Encryption of messages in SecureDialogues

Encryption, digital signature, data protection - terms are quite common among IT-specialists.

Already written a lot of interesting publications, articles and books on these topics. After reading one of them, I decided to try my hand at practice. So the project was born, which will be discussed below.

Brief description of the application

The SecureDialogues application adds the level of encryption for messages that are transmitted through services such as Gmail . The application itself performs authorization for configured services using the OAuth2 protocol, it receives and sends messages. At its core, this is a regular instant messenger that provides cryptographic protection for messages, except that one of several third-party services can be used for transmission.

Data on the hard disk is encrypted using the AES algorithm with a 256- bit key, which is extracted from the password entered at startup, using RSA for digital signature. User messages are encoded with a 256- bit AES session key.

Source codes are available at the link wiki project .

Available to run the application in the container docker , more on the link .

Purpose of creation

The application was created with a very specific purpose - it was interesting for me to work with cryptography on a practical project. And not in a simple one, like "paste the text here, but here take a coded message", but in such a way that there is a digital signature , asymmetric encryption , session keys and other interesting things. Therefore, the project was selected messenger.

In the absence of all the necessary infrastructure for sending messages, this function is delegated to already existing services like Gmail or VKontakte .

Interface Description

When you first start the application will ask you to enter a password:

This password is used to encrypt data stored on the hard disk, such as: RSA keys, authorization tokens for OAuth2 , data about services and contacts.

Messages and information about conversations are not saved , that is, when an application is terminated, data about received messages and open dialogs are lost.

On subsequent launches, the application also requests a password to decrypt and load the previously saved data.

View of the main application window:

Before you can send the first message, you must perform two steps:

• Configure the connection to the service to send a message ( for more information on the wiki );
• Add contact to the interlocutor ( more on the wiki );

Most importantly, because of what the contact is added before the start of the exchange - this is the public key . Every message that is sent between users must be signed by the sender. If the recipient could not verify the digital signature using the public key, then the message is discarded.

Also, the public key is used to encrypt the session key.

After all the preliminary stages passed, you can start a dialogue. To do this, in the main window of the application there is a corresponding button ( more on the wiki ). During the creation of a dialogue, a session key is generated , which will encrypt all messages in this dialogue.

All dialogs are displayed in the main window on the left. After your interlocutor has confirmed the creation of a dialogue, you can send and receive messages in it:

To send or read messages in the desired dialogue, you need to select it by clicking the left mouse button.

Messages of the remote user are displayed on the left and yours - on the right. If the message has not yet been delivered, it is displayed in gray:

The application sorts the list of dialogs in the following order - at the very top there will be active dialogs for which sending of messages is allowed, and at the very bottom - closed ones. Also on the order affects the time of the change dialogue. The active dialogue that last received the message will be above all, and the first closed - below. For each dialogue, an indicator of the number of unread messages is displayed, if any:

The status of the dialogue is highlighted in color:

• closed dialogs are marked in red
• green shows active conversations, it is possible for them to send messages
• gray dialogs are in the process of being created.

Here is an example of what a simple message with the text hellow world looks like ! :

Signal exchange

The exchange of messages between interlocutors A and B consists of the following steps:

• Side A generates a dialogue creation command ( CREATE_DIALOG ) and signs it with its private key;
• Side B requests the user to agree to create a dialogue, and if the user agrees, a session key T and a random string R are generated, which are individually encrypted with public key A and placed in the message body ( VERIFY_KEY ). The entire message is signed with the private key B.
• Side A decrypts the session key and random string, encrypts the random string with the session key, adds the result to the KEY_VERIFICATION message KEY_VERIFICATION . Signs the entire message with your private key.
• Side B decrypts a random string, checks if the result matches R , if everything is correct, the signed message ACCEPT_DIALOG , which means that the dialog is established and then the message exchange is possible.

The successful establishment of dialogue and signaling exchange are shown in the figure:

Further development of the project

At the moment, the application already provides basic message encryption and authentication capabilities through a digital signature. But the list of supported services is extremely small.

In the future we plan to increase it. Work is already underway to include VKontakte in it.

Also in the project, an increase in the informativeness of the user interface, such as adding the status of connection to the service (active, connection error, etc.).

The algorithm for checking duplicate messages does not work in the best way, it is planned to be improved.