Social networking the FOSS way

The Email Upgrade

© Lead Image © nasirkhan,

© Lead Image © nasirkhan,

Article from Issue 196/2017

Forget email: Bitmessage harnesses the power of public key cryptography to create a decentralized, trustless P2P communications protocol. Messages are virtually impossible to spoof or tap.

Users of the pseudonymous cryptocurrency Bitcoin will know that its strength lies in a blockchain – a decentralized ledger of transactions shared across thousands of computers. Since transactions are confirmed several times, it is highly unfeasible for anyone to forge an entry in the blockchain to give themselves a digital wagonload of Bitcoins. Nor is it very easy to steal coins from another user's digital wallet without their digital private key [1].

Like Bitcoin, Bitmessage uses a decentralized peer-to-peer (P2P) protocol. Instead of using a blockchain to record transactions, however, Bitmessage uses complex mathematics to validate and encrypt messages. In simplest terms Bitmessage works as a vast e-mail server, albeit one that is not controlled from any one central point [2].

Developer Jonathan Warren's official whitepaper on Bitmessage [3] goes into considerable detail on how this is achieved. As an average Linux user, it's sufficient to know that each user is assigned a virtual "address" (e.g., BM-2cSpVFB6cDxLLGUeLRy3pZTwYsujmpRzP7) that can be used to send and receive messages. Bitmessage users can have one or a number of these addresses (Figure 1).

Figure 1: PyBitmessage, the official Bitmessage client in action. Users can exchange messages, as well as subscribe to news lists (Subscriptions) and discussion channels (Chans).

As with Bitcoin, which works on the basis of "wallet addresses" to receive money, you only need to provide one of your Bitmessage addresses to a fellow user to communicate. This address is in fact a hash of a public key, and as such, it's much harder for a scammer to assume your identity by sending an email supposedly from your address.

Messages are transferred over a P2P network through users running the Bitmessage client PyBitmessage. The client's name is often shortened to just Bitmessage but is mentioned here to distinguish it from the Bitmessage protocol itself.

To prevent the network from being overrun by selfish users and spammers, a proof-of work must be completed for each message proportionate to its size. Just as Bitcoin users have access to all transactions, all Bitmessage users have access to all messages through their clients. However, they can only decrypt messages that have been sent to their own address.

Installing PyBitmessage

If terms like "partial hash collision" and "decentralized" fail to excite you, rest assured an in-depth knowledge of the protocol is not required to download and make use of Bitmessage's client.

Linux users can easily clone the Pybitmessage source code and run it in Python by following the instructions on the Bitmessage wiki [4]. You most likely will have the necessary prerequisites installed already on your system, such as python and openssl.

Once the software is downloaded, simply run the Python script with:


A pop-up appears explaining that PyBitmessage won't connect to anyone until you allow it. If you're happy to go ahead, click OK to continue. If you connect via a proxy or Tor, check Let me configure special network settings first before proceeding. (See the "Bitmessage+Tor" section for specific steps for connecting via Tor).

On the first run, PyBitmessage will generate a keys.dat file. By default, this is stored in your ~/.config/PyBitmessage directory. Make sure to keep backups of this file or use deterministic addresses (Figure 2).

Figure 2: When creating deterministic addresses, note the Address Version number and the Stream number, as you'll need these if you have to regenerate them in the future.

The Bitmessage Identity

Click the New Identity button at the bottom left of the PyBitmessage window to open the wizard to generate new addresses. These can be used both to send and receive messages. The key to Bitmessage's security lies here.

Users of Bitcoin will be familiar with the concept of generating new wallet addresses after each transaction to make payments harder to trace. The concept is similar to Bitmessage addresses. Creating and abandoning addresses is encouraged because it makes it much more difficult for an adversary to read your communications if they don't know from where they originate.

The only downside to this is that you will need a secure way to exchange your new Bitmessage address with all your contacts each time you generate them. This isn't very burdensome when you consider that you can make as many addresses as you like.

You can generate addresses either by generating random numbers or by using a passphrase. Take the time to read through this window (Figure 2) carefully about the pros and cons of such an approach. The advantage of using deterministic addresses (i.e., those protected by a passphrase) is that if anything happens to your machine, you can recreate your addresses and retrieve all messages. This is done by going to File | Regenerate deterministic addresses.

If you do decide to use a deterministic address, make sure to choose a strong passphrase. For extra security, use a string of random words generated by Diceware [5]. Store these safely on paper or in your password manager.

If this sounds like too much trouble, have the system generate an address automatically for you using random numbers. Make sure to keep your keys.dat file safe because, if it's lost or copied, your messages will be compromised.

Click OK when done to generate your addresses. By default, you will be assigned eight addresses, but you can change this as you see fit.

Ideally, have a friend go through the process separately on their machine at the same time as you, so you can send your first message.

Your First Bitmessage

The main PyBitmessage window will now appear with a number of addresses in the left-hand pane. The All accounts section aggregates all messages sent and received to all addresses. Below will be the unused addresses you generated earlier.

If you generated deterministic addresses, each will be listed as an unused deterministic address. If you generated random addresses, the Bitmessage address will display. Double-click on the name of one of these to give it a more human-readable name, such as Jane – Work. Click to highlight your name, and press Ctrl+C to copy your Bitmessage address to the clipboard.

If you want to set an avatar for your address, right-click on your name and choose Set avatar. From this menu, you can also disable an address, as well as set up an email gateway (see the "Email Integration" section).

Exchange your new Bitmessage address with your contacts and then click on the Send tab. Click Add Contact at the bottom left to add your friends. The Label field is used to provide a human-readable name (e.g., Joe), and the Address field holds the Bitmessage address.

Once your friend's address appears in the left-hand pane, right-click it for further options. You can set an avatar here if you want or stick with the one generated by PyBitmessage. Choose Send message to this address to prepare your first message. If you are setting this up alone, do this with the Bitmessage new releases address, although you shouldn't expect a reply anytime soon.

Now, move to the Send ordinary Message tab in the right-hand pane (see the "A Time to Live" box). Your recipient's Bitmessage address will appear in the From field. In the To field, select the address you set up previously – this will be easy to identify because it will have a friendly name and possibly an avatar.

A Time to Live

Sharp-eyed readers may have noticed the TTL slider at the bottom of the Send pane. Time to Live (TTL) is the length of time that the Bitmessage network will retain your message. By default, that period is 102 hours. You can adjust this if you like, but the longer you want the network to hold the message, the more work your computer has to do. Once a message has been confirmed as delivered, your computer won't have to do anything further; it will be saved onto your device.

The remaining Subject and body fields are self explanatory. Click Send to queue your message for delivery.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Welcome

    As I have mentioned in the past, I continue to find it amazing that the high-tech world can go through the ritual of condemning privacy violations and NSA-style government spying, and at the same time celebrate life in the consumer-cloud paradise, where all data resides on a server controlled by a corporation and privacy is mined continuously as part of the basic business model.

  • Evolution Email

    We show you how to manage your email more efficiently with the lightweight Evolution email client.

  • Enigmail

    Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.

  • Email Suites

    We examine the strengths and weaknesses of four popular mail clients: KMail, Evolution, Thunderbird, and Claws Mail.

  • Encrypting Email

    The leading email applications include new features for helping users secure and authenticate their mail messages, but each tool has a different approach to handling tasks such as signing and encryption. This article describes how to add encryption and digital signatures to the Thunderbird, Kmail, and Evolution mail clients.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More