Client Installation Guide

There's the easy way and there's the normal way. If your chat partner who set up the server was nice enough, they might have done all the hard work for you and you can follow the easy method, otherwise just follow the normal process.

Easy setup

Your chat partner should have set up the following for you:

  • Installed a copy of Firefox Portable on a USB drive and secured it
  • Copied the client files and your one-time pads to a directory on the USB drive.

If these steps have been done then all you need to do is run the Firefox application and open the index.html which will open Jericho Comms inside the browser. From there you can load the one-time pads from the text file into the application and start chatting. The Usage guide has more information if you need it. Remember to erase the text file containing the one-time pads after you have loaded them into the program. The program will automatically erase the corresponding one-time pad after each message has been sent and received.

Normal setup

  • Install prerequisite software first which is the latest version of Firefox, Chromium or Brave. One of these browsers are needed as most other browsers do not have native support for some of the HTML5 technologies this program uses. The other advantage is they are open source. Do not use the closed source Google Chrome, Opera or Internet Explorer. You cannot trusted closed source software in today's world given the recent NSA leaks.
  • Follow the steps listed for setting up a new browser profile and securing the profile.
  • If using TLS, you should have a copy of the server's self-signed TLS certificate file. Follow these steps to install it into the browser. Alternatively you can verify the certificate's SHA2-256 hashes in the browser when you attempt to connect to the server address. The person who generated the certificate on the server should be able to tell you the correct hashes.
  • Download the files from one of the mirrors listed on the download page.
  • Verify the file hashes and signature from the download page. It is absolutely critical to verify the downloaded file with one of the hashes or signatures. This is to prevent the NSA or other 3 letter agencies from modifying the source code which could weaken/break the encryption and then distributing those copies around the internet pretending to be the real thing. You can verify the hashes with standalone tools for Windows or basic Linux console commands.
  • Extract the files from the archive to your desired location. Windows users can use the free 7-Zip program for this. Linux users can run the following command to extract the files to the current directory which you can then copy to wherever you want:
    tar -zxvf jericho-v1.5.2.tar.gz

    Or alternatively use this to extract to a pre-existing directory of your choice:
    tar -zxvf jericho-v1.5.2.tar.gz -C /path/to/directory
  • Open the client directory then open index.html in your web browser (Firefox or Chromium). You can continue with the How to use guide from now on.

Extra precautions

  • Ideally you should create a TrueCrypt container (using all 3 encryption algorithms) and extract the files directly into there first if you are intending on running the client locally on the machine. This slows down the process of recovering the pads from the hard drive by forensic analysis.
  • Also a portable copy of Firefox or Chrome should be put inside the container and the client program run from inside there. This means that the SQLite database used by the browser which stores the one-time pads is always encrypted.
  • Use a MicroSD, SD card or USB memory stick and put the Truecrypt volume containing the client files and portable browser on it. This means you can hide or destroy the memory/device easily in an emergency. It also means you can chat from any computer, so you could take it to work or other places.