Secure, command-line interface (CLI) chat application that uses Tor network. It's peer-to-peer, meaning that there is no central server. User A creates a chat server and user B connects to it.
The access key is an AES-encrypted version of the Tor onion address, shared in a human-readable hex format. User B enters the access key and password to decrypt the onion address and connect to user A.
Users exchange messages encrypted with each other's RSA public keys.
Tor The Onion Router - free and open-source software for enabling anonymous communication by directing traffic through a free overlay network.
Mac OS
brew install tor
Linux:
sudo apt-get update
sudo apt-get install tor
- Chat is working over tor connection with RSA encryption and keys exchange.
- Onion address is hidden inside access key
- User interface is in progress but basic user chat is working
- Client A starts the tor server, generates access key, which is onion address encrypted with a password
- Client A shares the access key and password with Client B
- Client B enters the access key and password to decrypt the onion address
- Client B connects to the onion address
- Clients exchange public keys
- Clients encrypt messages with each other's public keys
The access key is a readable binary key in hex format that resembles 1234-ABCD-EFGH-5678.... This key represents the AES-encrypted onion address.
The password is used to encrypt/decrypt the access key to obtain the onion address, which takes a form like 1234-ABCD.
The password consists of random bytes converted to upper-case hex format.
It is also used to sign messages via HMAC to verify message integrity.
User A (server), after connecting to Tor and generating an onion address, encrypts this address with a randomly generated password.
User A then shares the access key (AES-encrypted onion address) and password with User B.
The password and access key should be shared via different channels for security.
User B enters the access key and then the password to decrypt the onion address.
+----------------+ +-------------+
| User A | | User B |
| (Server) | | (Client) |
+-------+--------+ +--------+----+
| |
| |
|<------------>Connects to Tor Network |
| |
|--->Generates random password, encrypts onion address with password |
| |
|--->Generates access key (AES-encrypted onion address) |
| |
|-------------------------- Shared Access Key ---------------------------->|
| |
|-------------------- Shares password via Channel 2 ---------------------->|
| |
| |
| Enters access key and password to decrypt onion address <---------|
| |
| Decrypts the key with the password <---------|
| |
| Connects to Tor Network <---------|
| |
| Connects to User A <---------|
| |
|<------------------------- RSA pub key exchange ------------------------->|
| |
|<---------- Users verify message integrity via HMAC signature ----------->|
| |
+-------+--------+ +--------+----+
| User A | | User B |
| (Server) | | (Client) |
+----------------+ +-------------+
- TOR=0 - disable tor connection for dev purposes
- DEBUG=1 - enable debug mode
- session restoration with password
- graceful shutdown
- access key ask as input not arg
- allow reconnect
- encode access key as BEP39 mnemonic
- add timestamps to the messages to prevent replay attacks
- sign every message with hmac to verify integrity and prevent MITM attacks
- ack on handshake received
- notify about handshake
- ack on every message
- chat gui (tui)
- send files
- allow multiple users in a chat room
- onion routing
- gen chat key for access, hide onion
- server generate key with password
- client enters key and password to connect
- test coverage for crypto packages
- basic tcp echo server
- basic chat server-client
- custom protocol with header
- chat via custom protocol
- handshake on connection, exchange public keys
- encrypt chat with public key
- basic tor tcp connection