this post was submitted on 12 Mar 2025
28 points (96.7% liked)

Open Source

35531 readers
787 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
28
P2P E2EE Messaging (lemmy.ml)
submitted 3 weeks ago by positive_intentions@lemmy.ml to c/opensource@lemmy.ml
5 comments fedilink hide all child comments
 

https://github.com/positive-intentions/chat

A webapp for P2P E2EE messaging and file transfer. its a fairly unique approach to secure messaging.

the project isnt ready to replace any existing apps or services, but given the competative market for this kind of project, id like to push it out to get feedback.

i made an attempt to create documentation on the website, but otherwise feel free to reach out with questions about how it works.

Note: this project has NOT been audited. It, along with it's source code are provided for testing and demo purposes.

top 5 comments
sorted by: hot top controversial new old
[–] Valmond@lemmy.world 4 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Interesting!

So you have to connect to some central point to use it(which can be ran locally by yourself)?

[–] positive_intentions@lemmy.ml 3 points 3 weeks ago (1 children)

That's right. It's using peerjs-server as the connection broker.

[–] Valmond@lemmy.world 1 points 3 weeks ago (1 children)

So if say 5 persons want to talk, they have to connect to a specific address and behind that address this soft turns I guess?

How do you authenticate people?

[–] positive_intentions@lemmy.ml 2 points 3 weeks ago* (last edited 3 weeks ago)

group chat is still a work-in-progress, but it'll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.

when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.

the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a "known-peer", the keys can be used for a kind-of p2p authentication.

all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.

for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication

[–] gon@lemm.ee 2 points 3 weeks ago

oh cool, I'll definitely check it out !