Proof of concept of an end-to-end encrypted peer-to-peer chat program written in Python.
Project description
snakewhisper
snakewhisper is a simple end-to-end encrypted chat program written in Python. It's functional (it currently supports two-way communication with elliptic curve key exchange), but snakewhisper is primarily a proof-of-concept that showcases how regular computer users can easily access—or even create—chat programs with end-to-end encryption.
Installation
Pip
$ pip3 install snakewhisper
Git
$ git clone https://github.com/slightlyskepticalpotat/snakewhisper.git
$ cd snakewhisper
$ pip3 install -r requirements.txt
Usage
The below commands demonstrate the basic features of snakewhisper.
$ python3 -m snakewhisper # installed with pip
$ python3 snakewhisper.py # installed with git
Log? (y/n): y # type here
INFO: Generating private key
INFO: Listening on port 2048
INFO: /help to list commands
HOST: 1.1.1.1 # type here
INFO: Connecting to 1.1.1.1
INFO: Connected to 1.1.1.1
# now you type messages or commands
02:01:18|Local User: alice to bob # your message
02:01:23|1.1.1.1: bob to alice # their message
06:54:11|Local User: /help # list all commands
INFO: /alias /clear /help /ip /privkey /quit /remote /sendfile /time
06:54:46|Local User: /help quit # describe quit command
INFO: Quits the program
06:55:05|Local User: /sendfile secret.txt # sends encrypted file
INFO: Sending file secret.txt
INFO: Sent file secret.txt successfully
06:55:33|Local User: /quit # quits the program
INFO: Quit successfully
Cryptography
Every time snakewhisper starts, it generates an elliptic curve private key using Curve25519 (offering 128 bits of NSA-free security). When it connects to a peer, they exchange public keys and use Elliptic-curve Diffie–Hellman to agree on a shared secret key. After that, the unsalted secret key is passed through HKDF to obtain a 128-bit encryption key.
For ease of implementation, snakewhisper encrypts messages and sent files using the Fernet encryption scheme from the cryptography Python package. Fernet is just AES-128 with a SHA-256 hash-based message authentication code under the hood, and the full specification can be viewed here. Fernet also includes a timestamp, but it is in cleartext and can be spoofed.
I am confident that the encryption scheme is secure in theory (barring any secret algorithm backdoors) because it is based on well-known cryptographic algorithms and primitives, but less confident that I've implemented everything correctly. Please review the code beforehand if you intend on sending sensitive data with this (at your own risk, of course).
To-do List
- Full-fledged test suite
- IPv6 support for 2021
- Support for multi-user
- Toggle timestamp on/off
Contributing
Pull requests are welcome, but please open an issue to discuss major changes.
License
snakewhisper is licenced under version 3.0 of the GNU Affero General Public License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for snakewhisper-1.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 540932a7eb76386663e0b0aa2a79f2bdbba7aa8b18951e992487ef97b61e4829 |
|
| MD5 | 12fd1b68e9ffa67c7663de149164041f |
|
| BLAKE2b-256 | 51ce4b03d7ab337f8d04cf33cdb7359f685589d97abc24bfdebc47956203f01d |
