Proof of concept of an end-to-end encrypted peer-to-peer chat program written in Python.
Project description
snakewhisper
snakewhisper is a simple end-to-end encrypted chat program written in Python. It's functional (it currently supports two-way communication with elliptic curve key exchange), but snakewhisper is primarily a proof-of-concept that showcases how regular computer users can easily access—or even create—chat programs with end-to-end encryption.
Installation
Pip
$ pip3 install snakewhisper
Git
$ git clone https://github.com/slightlyskepticalpotat/snakewhisper.git
$ cd snakewhisper
$ pip3 install -r requirements.txt
Usage
The below commands demonstrate the basic features of snakewhisper.
$ python3 -m snakewhisper # installed with pip
$ python3 snakewhisper.py # installed with git
Log? (y/n): y # type here
INFO: Generating private key
INFO: Listening on port 2048
INFO: /help to list commands
HOST: 1.1.1.1 # type here
INFO: Connecting to 1.1.1.1
INFO: Connected to 1.1.1.1
# now you type messages or commands
alice to bob # your message
1.1.1.1: bob to alice # their message
/help # list all commands
INFO: /alias /clear /help /ip /privkey /quit /remote /time
/help quit # describe quit command
INFO: Quits the program
/quit # quits the program
INFO: Quit successfully
Cryptography
Every time snakewhisper starts, it generates an elliptic curve private key using Curve25519 (offering 128 bits of NSA-free security). When it connects to a peer, they exchange public keys and use Elliptic-curve Diffie–Hellman to agree on a shared secret key. After that, the unsalted secret key is passed through HKDF to obtain a 128-bit encryption key.
For ease of implementation, snakewhisper encrypts messages using the Fernet encryption scheme from the cryptography Python package. Fernet is just AES-128 with a SHA-256 hash-based message authentication code under the hood, and the full specification can be viewed here. Fernet also includes a timestamp, but it is in cleartext and can be spoofed.
I am confident that the encryption scheme is secure in theory (barring any secret algorithm backdoors) because it is based on well-known cryptographic algorithms and primitives, but less confident that I've implemented everything correctly. Please review the code beforehand if you intend on sending sensitive data with this (at your own risk, of course).
To-do List
- Support for timestamps
- Support for sending files
- Multi-user conversations
Contributing
Pull requests are welcome, but please open an issue to discuss major changes.
License
snakewhisper is licenced under version 3.0 of the GNU Affero General Public License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file snakewhisper-1.0.0.tar.gz.
File metadata
- Download URL: snakewhisper-1.0.0.tar.gz
- Upload date:
- Size: 17.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.5.0.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 610453715e040635a6298884dd63b2dd9f38f17d3419f15a9b0cfc9a5e9812e5 |
|
| MD5 | ef303773fd64aea32c6e3b074c56420f |
|
| BLAKE2b-256 | 631c88606d6f5c1bf99f82b7e8a79acc07b20aaa0c52b0bf2e78523c1cf8adb3 |
File details
Details for the file snakewhisper-1.0.0-py3-none-any.whl.
File metadata
- Download URL: snakewhisper-1.0.0-py3-none-any.whl
- Upload date:
- Size: 17.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.5.0.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 11b9ffa89a80bf2b4399e0f05fa33aaac6c4ff158df9703597ccd2d5541a8bd1 |
|
| MD5 | f606ffc48b412add01c0ff78178253ac |
|
| BLAKE2b-256 | 88569fdea3f15b75b75ab681eaa0e16b09ccaf860dd1c5dbce1a2a77cb259a54 |
