SecureChat - End-to-End Encrypted Anonymous Chat

A completely anonymous, end-to-end encrypted chat application for Linux with no user registration required.

Features

• Complete Anonymity: No usernames, emails, or personal information required
• End-to-End Encryption: All messages encrypted with RSA-2048 and Fernet (AES-128)
• Encrypted Direct Messages: Private encrypted conversations between users
• Encrypted Broadcasts: Send encrypted messages to all connected users
• Secure Key Exchange: Automatic RSA-based key exchange for establishing secure channels
• No Data Storage: Server only relays encrypted messages, stores nothing
• Anonymous IDs: Random 16-character hex IDs assigned to each connection

Security Architecture

Encryption Layers

1. RSA-2048 Key Pairs: Each client generates a unique RSA key pair on startup
2. Symmetric Encryption: Messages encrypted with Fernet (AES-128 in CBC mode)
3. Key Exchange: Symmetric keys exchanged using RSA public key encryption
4. Zero Server Knowledge: Server cannot decrypt any messages

Privacy Features

• No user registration or authentication
• No message logging or storage
• Anonymous connection IDs
• No IP address tracking in application layer
• Fresh encryption keys on each session

Installation

Prerequisites

• Python 3.7 or higher
• pip package manager
• tkinter (for GUI mode only)

Setup

1. Install Python dependencies:

pip install -r requirements.txt

2. For GUI mode, install tkinter (if not already installed):

# Ubuntu/Debian
sudo apt install python3-tk

# Fedora
sudo dnf install python3-tkinter

# Arch Linux
sudo pacman -S tk

3. Make scripts executable:

chmod +x server.py client.py client_gui.py

Usage

Starting the Server

python3 server.py

The server automatically broadcasts its presence on the local network for client discovery.

Connecting as a Client

SecureChat offers both a GUI and CLI interface:

GUI Mode (Recommended for most users)

python3 client_gui.py

The GUI provides:

• Visual server discovery and connection management
• Real-time message display with color-coded messages
• Online users list with click-to-DM functionality
• Easy switching between broadcast and direct message modes
• Modern dark theme interface

CLI Mode (For advanced users and scripting)

python3 client.py

CLI options:

python3 client.py --help                    # Show help
python3 client.py --host 192.168.1.10       # Connect to specific host
python3 client.py --port 8888               # Use custom port
python3 client.py --no-discover             # Skip auto-discovery

Both clients will automatically discover and connect to available servers on your local network. If no servers are found, they will attempt to connect to localhost:9999 as a fallback.

Client Commands

GUI Controls

• Server Discovery: Click "Discover" to find servers on local network
• Connect/Disconnect: Toggle connection with the "Connect" button
• Send Message: Type in the input field and press Enter or click "Send"
• Message Type: Select "Broadcast" for all users or "Direct Message" for private chat
• User Selection: Click a user in the list to set them as DM target, double-click to switch to DM mode

CLI Commands

Once connected, you can use these commands:

• Send broadcast message: Just type your message and press Enter

  Hello everyone!
  

• Send direct message: Use /dm command

  /dm <user_id> <message>
  

  Example:

  /dm a1b2c3d4 This is a private message
  

• List online users: See who's connected

  /users
  

• Show help: Display available commands

  /help
  

• Quit: Exit the chat

  /quit
  

How It Works

Connection Flow

1. Client connects to server
2. Server assigns random anonymous ID
3. Client generates RSA key pair
4. Client sends public key to server
5. Server broadcasts user list with public keys
6. Client can now send encrypted messages

Broadcast Messages

1. Client encrypts message with their symmetric key
2. Encrypted message sent to server
3. Server relays to all other clients
4. Clients decrypt using sender's shared encryption context

Direct Messages

1. Client initiates DM to target user
2. Client encrypts their symmetric key with target's RSA public key
3. Encrypted key sent through server to target
4. Target decrypts symmetric key with their RSA private key
5. Secure channel established for direct messaging
6. All subsequent DMs use the shared symmetric key

Network Configuration

Firewall Rules

If running on a server, ensure port 9999 is open:

# UFW (Ubuntu/Debian)
sudo ufw allow 9999/tcp

# firewalld (CentOS/RHEL)
sudo firewall-cmd --permanent --add-port=9999/tcp
sudo firewall-cmd --reload

# iptables
sudo iptables -A INPUT -p tcp --dport 9999 -j ACCEPT

Running on Different Port

Modify the port in both server and client, or pass as argument:

# Server
python3 server.py  # Edit port in code or add CLI args

# Client
python3 client.py localhost 8888

Security Considerations

What This Provides

• End-to-end encryption of all messages
• Anonymous communication (no identity required)
• Protection against eavesdropping
• Secure key exchange

What This Does NOT Provide

• Protection against server operator seeing connection metadata (IP addresses, timing)
• Protection against network-level traffic analysis
• Forward secrecy (keys not rotated during session)
• Authentication of users (anyone can connect)
• Protection against man-in-the-middle if server is compromised

Recommendations for Enhanced Privacy

1. Use VPN: Additional layer of network privacy
2. Trusted Server: Only connect to servers you trust
3. Verify Keys: In high-security scenarios, verify public keys out-of-band
4. Ephemeral Sessions: Disconnect and reconnect frequently for fresh keys

Technical Details

Cryptographic Libraries

• cryptography: Python cryptography library (pyca/cryptography)
• RSA: 2048-bit keys with OAEP padding
• Fernet: Symmetric encryption (AES-128-CBC + HMAC)
• Hashing: SHA-256

Message Format

All messages are JSON-encoded:

{
  "type": "broadcast|direct|key_exchange|system",
  "from": "sender_anonymous_id",
  "encrypted_data": "base64_encoded_encrypted_message",
  "timestamp": "ISO8601_timestamp"
}

Protocol

• Transport: TCP sockets with asyncio
• Encoding: UTF-8
• Message Size: Up to 64KB per message
• Connection: Persistent TCP connection per client

Troubleshooting

Connection Refused

• Ensure server is running
• Check firewall rules
• Verify correct IP and port

Cannot Decrypt Messages

• Ensure you're using the same encryption session
• For DMs, key exchange must complete first
• Check for network interruptions

Server Crashes

• Check Python version (3.7+ required)
• Verify cryptography library is installed
• Check system resources (memory, file descriptors)

Development

Project Structure

securechat/
├── server.py          # Server implementation
├── client.py          # CLI client interface
├── client_gui.py      # GUI client interface (tkinter)
├── core.py            # Shared client core (encryption, networking)
├── requirements.txt   # Python dependencies
├── README.md          # This file
└── SETUP.md           # Detailed setup guide

Architecture

The client is split into three components:

• core.py: Contains CryptoManager, ServerDiscovery, and SecureChatClientCore - shared between GUI and CLI
• client.py: CLI wrapper with colored terminal output
• client_gui.py: GUI wrapper using tkinter

Extending

• Add file transfer: Implement chunked encrypted file sending
• Add rooms: Create separate encrypted chat rooms
• Add authentication: Optional identity verification
• Add forward secrecy: Implement key rotation
• Add persistence: Optional encrypted message history

Disclaimer

This software is provided for educational and privacy purposes. Users are responsible for compliance with local laws and regulations regarding encryption and anonymous communication. The authors assume no liability for misuse.