How it works | Pica Pica Secure Distributed Messaging System

Connectivity

Clients connect through nodes, which are interlinked with each other. To go online, a client must know the address of at least one active node. Nodes provide information about connected clients and other available nodes. Once clients discover each other through a node, they can optionally communicate directly, if configured to do so.

Authentication

A Pica client account is based on a self-signed X.509 certificate, using an RSA key of at least 4096 bits. The Pica Pica ID is derived from the SHA-224 hash of this certificate. Clients establish TLS connections and mutually authenticate each other using these certificates.

On the first connection, each client saves the peer’s certificate locally. In subsequent connections, the saved certificate is compared with the one presented by the remote side. If the certificates do not match, the connection is terminated and a warning message is displayed. There is no way to bypass or disable certificate verification, as is sometimes possible in web browsers.

However, software cannot guarantee that the Pica ID actually belongs to the person you intend to communicate with when you add them to your contact list for the first time. Therefore, it is the user’s responsibility to verify the identity.

The best way to verify a Pica ID is to exchange it in person. However, this may not always be feasible. Alternatively, you can make a phone or video call and read the Pica ID aloud. Keep in mind that with advancements in machine learning and AI, there is a possibility that real-time alteration of video and voice during a call could become technically possible in the near future—if it isn’t already. 🙂

Multiple logins

Users can log in from multiple devices using the same account. To enable this feature, go to “Settings > Configure Messenger,” select the “Multiple Logins” tab, and enable the “Replace existing connections” option. When this mode is activated, any previously logged-in Pica Pica messenger instances will be disconnected, and new incoming messages will be delivered to the last logged-in instance of the client.

Message history synchronization is not yet implemented, but work is in progress.

Storage

The Pica Client stores all data in a profile directory called “.pica-client,” located in the user’s home directory. On Unix-like systems, this is typically found at /home/user/.pica-client, while on Windows it is located at C:\Users\user\.pica-client. Contacts, message history, settings, and other information are stored in an SQLite database file located at .pica-client/pica-client.sqlite. Account certificates and private keys are stored in subdirectories within the profile directory.

Offline messages

Nodes do not store messages or any other communications, so message delivery is only possible when both peers are online. If the recipient is not online, the message is stored locally on the sender’s side, and the Pica Pica client will repeatedly attempt to deliver it until the recipient becomes available.