-
Notifications
You must be signed in to change notification settings - Fork 5
/
README.md~
124 lines (48 loc) · 4.54 KB
/
README.md~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Secure message transfer
In this project we have designed a `data pipeline` through which message can be securely transferred to the other party using encryption, decryption and hashing techniques. The pipeline is designed in such a way so as to prevent any kind of attack on confidentiality, authenticity, integrity of data. The end user will get to know if the `message` is changed.
Techniques utilized to prevent attacks:
* Digital Signature
* Encryption (AES CFB)
* Decryption (AES CFB)
* Hashing SHA-3
* Encode 64
# AES CFB Encryption and Decryption
The Cipher Feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse:
*C_i = E_K (C_{i-1}) \oplus P_i*
*P_i = E_K (C_{i-1}) \oplus C_i*
*C_{0} = \ \mbox{IV}*
# Project Description
User will enter into the application using `username` and `password`.
If you have any incoming message, then you can see on your left side. But since there no transfer of any message, the below page is completely blank.
By clicking on the `send message` button, you will redirected to the below page. Select to whom the message will be transferred from the drop down list.
Type any `message` you want to send. The recipient will only receive the `cipher text` and `hashed of plaintext`. Once you type any `message` hit the `send message` button.
Type two more `messsages` and send!
The `recipent` will know `decrypt` the `ciphertext` and find the plaintext. if the hashed version of the plaintext is mapped to sender's hashed value, then the message will be displayed. Otherwise you will get an error `Message is corrupted`.
Each `user` is associated with a public key and digital signature is assigned to it using `token ID`. The database is completely public so message will also be verified with the `public key` and the `real identity of user`.
The `cipher text` is completely encoded using base64. Even though decoding is possible, but still it provides an extra layer of protection.
The `recipent` will know now open his account.
You can see messages displayed on this inbox. Since the messages are securely transferred, and the recipent will able to successfully decrypt the ciphertext, the message will be displayed properly.
# Eve changes the message
Suppose somehow eve changes the content of the message.
The pipeline will be able to know the message is changed, and let the user know about it! See the below image!
Each user is connected with a `digital signature` so there is no way for any kind of `impersonation attack`. The `digital signature` and `public key` is verified before displaying the message.
Nobody can change the digital signature, and it is unique.
# How to run
Step 1:`Git clone https://github.com/rakeshsukla53/secure-message`
Step 2: Go to the `secure-message` folder. Navigate to `source` folder.
Step 3: `pip install -r requirements.txt'
Step 4: `python manage.py runserver`
Step 4: Go to `localhost:8000` to start the app.