A comprehensive secure peer-to-peer messaging system built with .NET 8.0, implementing PKI (Public Key Infrastructure), digital certificates, and encrypted communication protocols.
This project demonstrates a complete secure communication system consisting of three main components:
- Certificate Authority (CA) - Issues and signs digital certificates
- Client 1 - Listens for incoming peer connections
- Client 2 - Initiates connection to Client 1
The system implements industry-standard cryptographic protocols for secure message exchange between two parties.
- RSA-2048 - Asymmetric encryption for key exchange and digital signatures
- AES-256 - Symmetric encryption for message communication
- SHA-256 - Hash function for key derivation and data integrity
- PKCS#1 v1.5 - Digital signature padding scheme
- OAEP - Optimal Asymmetric Encryption Padding for RSA encryption
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 1: PKI SETUP β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. CA generates RSA key pair (Public Key, Private Key) β
β 2. Clients generate their own RSA key pairs β
β 3. Clients request certificates from CA β
β 4. CA signs certificates with its private key β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 2: CERTIFICATE EXCHANGE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Clients exchange certificates β
β 2. Each client verifies peer's certificate using CA's public key β
β 3. Invalid certificates are rejected β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 3: MASTER KEY ESTABLISHMENT β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Client 1 generates N1 (32-byte random nonce) β
β 2. Client 1 encrypts N1 with Client 2's public key and sends β
β 3. Client 2 generates N2 (32-byte random nonce) β
β 4. Client 2 encrypts N2 with Client 1's public key and sends β
β 5. Master Key Km = SHA256(N1 || N2) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 4: SESSION KEY ESTABLISHMENT β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Client 1 generates N3, encrypts with Km using AES, sends β
β 2. Client 2 generates N4, encrypts with Km using AES, sends β
β 3. Session Key Ks = SHA256(N3 || N4) β
β 4. All subsequent messages encrypted with AES using Ks β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
networksecurity/
βββ ag_guvenligi_bitirme.sln # Solution file
βββ CA/ # Certificate Authority application
β βββ MainForm.cs # CA server logic
β βββ MainForm.Designer.cs # UI design
β βββ Program.cs # Entry point
β βββ CA.csproj # Project file
βββ Client1/ # Client 1 application (Listener)
β βββ MainForm.cs # Client logic with listening capability
β βββ MainForm.Designer.cs # UI design
β βββ Program.cs # Entry point
β βββ Client1.csproj # Project file
βββ Client2/ # Client 2 application (Connector)
β βββ MainForm.cs # Client logic with connection capability
β βββ MainForm.Designer.cs # UI design
β βββ Program.cs # Entry point
β βββ Client2.csproj # Project file
βββ Shared/ # Shared library
βββ Certificate.cs # Digital certificate model
βββ CryptoHelper.cs # Cryptographic utility functions
βββ Shared.csproj # Project file
- .NET 8.0 SDK or later
- Windows (Windows Forms application)
- Visual Studio 2022 or VS Code with C# extension
dotnet build ag_guvenligi_bitirme.sln --configuration ReleaseStep 1: Start the Certificate Authority
dotnet run --project CA- Set a port (e.g., 5000)
- Click "Start Server"
Step 2: Start Client 1 (Listener)
dotnet run --project Client1- Enter Client ID (e.g., "Alice")
- Set CA Server address and port
- Set Listen Port (e.g., 5001)
- Click "Initialize"
Step 3: Start Client 2 (Connector)
dotnet run --project Client2- Enter Client ID (e.g., "Bob")
- Set CA Server address and port
- Set Peer Server address and Client 1's listen port
- Click "Connect"
For running on separate machines:
- Replace
127.0.0.1with actual IP addresses - Ensure firewall allows the specified ports
- All machines must have network connectivity
- Displays server status (Running/Stopped)
- Shows certificates issued count
- Lists all connected clients
- Logs all certificate requests and issuances
- Real-time connection status
- Certificate verification status
- Session key establishment status
- Encrypted chat interface
- Detailed security protocol logs
{
"SubjectID": "ClientName",
"PublicKey": "Base64EncodedRSAPublicKey",
"Validity": "2025-12-28T00:00:00Z",
"SerialNumber": "UniqueGUID",
"Signature": "CADigitalSignature"
}- Each message is encrypted using AES-256-CBC
- Random IV generated for each message
- Format:
[IV (16 bytes)][Encrypted Message]
- Uses SHA-256 for deriving keys from nonces
- Ensures forward secrecy through unique session keys
Course: BIM 437 - Bilgisayar ve AΔ GΓΌvenliΔi (Computer and Network Security)
Project Type: Term Project
Framework: .NET 8.0 with Windows Forms
This software is open-sourced under the MIT License.
You are free to use, modify, and distribute this software, provided that the original copyright and permission notice are included. Please see the LICENSE file for complete details.
Taha Emre
This project demonstrates practical implementation of public key infrastructure, digital certificates, and secure communication protocols.