About
Author: Piotr Pszczółkowski
Version: 0.1
Licence: BSD 2-Clause License
Source code: https://github.com/piotrpsz/Carmel
Carmel is a secure messenger allowing encrypted conversation between two people.
The application is written entirely in Go using the Gtk+ library (gotk3).
The program is designed for Linux.
Description
The basis of security is the correct protection of RSA keys.
The program is as secure as the chat partners protect their private RSA keys.
Conversation partners must exchange their public RSA keys with each other.
The program uses RSA keys generated in the application.
The generated keys in the form of 'pem' files are saved in the ~/.carmel/rsa_keys directory. The files have names beginning with the username.
There can be only one private key in this directory - the username will be determined on the basis of the private key file name, and many public keys - the keys of our chat partners.
Any public key file received (securely) from a partner should be copied to this directory.
If you want to run the application as other user than the default (as marcus for example) start the application as follows:
USEDIR=marcus ./carmel (when app was build with go build -o carmel main.go)
RSA keys are used to encrypt data at the connection stage.
Later, symmetrical algorithms (Blowfish, Gost, 3-Way) are used, whose keys are generated for the use of the established session, and RSA keys are used to make/check digital signatures.
Encryption of sent content takes place in 3 stages: EDE (encryption-decryption-encryption) in which each algorithm uses a different (for the duration of the session) random key:
- Blowfish - used in ECB mode with randomly generated IV vector,
- Gost - used in CBC mode,
- 3-Way - used in ECB mode with randomly generated IV vector,
Each of the encryption algorithms used uses random keys with the allowed maximum length.
Of course, there are several ways to check security while sending messages (ID blocks, message IDs, checking the time between sending a message and confirming its receipt, etc.)
To establish a connection, one partner acts as a server, the other as a client. The client must connect to the server.
S E R V E R
Run program as server
To run the program as a server you must select from the program menu item
Wait for connection....
The following dialog will appear:
|
The dialogue shows the data that will be used during the connection.
The user can change the port on which he will wait for connection and the pin which has been initially randomly generated.
Important: the program uses two ports (two connections will be established), the one given in the dialog and the next one (+1).
The user can choose whether he wants to use the application on a local network or on the Internet (use the checkbox with the description Internet).
If the Internet is selected and the user is behind a router, be aware that both used ports must be open on the router (they must forward network traffic on those ports to the computer).
All this data should be provided to the client.
It's best to copy it to the clipboard (copy button) and paste it into e.g. an E-Mail.
After sending the data to the client, the messenger starts working after pressing the start button.
|
C L I E N T
Run program as client
To run the program as a client from the program menu select
Connect to ....
The following dialog will appear:
|
The user must enter the data shared on the server side.
It can be done by entering the data manually or copied from the clipboard (copy button) to which it was copied, e.g. from E-Mail.
After entering the server data, the messenger starts working after pressing the start button.
|
C H A T
Finally, when both parties have connected to each other, they can exchange messages.
Date of last modification: 2020-01-20
copyright © beesoft software