SimpleX - the most private and secure open-source chat and applications platform - now with double-ratchet E2E encryption.

SimpleX Chat is a terminal (command line) UI using SimpleXMQ message broker.

See SimpleX overview for more information on platform objectives and technical design.

v1.0.0 is released: read announcement here

curl -o- https://raw.githubusercontent.com/simplex-chat/simplex-chat/master/install.sh | bash

Once the chat client is installed, simply run simplex-chat from your terminal.

• Disclaimer
• Network topology
• Terminal chat features
• Installation
  • Download chat client
    • Linux and MacOS
    • Windows
  • Build from source
    • Using Docker
    • Using Haskell stack
• Usage
  • Running the chat client
  • How to use SimpleX chat
  • Groups
  • Sending files
  • User contact addresses
  • Access chat history
• Roadmap
• License

SimpleX Chat implements a new network topology for asynchronous communication combining the advantages and avoiding the disadvantages of federated and P2P networks.

SimpleXMQ security model had many improvements in v1.0.0; the implementation has not been audited yet.

We use SimpleX Chat all the time, but you may find some bugs. We would really appreciate if you use it and let us know anything that needs to be fixed or improved.

SimpleX is a client-server network that uses redundant, disposable nodes to asynchronously pass messages via message queues, providing receiver and sender anonymity.

Unlike P2P networks, all messages are passed through one or several (for redundancy) servers, that do not even need to have persistence (in fact, the current SMP server implementation uses in-memory message storage, persisting only the queue records) - it provides better metadata protection than P2P designs, as no global participant ID is required, and avoids many problems of P2P networks.

Unlike federated networks, the participating server nodes do not have records of the users, do not communicate with each other, do not store messages after they are delivered to the recipients, and there is no way to discover the full list of participating servers. SimpleX network avoids the problem of metadata visibility that federated networks have and better protects the network, as servers do not communicate with each other. Each server node provides unidirectional "dumb pipes" to the users, that do authorization without authentication, having no knowledge of the the users or their contacts. Each queue is assigned two Ed448 keys - one for receiver and one for sender - and each queue access is authorized with a signature created using a respective key's private counterpart.

The routing of messages relies on the knowledge of client devices how user contacts and groups map at any given moment of time to these disposable queues on server nodes.

• 1-to-1 chat with multiple people in the same terminal window.
• Group messaging.
• Sending files to contacts and groups.
• User contact addresses - establish connections via multiple-use contact links.
• Messages persisted in a local SQLite database.
• Auto-populated recipient name - just type your messages to reply to the sender once the connection is established.
• Demo SMP servers available and pre-configured in the app - or you can deploy your own server.
• No global identity or any names visible to the server(s), ensuring full privacy of your contacts and conversations.
• Two layers of E2E encryption (double-ratchet for duplex connections, using X3DH key agreement with ephemeral Curve448 keys, and NaCl crypto_box for SMP queues, using Curve25519 keys) and out-of-band passing of recipient keys (see How to use SimpleX chat).
• Message integrity validation (via including the digests of the previous messages).
• Authentication of each command/message by SMP servers with automatically generated Ed448 keys.
• TLS 1.3 transport encryption.
• Additional encryption of messages from SMP server to recipient to reduce traffic correlation.

Public keys involved in key exchange are not used as identity, they are randomly generated for each contact.

See Encryption Primitives Used for technical details.

To install or update simplex-chat, you should run the install script. To do that, use the following cURL or Wget command:

curl -o- https://raw.githubusercontent.com/simplex-chat/simplex-chat/master/install.sh | bash

wget -qO- https://raw.githubusercontent.com/simplex-chat/simplex-chat/master/install.sh | bash

Once the chat client downloads, you can run it with simplex-chat command in your terminal.

Alternatively, you can manually download the chat binary for your system from the latest stable release and make it executable as shown below.

chmod +x <binary>
mv <binary> ~/.local/bin/simplex-chat

(or any other preferred location on PATH).

On MacOS you also need to allow Gatekeeper to run it.

move <binary> %APPDATA%/local/bin/simplex-chat.exe

Please note: to build the app use source code from stable branch.

On Linux, you can build the chat executable using docker build with custom output:

$ git clone [email protected]:simplex-chat/simplex-chat.git
$ cd simplex-chat
$ git checkout stable
$ DOCKER_BUILDKIT=1 docker build --output ~/.local/bin .

Please note: If you encounter version `GLIBC_2.28' not found error, rebuild it with haskell:8.10.4-stretch base image (change it in your local Dockerfile).

Install Haskell stack:

curl -sSL https://get.haskellstack.org/ | sh

and build the project:

$ git clone [email protected]:simplex-chat/simplex-chat.git
$ cd simplex-chat
$ git checkout stable
$ stack install

To start the chat client, run simplex-chat from the terminal.

By default, app data directory is created in the home directory (~/.simplex, or %APPDATA%/simplex on Windows), and two SQLite database files simplex_v1_chat.db and simplex_v1_agent.db are initialized in it.

To specify a different file path prefix for the database files use -d command line option:

$ simplex-chat -d alice

Running above, for example, would create alice_v1_chat.db and alice_v1_agent.db database files in current directory.

Three default SMP servers are hosted on Linode - they are pre-configured in the app.

If you deployed your own SMP server(s) you can configure client via -s option:

$ simplex-chat -s smp://[email protected]

Base64url encoded string preceding the server address is the server's offline certificate fingerprint which is validated by client during TLS handshake.

You can still talk to people using default or any other server - it only affects the location of the message queue when you initiate the connection (and the reply queue can be on another server, as set by the other party's client).

Run simplex-chat -h to see all available options.

Once you have started the chat, you will be prompted to specify your "display name" and an optional "full name" to create a local chat profile. Your display name is an alias for your contacts to refer to you by - it is not unique and does not serve as a global identity. If some of your contacts chose the same display name, the chat client adds a numeric suffix to their local display name.

The diagram below shows how to connect and message a contact:

Once you've set up your local profile, enter /c (for /connect) to create a new connection and generate an invitation. Send this invitation to your contact via any other channel.

You are able to create multiple invitations by entering /connect multiple times and sending these invitations to the corresponding contacts you'd like to connect with.

The invitation can only be used once and even if this is intercepted, the attacker would not be able to use it to send you the messages via this queue once your contact confirms that the connection is established. See agent protocol for explanation of invitation format.

The contact who received the invitation should enter /c <invitation> to accept the connection. This establishes the connection, and both parties are notified.

They would then use @<name> <message> commands to send messages. You may also just start typing a message to send it to the contact that was the last.

Use /help in chat to see the list of available commands.

To create a group use /g <group>, then add contacts to it with /a <group> <name>. You can then send messages to the group by entering #<group> <message>. Use /help groups for other commands.

Please note: the groups are not stored on any server, they are maintained as a list of members in the app database to whom the messages will be sent.

You can send a file to your contact with /f @<contact> <file_path> - the recipient will have to accept it before it is sent. Use /help files for other commands.

You can send files to a group with /f #<group> <file_path>.

As an alternative to one-time invitation links, you can create a long-term address with /ad (for /address). The created address can then be shared via any channel, and used by other users as a link to make a contact request with /c <user_contact_address>.

You can accept or reject incoming requests with /ac <name> and /rc <name> commands.

User address is "long-term" in a sense that it is a multiple-use connection link - it can be used until it is deleted by the user, in which case all established connections would still remain active (unlike how it works with email, when changing the address results in people not being able to message you).

Use /help address for other commands.

SimpleX chat stores all your contacts and conversations in a local SQLite database, making it private and portable by design, owned and controlled by user.

You can view and search your chat history by querying your database. Run the below script to create message views in your database.

curl -o- https://raw.githubusercontent.com/simplex-chat/simplex-chat/master/message_views.sql | sqlite3 ~/.simplex/simplex_v1_chat.db

Open SQLite Command Line Shell:

sqlite3 ~/.simplex/simplex_v1_chat.db

See Message queries for examples.

Please note: SQLite foreign key constraints are disabled by default, and must be enabled separately for each database connection. The latter can be achieved by running PRAGMA foreign_keys = ON; command on an open database connection. By running data altering queries without enabling foreign keys prior to that, you may risk putting your database in an inconsistent state.

Convenience queries

Get all messages from today (chat_dt is in UTC):

select * from all_messages_plain where date(chat_dt) > date('now', '-1 day') order by chat_dt;

Get overnight messages in the morning:

select * from all_messages_plain where chat_dt > datetime('now', '-15 hours') order by chat_dt;

1. Mobile and desktop apps (in progress).
2. SMP protocol improvements:
   • SMP queue redundancy and rotation.
   • Message delivery confirmation.
   • Support multiple devices.
3. Privacy-preserving identity server for optional DNS-based contact/group addresses to simplify connection and discovery, but not used to deliver messages:
   • keep all your contacts and groups even if you lose the domain.
   • the server doesn't have information about your contacts and groups.
4. Media server to optimize sending large files to groups.
5. Channels server for large groups and broadcast channels.

AGPL v3