Skip to content

Home

Jump to bottom Edit New page
Six Pack edited this page May 11, 2015 · 4 revisions

It has to start somewhere...

This is a secure messaging and communication client written in 100% Python. The client currently consists of the following main elements:

  1. Flask web front end providing user access to the application
  2. Sqlalchemy interface to PySqlCipher wrapped Sqlite database
  3. MQTT client for messaging

#Security Objectives

  1. No unencrypted data shall be stored on the file-system at any time
  2. All user to user communications shall be encrypted
  3. Messages will automatically purge after a period of time
  4. Clients and brokers will attempt to mitigate denial of service attacks
  5. Brokers shall not have access to any unencrypted messages

#Architecture

One or more Mosquito MQTT brokers provide the messaging backbone. These are deployed in bridged mode with all topics to be shared between brokers. It is up to broker operators to establish trust between themselves.

The basic client is a simple Flask web application which is the primary component of this platform. The client includes an MQTT stack and communicates with other peers by one or more brokers.

PGP keys are used as the primary identity, there is no central user database or password list. A user proves their identity to the system and other users using PGP only. All PGP operations are performed using GPG on the users system. All messages between users are automatically and transparently encrypted using PGP. Optionally messages may be automatically signed to prove authenticity to the recipient.

#Basic Client Operation Overview

  1. Client application is started and may be accessed using a web-browser at http://127.0.0.1:5000
  2. If first run is detected then an initial set-up procedure is executed that requires the user to provide their PGP key and passphrase and a chosen display name. The application will create the encrypted local database and encrypt the database key using the users chosen PGP key. This concludes the initial setup.
  3. The user is prompted to select a PGP key and provide the corresponding passphrase to access the application
  4. The 'secret' file is PGP de-crypted and the SQL password is then read and used to decrypt and access the local database.
  5. The client now attempts to establish a connection to the MQTT broker specified in the configuration. A customized PGP authentication plugin is used on each broker which allows client to authenticate using their chosen PGP key. The user identity consists of the 16 Byte PGP key ID.
  6. If the connection is successful then the client establishes a number of PUB/SUB topics on the broker using the users PGP key as a username. Any queued messages will be delivered to the client
  7. The client is now operational and may be used to send and receive messages.

#Specialized Clients

A number of specialized clients can exist on the network which may be utilized by normal clients for enhanced functions and operations such as user directories, discussion boards and many other functions.

Add a custom footer
Add a custom sidebar
Clone this wiki locally