Sign in

Python chat with encryption

Recently I have decided to learn more about cryptography and its implementation, so I created a small chat program which uses symmetric and asymmetric cryptography. The application was created using python version 3.8.3 and tested on Kali Linux. This article is a description of a concept that I used to create the messaging application in Python.

Symmetric and asymmetric cryptography

This section is a brief description of the two main cryptographic concepts. Cryptography is the most important part of data protection because it provides confidentiality. Without it, critical information such as credit card details would be stored and transmitted in clear text. There are two main methods for applying cryptography to ensure secure communication.

Symmetric cryptography: This method uses the same key for encryption and decryption. Algorithms such as 3DES, AES or blowfish. These types of algorithms are faster than asymmetric cryptography. However the downside of symmetric cryptography is that it uses one key for encryption and decryption; in fact, the key management becomes difficult as the communication party grows.

Asymmetric cryptography: This method uses a key pair for encrypting and decrypting information. Normally the public key is shared and used for encrypting information. The private key is used to decrypt the transmitted data; it is kept in a secure place and not shared with anyone. The main advantage to this scheme is, besides confidentiality, it also provides authenticity. The relationship between the public and private key enables the user to use the cryptographic algorithm without pre-sharing the private key. Such algorithms are RSA, Elliptic Curve, El Gamal.

How the application work

The application has two main parts, a server and a client. The server accepts multiple connections from the clients. At runtime, both the server and client generate a private and public key using the RSA algorithm. The public key will be exchanged so the server can use the client’s public key to encrypt a randomly generated a secret and send it to the client. To generate the random secret I am using the get_random_bytes function from the Crypto.Random module. The picture below shows what happens during the initial setup phase, between the client and the server.

Initial setup

After receiving the encrypted secret, the client can use its own private key to decrypt it. The secret is used as session key for AES to encrypt/decrypt the transmitted messages. The server does not log any communication, it is just transmitting any incoming message to the connected clients.

The AES encryption is operating in a CFB (cipher feedback) mode which uses an initialization vector at the beginning of the encryption process. The IV is different for every message. The following diagram showcases how CFB works in a high overview.

CFB operation mode

The initialization vector is basically used to produce the first block of ciphertext which is used again for the encryption of the next message block. So the encryption starts with the initialization vector and the key passed to some kind of symmetric encryption algorithm similar to AES. It will produce a certain length of output, which will be divided into half. The left half of the output will be XORed with the message block 0 which produces the first block of ciphertext. On the next round, the initial block will be constructed from the right half of the initialization vector and the previous ciphertext. The same operation will continue until the encryption is done.

I am using base64 encoding as an extra step to overcome a problem resulted from the output of the encryption process. It was producing special characters that the shell could not represent, so I had to encode the result in order to get the exact output.

Final Thoughts

It was a great exercise to sharpen my cryptographic knowledge and python programming skills especially in networking. I am planning to add digital signature for the initial exchange of the secret key, so it can be used to prove that the message came from the server. Also, it is a command line application, so I am planning to develop a GUI too.

The main point of creating this project was to experience and enhance my knowledge on the topic. You can find the link to the application below.