Skip to content

readme.md

Latest commit

 

History

History
216 lines (161 loc) · 6.45 KB

readme.md

File metadata and controls

216 lines (161 loc) · 6.45 KB

🔒 Secure Channel

A secure P2P messenger with military-grade end-to-end encryption. Simple to use, but cryptographically robust tool for private communication.

⚡ Features

  • 🛡️ End-to-End encryption using ChaCha20-Poly1305
  • 🔑 Secure key exchange via X25519 (Curve25519)
  • 🚀 Two operation modes: console (CLI) and graphical (GUI)
  • 🌐 P2P connection - no intermediary servers
  • 🔐 Optional authentication via Pre-Shared Key (PSK)
  • 💪 Quantum-resistant (for symmetric encryption)

🔐 Cryptographic Algorithms

Component Algorithm Security Level
Key Exchange X25519 (Curve25519) ~126 bits
Encryption ChaCha20-Poly1305 256 bits
Key Derivation HKDF-SHA256 256 bits
Authentication PSK + AEAD Depends on PSK

Time to break: With proper configuration - practically impossible with modern methods (>10^60 years).

📦 Installation

Requirements

  • Python 3.8+
  • cryptography library
  • PyQt6 (for GUI mode)

Quick Install

git clone https://github.com/qventymr/securechannel.git
cd securechannel
pip install -r requirements.txt

requirements.txt

pyqt6 >= 6.9.1
cryptography >= 45.0.5

🚀 Usage

Quick Start

# Launch with GUI (recommended)
python main.py

# Or explicitly
python main.py --gui

CLI Mode

Start as server:

python main.py -p 12345 --psk "your-secret-password"

Connect as client:

python main.py 192.168.1.100 -p 12345 --psk "your-secret-password"

Without password (less secure):

# Server
python main.py -p 12345

# Client  
python main.py 192.168.1.100 -p 12345

Advanced Usage

Using environment variables:

export ANON_PSK="my-super-secret-key"
python main.py -p 12345

Server on specific interface:

python main.py -l 127.0.0.1 -p 12345  # localhost only
python main.py -l 0.0.0.0 -p 12345     # all interfaces

🛡️ Security

Security Levels

🟢 Maximum Security

  • Use long PSK (16+ characters)
  • Exchange PSK via secure channel
  • Verify peer identity outside the application

🟡 Medium Security

  • Use short PSK (8+ characters)
  • Suitable for communication with trusted parties

🔴 Minimal Security

  • No PSK - protection only against passive eavesdropping
  • Vulnerable to man-in-the-middle attacks

PSK Recommendations

Length Characters Security Time to Crack*
6 a-z,0-9 Weak ~13 minutes
8 a-z,0-9 Low ~8 hours
12 a-z,A-Z,0-9 Medium ~87 years
16+ All symbols High Practically impossible

*At 10^9 attempts per second

Secure PSK Generation

import secrets
import string

# Generate random PSK
alphabet = string.ascii_letters + string.digits + "!@#$%^&*"
psk = ''.join(secrets.choice(alphabet) for _ in range(20))
print(f"Your PSK: {psk}")

⚠️ Limitations and Warnings

What the application does NOT protect:

  • ❌ Connection metadata (IP addresses, timing)
  • ❌ Traffic analysis by message size
  • ❌ Endpoint compromise
  • ❌ Keyloggers and other malware

Important Notes:

  • 🔒 PSK must remain secret
  • 🌐 Use VPN/Tor to hide IP addresses
  • 💻 Check devices for malware
  • 🔄 Regularly change PSK

🏗️ Architecture

┌─────────────────┐    Handshake      ┌─────────────────┐
│     Client      │◄──────────────────┤     Server      │
│                 │                   │                 │
│ ┌─────────────┐ │   Encrypted Data  │ ┌─────────────┐ │
│ │ X25519 Keys │ │◄──────────────────┤ │ X25519 Keys │ │
│ └─────────────┘ │                   │ └─────────────┘ │
│ ┌─────────────┐ │    ChaCha20-      │ ┌─────────────┐ │
│ │ChaCha20-    │ │    Poly1305       │ │ChaCha20-    │ │
│ │Poly1305     │ │                   │ │Poly1305     │ │
│ └─────────────┘ │                   │ └─────────────┘ │
└─────────────────┘                   └─────────────────┘

Parameters:

  • HOST - Server IP address (omit for server mode)
  • -p, --port - Port number (required for CLI mode)
  • -l, --listen - Listen address for server (default: 0.0.0.0)
  • --psk - Pre-shared key for authentication
  • --gui - Force GUI mode
  • --no-banner - Hide startup banner

🔍 Security Analysis

Cryptographic Strength:

  • X25519: Equivalent to 3072-bit RSA
  • ChaCha20-Poly1305: 256-bit security, AEAD construction
  • HKDF-SHA256: Proper key derivation with salt support

Attack Vectors:

  1. Weak PSK - Use strong passwords (16+ chars)
  2. Man-in-the-Middle - Verify peer identity out-of-band
  3. Traffic Analysis - Use VPN/Tor for metadata protection
  4. Endpoint Security - Keep systems updated and malware-free

Threat Model:

  • Passive Eavesdropping: Fully protected
  • Active Network Attacks: Protected with strong PSK
  • ⚠️ Nation-State Adversaries: Additional precautions needed
  • Quantum Computers: X25519 vulnerable (ChaCha20 resistant)

⚖️ License

MIT License - free for any use.

🔗 Useful Links

⚠️ Disclaimer

This software is intended for educational and research purposes. The authors are not responsible for illegal use. Always comply with local laws when using cryptographic tools.

Remember: Absolute security does not exist. Use common sense and additional security measures.

💡 If this project was helpful, please give it a ⭐ star!

🛡️ Stay secure, stay private

Made with ❤️ for privacy advocates worldwide