Cloud-hosted IRC with symmetric authenticated encryption
Description and Features
Privacy is at a premium, and the need for a secure means of communication is greater than ever.
- Wisper messages use Fernet encryption, which employs 128-bit AES in CBC mode, with CMS padding, and HMAC using SHA256 for authentication.
- Using Wisper requires a mutual secret key, and messages cannot be decoded without one.
- Messages remain fully encrypted between end-points.
- The server operates from an AWS EC2 instance and is available at all times. It is automatically started by an AWS Lambda function which is triggered on application start-up.
- Messages are serialized with Google protocol buffers, enabling both a smaller packet size and an encrypted sender alias.
$ pip install wisper
It is a requirement for all users to possess a mutual secret key. This must be negotiated ahead of time. To generate a new key, type y into the Need a new key? (y/n) prompt at start-up.
To start a chat session:
$ wisper $ Starting EC2 server instance... $ Need a new key? (y/n): <selection> $ Enter secret key: <secret-key> $ Key accepted $ Enter alias: <alias> $ Running server checks... $ Server started $ Establishing connection with server... $ Connected to Wisper server
- Wisper will send a notification when peers are connected/disconnected.
To end a session:
- Enter exit() or press ^C
When the Wisper client is started by the user, an HTTP request is made to an AWS API Gateway endpoint. The request triggers a Lambda function which checks to see if any Wisper server EC2 instances are running. If not, one is spun up. The Lambda function returns the instance’s public IP address, relayed to the client via an HTTP response by the API Gateway. The client collects the secret key and user’s alias, and connects to the server.
Wisper messages are serialized, encrypted, and sent to all connected clients through the server. All client-to-client communication is encrypted between end-points. All server-to-client messages are sent unencrypted.
The server instance detects when all clients are disconnected. This event triggers an HTTP request to API Gateway, invoking a Lambda function, which shuts down the server, and stops the EC2 instance.
Contribution Guideline can be found here. Please feel free to use, share, and extend this project. PR’s welcome.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.