Establishing a hidden, encrypted communication channel over Freenet

Freenet provides the primitives needed to establish confidential communication, but it isn’t always widely known how to do that.

This article provides the concepts to use. For practical implementation see the Freenet Communication Primitives Part 1: Files and Sites and Part 2: Discovery.

PDF (drucken)

Step 1: Public Knowledge

  • Alice and Bob each advertise an encryption key: AE and BE.
  • Alice advertises a KSK Queue: AK1.

Step 2: Bob’s keys

  • Bob uses AE to encrypt a USK BU1 and a KSK BK1.
  • Bob inserts BU1 and BK1 to the KSK AK1.
  • Alice decrypts what she gets on the KSK Queue AK1.
  • Alice now knows the USK BU1 and the KSK BK1.

Step 3: Alice’s keys

  • Alice uses BE to encrypt a USK AU1.
  • Alice writes the encrypted USK link AU1 to Bobs KSK BK1.
  • Bob decrypts what he gets from BK1.
  • Bob now knows the USK AU1 and Bob knows that the USK AU1 is from Alice (because Alice controls AE, otherwise Alice would not have known the KSK BK1).

Step 4: Verify Bob’s side of the channel

  • Alice now writes a long random number RN to AU1.
  • Bob repeats the random number RN on BU1.
  • Alice now knows that Bob knows AU1 (because Bob controls BE, otherwise Bob could not have read the random number from AU1).


Now Bob and Alice are the only ones who know AU1 and BU1.

IFF the keys AE and BE were correct, then Bob and Alice are connected and an outside observer can only see that someone tried to establish a channel to Alice, but cannot see whether or how the channel was used.

Alice and Bob now have a confidential channel: Alice writes her messages for Bob to AU1 and Bob writes his messages for Alice to BU1.

Date: 2021-01-05 Di 00:00

Author: ArneBab