What is it?
This chat server is powered by gevent's StreamServer. We are not using WSGI server because we want to experiment with server one level lower.
This chat server runs over SSL and uses GPG to perform communicate on top of SSL.
GPG is GNU Privacy Guard which is supposed to be the open-source alernative of PGP (Pretty Good Privacy). Since PGP is proprietary, GPG is used.
GPG/PGP provides the following:
by signing and encrypting the message/file. There are no publicly known successful attack on PGP. The heart of this security tool is protecting your private key with a strong passphrase.
Unfortunately, due to time constraint and usabililty, I didn't allow/add passphrase keyword to GPG_Tool class.
The heart of GPG/PGP is random-key encryption.
- Generate a random key.
- Encrypt the data using random key.
- Encrypt the random key with the recipient's public key.
- Now you basically have your encrypted message.
- The recipient must decrypt the random key using private key.
- Decrypt the data using the random key which just decrypted.
- Now you basically have your decrypted data.
To ensure the person is really the keyowner, we authenticed the user by sending a random string (which is a bcrypt salt), encrypts it with the account holder's public key, sends it back to the socket client, and the client has to decrypt and encrypt the random string using the server's public key and sends back to the server to check for correctness and integrity.
How this is developed
I started off with a different design but I threw to away a few days ago. The first couple commits followed agile and test-driven development. But in the last commit I had to work through a big commit, so the quality becomes really bad. My remark is always develop your software using agile and test-driven development. You don't have to wirte 100% test coverage all the time. But in the first several commits I would write tests for the small components and started building up a working service.
Will update later.
We distribute a sample self-signed certificate. You get install yours by doing:
sudo apt-get install openssh-server openssl genrsa 2048 > host.key chmod 400 host.key openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert cat host.cert host.key > host.pem chmod 400 host.pem
Note the name host.key, host.pem, and host.cert can be changed. You have to specify the path of key and cert in app.yaml. You are encouraged to place your certifcates under /etc/ssl/certs/ or /etc/pki/tls/.
- Communicate over TCP with socket in Python
- Provide confidentiality and integrity of messages;
- Provide authentication of users
- Make a simple chat server for two users.
- Make server SSL secure.
- Add a simple user layer (registration and identify users by name)
- Add commands for the chat.
- Fix the broken tests.
- Refactor code.
To run all the tests (except tests_config.py will fail), try:
python serve.py nosetests --verbosity=3 -s (on another terminal)
To run tests_config.py, try:
nosetests --verbosity=3 -s tests/tests_config.py