harmacist/darkwire.io
1
0
Fork 0
mirror of https://github.com/darkwire/darkwire.io.git synced 2025-07-18 10:49:02 +00:00
Code Issues Projects Releases Wiki Activity
145 Commits 4 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Alan Friedman a31e0ea3a9 Add zombie.js tests
2016-02-23 17:05:48 -05:00
src
Support for encrypted file transfer
2016-02-23 15:59:01 -05:00
test
Add zombie.js tests
2016-02-23 17:05:48 -05:00
.babelrc
Add JSCS and JSHint to tests and fix errors
2016-02-21 10:58:42 -05:00
.gitignore
Working implementation of darkwire interface
2016-02-19 12:39:47 -05:00
.jscsrc
Add JSCS and JSHint to tests and fix errors
2016-02-21 10:58:42 -05:00
.jshintignore
Add JSCS and JSHint to tests and fix errors
2016-02-21 10:58:42 -05:00
.jshintrc
Add JSCS and JSHint to tests and fix errors
2016-02-21 10:58:42 -05:00
gulpfile.babel.js
Add zombie.js tests
2016-02-23 17:05:48 -05:00
index.js
Add JSCS and JSHint to tests and fix errors
2016-02-21 10:58:42 -05:00
LICENSE
Licenses
2016-01-19 12:37:26 -05:00
package.json
Add zombie.js tests
2016-02-23 17:05:48 -05:00
readme.md
Support for encrypted file transfer
2016-02-23 15:59:01 -05:00

readme.md

Darkwire.io

Simple encrypted web chat. Powered by socket.io and the web cryptography API.

Installation

# For es6 compatability, be sure you have the latest stable version of Node JS installed
npm install -g n
n stable
npm install

# Bundle JS files (for deployment)
npm bundle
# Start a local instance of darkwire
npm start

Create a .secret file in the /src folder with a your session secret. It doesn't matter what it is- just keep it private.

Darkwire is now running on http://localhost:3000

Deployment

Build source

gulp bundle

How it works

Darkwire uses a combination of asymmetric encryption (RSA-OAEP), symmetric session keys (AES-CBC) and signing keys (HMAC) for security.

Here's an overview of a chat between Alice and Bob (also applies to group chats):

  1. Bob creates a room and immediately creates a public/private key pair (RSA-OAEP).
  2. Alice joins the room and also creates a public/private key pair. She is sent Bob's public key and she sends Bob her public key.
  3. When Bob goes to send a message, three things are created: a session key (AES-CBC), a signing key (HMAC SHA-256) and an initialization vector (used in the encryption process).
  4. Bob's message is encrypted with the session key and initialization vector, and a signature is created using the signing key.
  5. The session key and signing key are encrypted with each recipient's public key (in this case only Alice, but in a group chat multiple).
  6. The encrypted message, initialization vector, signature, encrypted session key and encrypted signing key are sent to all recipients (in this case just Alice) as a package.
  7. Alice receives the package and decrypts the session key and signing key using her private key. She decrypts the message with the decrypted session key and vector, and verifies the signature with the decrypted signing key.

Group chats work the same way because in step 5 we encrypt keys with everyone's public key. When a message is sent out, it includes encrypted keys for everyone in the room, and the recipients then pick out the ones for them based on their user ID.

Man-in-the-middle attacks

Darkwire does not provide any guarantee that the person you're communicating with is who you think they are. Authentication functionality may be incorporated in future versions.

File Transfer

Darkwire encodes documents (up to 1MB) into base64 using btoa and is encrypted the same way chat messages are.

  1. When a file is "uploaded", the document is encoded on the client and the server recieves the encrypted base64 string.
  2. The server sends the encrypted base64 string to clients in the same chat room.
  3. Clients recieving the encrypted base64 string then decrypts and decodes the base64 string using atob.

Sockets & Server

Darkwire uses socket.io to transmit encrypted information using secure WebSockets (WSS).

Rooms are stored in memory on the server until all participants have left, at which point the room is destroyed. Only public keys are stored in server memory for the duration of the room's life.

Chat history is stored in each participant's browser, so it is effectively erased (for that user) when their window is closed.

Description
No description provided
anonymous-userschatchat-applicationchat-roomchatroomcryptographyencryptionend-to-end-encryptionprivacysocket-io
Readme MIT 30 MiB
Languages
JavaScript 94.3%
Sass 3%
TypeScript 1%
Shell 0.5%
Dockerfile 0.5%
Other 0.7%