This is the client application for a secure chat system. It connects to a secure chat server, exchanges public keys for secure communication, and allows encrypted messaging between clients.
The server application is necessary for the connection of client apps. You can find the server application repository and instructions on how to set it up below:
https://github.com/Arad-Afzali/secure-messaging-server-side
Please follow the installation and usage instructions in the server application's README to ensure proper communication with the clients.
- Generates RSA keys for secure communication with a bit length of 4096 bits upon initialization.
- Encrypts and decrypts messages using RSA and OAEP padding.
- Connects to the secure chat server and exchanges public keys with another client.
- GUI for connecting, sending, and receiving messages.
- Secure Key Exchange to ensure only intended peers can access the keys.
- Optional SSL/TLS Support to encrypt the entire communication channel between the client and server, ensures safe public key exchange, but even without SSL/TLS, the application maintains a high level of security for encrypted messages.
- Python 3.x
- PyQt5
- pycryptodome
-
Clone the repository:
git clone https://github.com/Arad-Afzali/secure-messaging-client-side.git cd secure-messaging-client-side
-
Create a virtual environment and activate it (Recommended):
On macOS and Linux:
python3 -m venv venv source venv/bin/activate
On Windows:
python -m venv venv venv\Scripts\activate
-
Install the required packages:
pip install -r requirements.txt
-
SSL/TLS Support:
To enable SSL/TLS support, you need to wrap the socket with SSL/TLS. Uncomment the relevant sections in the ChatClient class and provide the path to your certificate file:
# Uncomment here for SSL/TLS certificate--------------------- # Wrap the socket with SSL/TLS # context = ssl.create_default_context() # context.verify_mode = ssl.CERT_REQUIRED # context.check_hostname = True # context.load_verify_locations('path/to/fullchain.pem') # self.sock = context.wrap_socket(self.sock, server_hostname=host) # ------------------------------------------------------------
-
Obtaining SSL/TLS Certificates Self-Signed Certificates (for testing purposes):
You can generate self-signed certificates using OpenSSL:
# Generate a new RSA private key openssl genrsa -out client.key 4096 # Generate a Certificate Signing Request (CSR) openssl req -new -key client.key -out client.csr # Generate a self-signed SSL certificate openssl x509 -req -days 365 -in client.csr -signkey client.key -out client.crt
-
Obtaining Certificates from a Certificate Authority (CA):
For production, it is recommended to obtain certificates from a trusted CA. Services like Let's Encrypt offer free SSL/TLS certificates:
Follow the instructions on the Let's Encrypt website to obtain your certificate. Use the obtained fullchain.pem and privkey.pem files in the SSL/TLS configuration.
-
Start the client application:
python3 client.py
-
Enter the server IP or domain and port, then click "Connect".
-
Once connected, exchange messages securely with your peer.
Contributions are welcome! Please open an issue or submit a pull request.