The aim of this project is to learn asymmetric encryption by creating an encrypted messaging program in a terminal with Python with the following constraints:
- No use of a crypto library
- No storage of clear passwords or private keys
The features of the program are:
- Create a user and sign in
- Send a message to a user
- Create and view conversations with other users
There are probably many better ways to create this program than mine, but this one was the most obvious to me.
- Download the repository from this address.
- Open your terminal.
- (Optional) Download Python if you don't already have it with this command:
pip install python - Navigate to the project folder, for example:
cd /Downloads/cipherCommunication - Launch the program:
python main.py - Enjoy the program! You can use existing users like alice (password: alice) and bob (password: bob) if you want.
- You can use
CTRL + Cto close the program.
When the program is launched, the user can create an account or log in. When a user is created, a users.json file stores:
- Its username
- The SHA256 hash of its password
- Its 1024-bit public key
When the user tries to connect, the program will compare the hash of the entered password with the hash of the stored password.
Each user has a public key and a private key. The public key is stored in users.json, but the private key is generated each time we need it (to display conversations) using a seed (username + clear_password). Using this method, the user only needs to remember their password and the program doesn't need to store the private key.
To cipher a message using asymmetric encryption, the user will encrypt their message using the public key of the user they want to send the message to. Then, the other user will use their private key to decrypt the message. The image below (from the website SS2BUY) explains this principle graphically.
The cryptosystem used to encrypt the messages and to generate the keys is RSA.
The loading page is a simple application of Python Threading.
A problem I encountered was displaying conversations if the message was encrypted with the public key of the other user. To fix that, I chose to encrypt the messages with the public key of the sender and the public key of the recipient. So the conversation will be decrypted with the private key of the user logged in.
- The total amount of time spent on this project is around 5 days.
- The project idea comes from a scholarly project in the Cryptography class at the University of Technology of Troyes.
- To simplify user interaction, the program creates the keys with a seed composed of the SHA256 hash of the user's password. This means that the confidentiality of conversations is only based on the security of the SHA256 algorithm, which is not as secure as RSA.
- This is a learning project about cryptography, so it is not optimized to be used by many people. The program can only be launched locally.
- Conversations between two users are only using the same private keys. So if one key is compromised, the entire conversation loses its confidentiality. A way to avoid this problem could be the use of Key Derivation Function and Double Ratchet Algorithm, but it will be for the next version.
Some functions from the files above are reused from a previous university project done in 2023 with Maxence Jaulin:
- generate_prime_number.py
- rsa_management.py
- hash_with_sha256.py