Lets-chat
I got accepted for self-hosted online communities communication with OTR encryption : Back-end as a student developer under awesome mentors +Tong Hui , +Mario Behling and (soma) +Manuel Munz under the organization +FOSSASIA . In fact, +Tong Hui played a crucial role to encourage me to contribute to lets-chat. I am looking forward to work with him this summers. This is
I will be first implementing the OTR encryption chat and then plans to link it with lets-chat .
Firstly, I would like to provide a brief description about OTR encryption, OTR encryption or Off The Record messaging will enable the users to have private conversations using lets-chat. OTR is an encryption tool for real-time chat, is easy to setup and provides a smooth user experience as well. Symmetric key cryptography is used through OTR encryption and hence the same key is used by the sender (Alice) and receiver (Bob) to encrypt the plaintext to ciphertext and to decrypt the ciphertext to plaintext.
Moreover, since the communication channel is insecure, for encrypting the communication, OTR uses Diffie-Hellman key exchange algorithm. In short, Alice and Bob are able to exchange secret keys in such a way that they can derive a shared AES (Advanced Encryption Standard) key that is impossible for an intruder to decipher. This protocol hence ensures deniability and perfect forward secrecysince this protocol uses new key for each message. Interestingly, OTR encryption can be used on any internet chat protocol such as Google talk, lets-chat etc.
I plan to implement the following features under FOSSASIA this summers under Tong Hui :
- Generate long lived key : This step is going to be expensive as it might take seconds
- Since OTR uses new key for each message, for each receiver, the sender wishes to communicate to, instantiate an OTR object
- Implement function to send a message to the receiver
- Implement function to receive a message to the sender
- Ensure Symmetric key encryption
- Ensuring the sender’s message is encrypted to obtain cipher text
- Ensuring the receiver’s message is decrypted to obtain plain text
- Close private connection when the chat is closed
- Easy connectable API for front-end reuse
Note: I will be implementing the OTR encryption in group chats at first and make sure that the code is efficient enough to use in lets-chat.
After that I wish to implement the following :
- Display status online/offline
- Display fingerprints
- Resolve bugs if any
- Maintain proper documentation of back-end work
Looking forward to learn, code and develop this summer !
Some important links :