A comprehensive secure chat application implementing various cryptographic techniques to provide secure, authenticated messaging between multiple clients.
This project implements a client-server chat application with strong security features:
- RSA for key exchange and digital signatures
- Message integrity verification with SHA-256 hashes
- Hybrid cryptography (RSA + symmetric encryption)
- Secure protocol for handling large messages
- Marharyta Paduchak: RSA algorithm implementation, including key generation, encryption/decryption functions
- Arsenii Stratiuk: Chat protocol, message encryption/decryption, digital signature mechanisms, network communication layer
The chat implements a secure communication channel between clients:
- RSA (1024-bit) is used for initial key exchange
- Each client session uses a unique 128-bit symmetric key
- Server acts primarily as a message router rather than having access to message content
All messages are digitally signed to verify authenticity:
- The sender hashes each message with SHA-256
- The hash is signed with the sender's private key
- Recipients can verify the signature using the sender's public key
Hash verification ensures messages haven't been damaged during transmission:
- Each message includes its SHA-256 hash
- Recipients recalculate the hash and compare it with the received hash
- Any modification to the message in transit would result in hash mismatch
- The system alerts users when message integrity verification fails
The application implements a custom protocol for transmitting large messages:
- Message length is sent as an 8-byte prefix
- Data is transmitted in chunks (4096 bytes)
- Chunks are reassembled at the destination
- This allows handling of large RSA keys and messages without truncation
The application follows a client-server architecture:
-
Server Module:
- Manages client connections
- Routes messages between clients
- Coordinates the secure exchange of cryptographic keys
- Tracks connected users and broadcasts join/leave events
- Handles client disconnections
-
Client Module:
- Handles user interaction via command line
- Manages secure communication with the server
- Performs cryptographic operations for message security
- Runs separate threads for reading and writing messages
-
RSA Module:
- Provides core cryptographic primitives
- Implements key generation, encryption, and decryption
- Handles digital signature creation and verification
- Uses Miller-Rabin primality test for key generation
The secure connection follows these steps:
- Client connects to server and provides a username
- Client and server generate their RSA key pairs independently
- Public keys are exchanged between client and server
- Server generates a unique 128-bit symmetric key for the client session
- Server encrypts this symmetric key with the client's public key
- Server signs the encrypted key with its private key for authentication
- Client verifies the signature to authenticate the server
- Client decrypts the symmetric key with its private key
- A secure channel is now established
For every message sent:
-
Sender Side:
- User enters a message
- Application calculates SHA-256 hash of the message
- Hash is signed with the sender's private key
- A message package is created containing:
- Message content
- Sender username
- Message hash
- Digital signature
-
Server Side:
- Receives the message package
- Verifies message integrity using the hash
- Forwards the intact package to other clients
- No decryption or modification of the message occurs
-
Recipient Side:
- Receives the message package
- Verifies message integrity by comparing hashes
- For server messages, verifies signature with server's public key
- Displays the message if verification succeeds
Our custom RSA implementation includes:
- Prime number generation using the Miller-Rabin primality test
- 1024-bit key length for balance between security and performance
- Functions for encryption, decryption, signing, and verification
- Extended Euclidean algorithm for key generation
The application uses a multi-threaded approach:
- Server spawns a new thread for each client connection
- Each client runs separate threads for:
- Reading messages from the server
- Capturing and sending user input
To handle large messages reliably:
- The sender first transmits the message length (8 bytes)
- The receiver prepares to receive the specified number of bytes
- Data is transmitted in manageable chunks
- The receiver assembles the chunks into the complete message
- JSON is used for structured message formatting
python server.pypython client.pyWhen prompted, enter your desired username. By default, the client connects to 127.0.0.1:9001.
While this implementation provides strong security, users should be aware of these considerations:
- Key Generation: Initial connection involves computationally expensive RSA key generation
- Performance: Custom RSA implementation prioritizes educational value over optimization
- Forward Secrecy: The current implementation does not provide perfect forward secrecy
- User Authentication: The system uses simple usernames without password verification
- No persistent message history (messages are not stored)
- Limited to text-based messages
- Command-line interface only
- No support for direct messaging between specific users
Potential enhancements for future versions:
- Replace custom RSA with optimized libraries
- Implement group chat capabilities with efficient broadcast encryption
- Add robust user authentication with password protection
- Develop a graphical user interface
- Add encrypted message storage
- Everything Crypto
- RSA algorithm: Rivest, Shamir, and Adleman (1978)
- SHA-256: NIST FIPS PUB 180-4