Note: The following solution is a description of context and cannot be used in a real secure application.
This is a simple hot-seat, client-server chat which provides the message encryption based on user identity (name and email). The server has a role of Key Authority. It also responds for clients requests which concerns messages and key generation. The communication is blocking, but a server provides multiple threads for processing requests made by clients.
- environment: Python 3.6
- libraries: tinydb, PyCryptodome
In config.json you can set desired parameters of connection, message, clients and database.
Run database.py without arguments to check supported commands. This is the interface to database operations. For instance, to dump all messages you can simply do:
$ python database.py dump msg_dbDatabase consists of two containers for:
- messages - stores information about timestamp, identities of parties and two versions of ciphertexts based on original message (one encrypted for sender and the other for recipient) to encrypt.
- clients - stores identities of parties corresponding names of files which contains generated private and public keys.
The hybrid encryption was implemented. RSAES-OAEP for asymmetric encryption of AES EAX (which provided detection of unauthorized modifications).
Key generation produces private and public key in separate files, which names correspond to the SHA3-256 hash of an identity. Keys can be generated from console (pkg.py), but server automatically does that if any of parties of transmission doesn't own its keys.
- Run server:
python server.py. - Run two clients from separate processes, calling like:
python client.py Bob [email protected]for specifying the identity of client. - Provide an identity of interlocutor.
- Chat.
Note: If you want to refresh messages list (it doesn't refresh automatically), type ENTER or simply send another message.