https://github.com/retr0kr0dy/ghostschat

Chat and file transfer securely, 🛡️ embrace anonymity, and unleash your inner cyber ninja! 🥷💻💾
https://github.com/retr0kr0dy/ghostschat

aes annonymized chat coding cryptography development file-transfer python rsa secured-communication security

Last synced: 5 days ago
JSON representation

Chat and file transfer securely, 🛡️ embrace anonymity, and unleash your inner cyber ninja! 🥷💻💾

• Host: GitHub
• URL: https://github.com/retr0kr0dy/ghostschat
• Owner: Retr0Kr0dy
• License: gpl-3.0
• Created: 2024-03-24T09:51:40.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-03-24T10:30:44.000Z (about 2 years ago)
• Last Synced: 2025-07-26T09:13:01.648Z (11 months ago)
• Topics: aes, annonymized, chat, coding, cryptography, development, file-transfer, python, rsa, secured-communication, security
• Language: Python
• Homepage:
• Size: 375 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# GhostsChat

> [!WARNING]

Do not fully trust GhostsChat as a secured-confidential messaging app. It's an IRC PoC thing.

GhostsChat is a lightweight chat providing annonymity and simplicity.

## Summary

- [Usage](#Usage)

- [HowItWorks?](#HowItWorks?)

## Usage

First you will need to generate a configuration file for the server and any client you want to have.

You need to use [GhostsChat-confgen.py](./GhostsChat-confgen.py) :

![Alt_text](./assets/confgen.png)

As you can see, currently, you need to type the AES key you want to use, it will be changed in newer version.

After creating configuration files, you should be able to start using GhostsChat.

simply type `python3 GhostsChat-client.py `.

> [!NOTE]

Currently, server is taking conffile in argument. See --help.

## HowItWorks?

##### Server part is just used to broadcast a message to every connected clients.

The server is untrusted, therefore, it only have access to encrypted data (no access to keys), and it doesn't store it.

##### The client part is more complex.

Similar to the server it doesn't store anything, so wether you quit and reconnect or you weren't connected when the import message arrived, you missed it.

Thus GhostsChat is meant to be used along annother chat app (discord, telegram) so you can bring people for a meeting on GhostsChat.

Client use AES-256-GCM (AES with salt, to simplify) for message encryption and RSA-4096 for signing packets.

Messages are sent with form : 

```python

payload = {

    "nickname" : NICKNAME,

    "time" : TIME,

    "sign" : [int(byte) for byte in bytearray(SIGN)],

    "message" : message

}

```

The `RsaSign()` sign the payload using the SHA-256 hashed message.

After Encryption, payload look like this:

```

[12 bytes of nonce for AES-GCM][Encrypted data (len is multiple of the key len used)]

```

For bigger messages (and for file transfer in future version), Chunk splitting functions are used to breakdown the data to send in smaller 4096 bytes chunks.

> [!WARNING]

Remember, do not fully trust GhostsChat as a secured-confidential messaging app. It's an IRC PoC thing.