notifications

By default, desktop notifications and notification sounds are enabled in Cryptocat, in order to minimize the chance of you missing an important message. Some users may find these settings bothersome and wish to disable them. Here is how you may do so:


Increase or Decrease Chat Font Size

By default, Cryptocat uses a comfortable font size for chats that is meant to accomodate most computer displays. However, you may also adjust the font size on a per-chat-window basis by opening the View menu in your chat window, or by using the following keyboard shortcuts:


Let Buddies See When You Are Typing

By default, Cryptocat will allow your buddies to see when you are typing a message to them by showing an indicator in the chat window. We recommend you leave this option enabled as it leads to a more fluid chatting experience. However, if you are concerned for your privacy, you may disallow your client from notifying your chat buddy when you are typing a message:


Sending a File

Sending a file to a buddy over Cryptocat is easy, and only you and your buddy will be able to access any files sent, thanks to Cryptocat's strong encryption. Simply open a chat with your desired buddy. Then either drag and drop the file into the chat window, or click the file icon at the right of your chat window, or press Alt+F.

If you get an error saying that your file type is unsupported, that's okay: simply add your file to a .zip archive first and try again. If your buddy is offline, that's okay too: so long as they log back in within the next thirty days, they will still be able to receive and download your file.

Please note that Cryptocat currently imposes a file size limit of 200MB per file.


Sending an Audio/Video Recording

Sending an audio/video message can be a quick way to connect with a buddy. Cryptocat allows you to record minute-long video messages from your webcam and send them, encrypted, to your buddy, for immediate live viewing. You can also send recordings to offline buddies and they will receive them so long as they come back online within the next thirty days.

To begin a recording, simply open a chat with your buddy and click on the red circle icon in your chat toolbar (or press Alt+R). After a brief countdown, your recording will begin. To send your recording, simply click on the blue checkmark. To cancel your recording, click on the red X icon or press Alt+R again.

Please note that your recordings must not exceed 60 seconds in length.


Verifying Cryptocat Downloads

All Cryptocat clients are signed so that you can verify their authenticity. This means that when you download a Cryptocat client, you can check if it indeed came came from Cryptocat's developer. This helps prevent bad guys from tricking you into downloading a counterfeit client.

Note regarding updates: If you download a Cryptocat update using the client's built-in update downloader, a signature check will be performed automatically. You may however perform additional checks with the steps described below.

Verifying Cryptocat for Windows

Right click on Setup.exe and select Properties. In the properties window, click on Digital Signatures. There should be a signature whose details should match the following:

Verifying Cryptocat for Linux

Since Linux comes with no built-in standard for code signatures (aside from package managers, which are distribution-specific), each Cryptocat for Linux release comes with a PGP signature that can be verified using gpg. First, import the Cryptocat for Linux verification key (using gpg --import):

-----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBFepdcQBDADbr7gaP1iBtTM+1GP1DjnRqmMO3IORmwSb2BjTqA7SDmnv+JQf KUFxtIoXqftatXy40WOhRJoh8SN4K6ZRPUCu+Eqi6vMwVBwNQuYRT/2zAqBbpnXH 3pnimfgm2LuyNqhwM0F1SCE+NPI0r7Nb06CxXw33naNxu4jG9WxSJlJcvwnGUOEb dm1OKrudk1fkLwOEGGj/e1JVDnNYbAKSobsgyZ/+wv1PiF8fzM3u6jEIB//WBRn4 gTJ2DRIj/3zWq9A/UaHxGtetny2EE7ku5YcS/JrfGLeLfJXPYfLhIsNAdjxuJ2gb 6aEJaOSVx761KGgVRyOPtOHHglydMmy4h9JrR05iU52/Fa2zXMJpGTSdGpu/B+In u6f/hJ+FUCR80+eBED+aycDi/UbHhfhFZTh+LTBnCBzd9cxZOyh/sCdLyKqL5FXL lOsXvPgAgcPA5XRNsT7vFeTGdYJi+jGwaFdO6KgLVgPJknNQNuMaqB3QjpXf5PAy npvma6CmdvHjFeUAEQEAAbQlTmFkaW0gS29iZWlzc2kgPG5hZGltQG5hZGltLmNv bXB1dGVyPokBuAQTAQIAIgUCV6l1xAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC F4AACgkQqyZst2CRsfjmUAwAn20/A0uoIX1b0K3xS9K1iZrYPUFD5DTOGVu9DM/m M1cjp0ONc9yAVFCU+mrDC1iYas8crXZcXgTI7t/Ka9IxvaKj6wms24Qq82A6nKoy d01ruVUoW3oHN+T8wAA9s6y+KipUwvW/OEXTtPaneDfHqd0o7I8q4eb2EsQAYIrG mUTpjtdLeyUrtQ49duFi5B3O07JzvlD8Bn9lS+spGzFrB0me2400OWJruSlFs5l7 VTG2RweYKHnUJwyuxJ7sZBt2eSGcylDXHFOBpp64s9A800eXR2q78IdXyrwn1Lac +EFIvtaRsonm1jR7xioG6Xg0WENIxrA8ssg68gGFsarQ7UMa2mmwhsmeP9t3QNMW vUOnpuNTjMDjML/ahuH16lX/9xOdi4/G7wmyzQKeH0lm3kYRZ0L0RKFwCaIjJe/U NkhuReGnhKld6ouK40Z5o2fyFto7zFj8q7QE34YvpD8zVOP7+mlB3kXUW8NfEF4L AKZqJfzRBrHqm9PBUieKocfZuQGNBFepdcQBDADFIVMX+GInGiZgiAJOtoPxS5Ir jyR3DzfV5o8/KH7CfUoM4v3KvALDMJzUa2/Mr6SjuKSr8uEVTePH86eLZ2VB+nTi nXsv5TmYrM//w00xG9JaVeFjuma64l1DsHQzp9uW8W8yJIbweCkRV035qaEQbCgR GEwHBtA1Wp26cqn5cmvjDsyYQnSNpS7MMCZmDDvfIsBZBILafmUGIQ3s0w00rAB9 E93cporjcYwTxNB4s8CWsAxD3nFFtBnnWbifrgbiTuTi8qZYiOLhOm3eeMkDQg0a OAIVJZAsMVcEgINfc5jn6D3u8xrMxRr3iHGCjdgFEjWgb78Qi/5lQ7TrjSFvp1Yp gxaEtP5bZU0DfCFKmsSm+zgtbKMYsG6gapEUQv0Dow7+/mzjcd+KESOWUQAFvNov alInV+OWXxlT3DYw2Vu4L0KTp7hBP9l8i1qUi9GNh1u358AGxWTDa+f3Kg4Wnkh0 6gwOGUOecbAV7QPNh0lyRtuk3utEgHrXvwTJWgcAEQEAAYkBnwQYAQIACQUCV6l1 xAIbDAAKCRCrJmy3YJGx+EpODADRqbr5MIhVdZysfJTuZ2ETiyHsxmbu9PaT8Os9 Tb/Sw4FvxIWdKitxjMT8Cz/T+saV2f7oa7xm6JASCTWmuFW0i2joFm15ypkOXau4 db/xBwuQUIyCmzX7OQ58/HBf86p0Fl6FhKJJWYFvS6Fbs0gS2zv7yuKXW1K8U6vx Gpbd+UoGNQt2PZml/TUFgy329sOkM47pjDQvXOkqbKYczyFQz4GsOjioTyPAS3MX U77ju9x/4vnwYyd3tbDb3u3N33o9riAZpdD9XKbXEPxUUN3N/ObglaoH5CmHuGxe eXhHvgPAjC8RBOVkd8n9sxd9IF7DAGgA1YsQIAn8UWSXptYjHy0MkJH8QqOA6Mgl LD5JC19UfFlqiRKW8HkqFGwj/tllq49Ltkw4PpDdti5AJcEnC48VBpEIbXfD1VuR 62kYBB7Su85ZjEx8KGKk4MiEneYAPraKeCXLik8Hwv6ohsi4zK3wyuvYrWCvb1Ps zEHP15A+XLNRDak9EMiP+TFZnAQ= =RDew -----END PGP PUBLIC KEY BLOCK-----

After unzipping your download, you can verify its authenticity by running gpg --verify Cryptocat.zip.asc Cryptocat.AppImage in your command line. This should give you a result resembling the following: gpg: Signature made Sat 20 Aug 2016 10:02:50 PM DST using RSA key ID 6091B1F8 gpg: Good signature from "Nadim Kobeissi <nadim@nadim.computer>" [ultimate]

The fingerprint for the above PGP key is: FA21 CD53 6312 FADF 9B5D D804 AB26 6CB7 6091 B1F8

Verifying Cryptocat for Mac

After opening Cryptocat.pkg, look for the padlock icon at the top right of the installer window. The information within the displayed certificate must match the following:

You may also verify the installer without first opening it by using this command: pkgutil --check-signature Cryptocat.pkg.


Deleting Your Account

While deleting your Cryptocat account is simple, please make sure you understand the implications:

In order to delete your Cryptocat account, open the Account menu, navigate to the Settings submenu and click on Delete Account.

Follow Cryptocat on Twitter
English - Français - Català
"Cryptocat" and the Cryptocat logo are registered trademarks.
Copyright © 2018 Nadim Kobeissi, all rights reserved.