Skip to content

Encrypted peer-to-peer messaging platform written in Python.

License

Notifications You must be signed in to change notification settings

ajstensland/slyther

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

slyther

Slyther is an encrypted peer-to-peer messaging platform written in Python. Slyther employs the pycryptodome library for its cryptographical needs.

Created as a project-based learning venture because I wanted to design an application-layer protocol and learn how to use sockets and encryption.

Disclaimer

I make no claims regarding the security of this program. While it is encrypted, I may have made some errors blatant to the average cryptanalyst. Pycryptodome may also have vulnerabilities I am unaware of. Do not trust this program with anything remotely important. No personal information, no credit cards, no SSNs. I am not responsible for damages incurred by the improper usage of slyther or slyther-server.

If you notice that I'm making a severe mistake with the security of this program, please let me know. This has been purely a learning experience for me, and if you can provide more lessons for me to learn about this topic, please let me know!

Quickstart

# Install dependencies
python -m pip install -r requirements.txt

# Start server in one terminal
./slyther-server

# Start client in another terminal
./slyther

Screenshots

Main Menu

menu

Server Log

serverlog

Viewing a Conversation

conversation

Protocol

Given that Alice (A) wants to send Bob (B) a message through slyther, three steps take place. Slyther uses a mixture of RSA with OAEP and AES-128-EAX to encrypt messages, and SHA512 hashes (with RSA) for digital signatures.

  1. Public Key Exchange
    1. Alice sends Bob her public key (plaintext, since public keys are not secret)
    2. Bob checks this public key against a fingerprint shared over a trusted channel (fingerprints not yet implemented)
    3. Given that Alice's key is trusted, Bob sends his public key to Alice (again, in plaintext)
  2. Session Key Creation and Delivery
    1. Alice then creates a 128-bit AES session key for her message
    2. Alice encrypts this key with Bob's public key and sends the RSA-encrypted key to Bob
    3. Alice signs the SHA512 hash of the key
    4. Alice encrypts this signature with the AES key and sends the AES-encrypted signature to Bob
  3. Message Delivery
    1. Alice encrypts her message with the AES key and sends the encrypted message to Bob
    2. Alice signs the SHA512 hash of her message, encrypts it with the AES key, and sends it to Bob

Acknowledgements

Big thanks to Hedde van der Heide and Adam Rosenfield for their StackOverflow answer on sending and receiving large messages over sockets

About

Encrypted peer-to-peer messaging platform written in Python.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages