Author: Piotr Pszczółkowski
Licence: BSD 2-Clause License
Source code: https://github.com/piotrpsz/Carmel
Carmel is a secure messenger allowing encrypted conversation between two people.
The application is written entirely in Go using the Gtk+ library (gotk3).
The program is designed for Linux.
The basis of security is the correct protection of RSA keys.
The program is as secure as the chat partners protect their private RSA keys.
Conversation partners must exchange their public RSA keys with each other.
The program uses RSA keys generated in the application.
The generated keys in the form of 'pem' files are saved in the ~/.carmel/rsa_keys directory. The files have names beginning with the username.
There can be only one private key in this directory - the username will be determined on the basis of the private key file name, and many public keys - the keys of our chat partners.
Any public key file received (securely) from a partner should be copied to this directory.
If you want to run the application as other user than the default (as marcus for example) start the application as follows:
USEDIR=marcus ./carmel (when app was build with go build -o carmel main.go)
RSA keys are used to encrypt data at the connection stage.
Later, symmetrical algorithms (Blowfish, Gost, 3-Way) are used, whose keys are generated for the use of the established session, and RSA keys are used to make/check digital signatures.
Encryption of sent content takes place in 3 stages: EDE (encryption-decryption-encryption) in which each algorithm uses a different (for the duration of the session) random key:
Run program as server
The dialogue shows the data that will be used during the connection.
The user can change the port on which he will wait for connection and the pin which has been initially randomly generated.
Important: the program uses two ports (two connections will be established), the one given in the dialog and the next one (+1).
The user can choose whether he wants to use the application on a local network or on the Internet (use the checkbox with the description Internet).
If the Internet is selected and the user is behind a router, be aware that both used ports must be open on the router (they must forward network traffic on those ports to the computer).
All this data should be provided to the client.
It's best to copy it to the clipboard (copy button) and paste it into e.g. an E-Mail.
After sending the data to the client, the messenger starts working after pressing the start button.
Run program as client
The user must enter the data shared on the server side.
It can be done by entering the data manually or copied from the clipboard (copy button) to which it was copied, e.g. from E-Mail.
After entering the server data, the messenger starts working after pressing the start button.