发送和接收用axolotl(双棘轮)协议加密的消息
Pyxolotl的Python项目详细描述
发送和接收用Axolotl (Double Ratchet)协议加密的消息
说明
Pyxolotl允许您使用 perfect forward and future secrecy结束 任何频道(电子邮件、IM、IRC、Twitter、Hangouts、Facebook等)。它使用相同的 Axolotl (Double Ratchet)协议作为信号 开放式耳语系统的信息应用程序。
协议
描述了实际的有线协议 here。标题 (用于区分标准消息和密钥交换消息)是模糊的 有100000次pbkdf2迭代(整个加密消息用作salt)。这应该使 识别pyxolotl消息非常耗费资源,以阻止大规模监视或筛选。
密钥交换
pyxolotl是无服务器的,所有消息都是p2p发送的,所以它不使用 prekeys。必须先发送初始密钥 将邮件交换给收件人并等待其答复,然后再发送实际邮件(这与 SMS Transport 在旧版本的textsecure和smssecure/silence中)。一旦初始密钥交换完成, 双方可以互发信息,没有任何其他不便。安全模型是 TOFU(首次使用时信任),双方 应通过独立的安全通道比较公钥,以减轻在 初始密钥交换。
运输
Pyxolotl有可插入的传输。目前只有明文传输(打印 编码消息到终端)和email传输(消息编码到/解码自 格式良好的mime电子邮件)。
编码
加密消息可以使用不同的传输编码。目前有标准的base64 编码(不带填充)和作为一种好奇心mnemonic编码(基于 BIP-0039: Mnemonic code for generating deterministic keys 它将加密的消息编码为一个单词序列)。助记编码效率低 (消息大约比base64大3.5倍),但它可以添加另一层模糊处理 大规模监视或过滤。
本地加密
本地数据库(私钥、会话等)使用派生的256位密钥用AES-CBC加密 来自密码短语(有100000个pbkdf2和随机salt的迭代)并通过hmac-sha256认证。
要求
- python>;=3.3
- python的枚举(https://pypi.python.org/pypi/enum)<;3.4
- Python轴突(https://github.com/tgalal/python-axolotl)
- python-axolotl-curve25519(https://github.com/tgalal/python-axolotl-curve25519)
- protobuf(https://github.com/google/protobuf)>;=2.6
- 密码(https://github.com/dlitz/pycrypto)
用法
运行pyxolotl --help查看所有可用选项。
帮助
usage: pyxolotl [-h] [-d] [-t {plaintext,email}] [-e {base64,mnemonic}] [--log LOG] [--db DB] [--config CONFIG] [--version] [-a ADDRESS] [-s SUBJECT] {list,ls,send,receive,recv,exchange,delete,del,rm,passwd} ... send and receive messages encrypted with Axolotl protocol optional arguments: -h, --help show this help message and exit -d, --debug log detailed debugging messages (default: False) -t {plaintext,email}, --transport {plaintext,email} choose message transport (default: plaintext) -e {base64,mnemonic}, --encoder {base64,mnemonic} choose message encoding (default: base64) --log LOG log file path (default: ~/.local/share/pyxolotl/pyxolotl.log) --db DB database file path (default: ~/.local/share/pyxolotl/pyxolotl.db) --config CONFIG configuration file path (default: ~/.local/share/pyxolotl/pyxolotl.json) --version show program's version number and exit email transport: -a ADDRESS, --address ADDRESS your own email address (default: None) -s SUBJECT, --subject SUBJECT subject of sent emails (default: None) commands: run `pyxolotl COMMAND --help` to see help message for specific command {list,ls,send,receive,recv,exchange,delete,del,rm,passwd} available commands list (ls) list known identities send send message to recipient receive (recv) receive message from sender exchange start initial key exchage with recipient delete (del, rm) end session with recipient passwd change passphrase to local storage
待办事项:
- 写更多的传输(特别是google hangouts,twitter direct messages,facebook messenger, irc和xmpp)
- 使电子邮件传输更完整(使用SMTP发送,使用IMAP空闲接收)
- 创建类似im的控制台ui(使用asyncio和Urwid)
- 创建类似qt 5/qml的即时消息图形用户界面
- 添加对多个设备的支持
- 添加对组消息的支持
- 添加对使用问题验证身份的支持(使用 socialist millionaire协议)
示例
[alice@nsa.gov ~]$ pyxolotl exchange bob SEND: To: bob Encrypted message: 4uJ8zyMIwSgSIQUuLKlC8WdspRietP45P6nFU6/50wT4cQYxNw4vvqKLHxohBYLC5sDLZ78syjQIMf9PA+3Q9MGootUvOajaZA3thspDIiEF6sSiWxB6l0B4oE7gcMl1T3W+hzI548U46cYrR5KUjXY [bob@fsb.ru ~]$ pyxolotl receive RECEIVE: From: alice Encrypted message: 4uJ8zyMIwSgSIQUuLKlC8WdspRietP45P6nFU6/50wT4cQYxNw4vvqKLHxohBYLC5sDLZ78syjQIMf9PA+3Q9MGootUvOajaZA3thspDIiEF6sSiWxB6l0B4oE7gcMl1T3W+hzI548U46cYrR5KUjXY Received initial key exchange request! Send this reply to complete key exchange: SEND: To: alice Encrypted message: 0yx89TMIwigSIQVN+wtEio0h+Zx7WPcIwM9WreOy0r7eETBclhOtDAvANhohBb4qfe8R05/167DQDdd2Gqp5OrxAPcriwJMtzi+2b7QrIiEFhfVGHlCm6b1SX36V1HeFX4pAeW15v1aLb2nGi57NZFAqQD3rKGjPDCCm1Kj6i8GUnf4MAc56fhRIYhUJH2mSvlcSAl2XotmR2Yz2lY0wa7TW1JnmUX+YBbIEgIHk0gQ9Log [alice@nsa.gov ~]$ pyxolotl receive RECEIVE: From: bob Encrypted message: 0yx89TMIwigSIQVN+wtEio0h+Zx7WPcIwM9WreOy0r7eETBclhOtDAvANhohBb4qfe8R05/167DQDdd2Gqp5OrxAPcriwJMtzi+2b7QrIiEFhfVGHlCm6b1SX36V1HeFX4pAeW15v1aLb2nGi57NZFAqQD3rKGjPDCCm1Kj6i8GUnf4MAc56fhRIYhUJH2mSvlcSAl2XotmR2Yz2lY0wa7TW1JnmUX+YBbIEgIHk0gQ9Log Initial key exchange completed! [alice@nsa.gov ~]$ pyxolotl ls Your public key: 05eac4a25b107a974078a04ee070c9754f75be873239e3c538e9c62b4792948d76 Existing sessions: Identity: bob, Pending key exchange: False Public key: 0585f5461e50a6e9bd525f7e95d477855f8a40796d79bf568b6f69c68b9ecd6450 [bob@fsb.ru ~]$ pyxolotl ls Your public key: 0585f5461e50a6e9bd525f7e95d477855f8a40796d79bf568b6f69c68b9ecd6450 Existing sessions: Identity: alice, Pending key exchange: False Public key: 05eac4a25b107a974078a04ee070c9754f75be873239e3c538e9c62b4792948d76 [alice@nsa.gov ~]$ pyxolotl send bob Message: Hello Bob! SEND: To: bob Encrypted message: a74TljMKIQWJl7sz1bTEIhF/7nwKBLRi7XeEpzcur7t/MOixAOfbHRAAGAAiEEgco7NQXppy/qsm5TdJllpW+nTQ1QjVsQ [bob@fsb.ru ~]$ pyxolotl receive RECEIVE: From: alice Encrypted message: a74TljMKIQWJl7sz1bTEIhF/7nwKBLRi7XeEpzcur7t/MOixAOfbHRAAGAAiEEgco7NQXppy/qsm5TdJllpW+nTQ1QjVsQ DECRYPTED: Hello Bob! [bob@fsb.ru ~]$ pyxolotl send alice Message: Hello Alice! SEND: To: alice Encrypted message: Zd/HKjMKIQXLGyTr5AcvrpUhfR2H7bYqLXqVy7GpE84VvFFkm1LDbxAAGAAiEJDC8/kM59yVzNeCBtjDVOe1CHWuFDbhYg [alice@nsa.gov ~]$ pyxolotl receive RECEIVE: From: bob Encrypted message: Zd/HKjMKIQXLGyTr5AcvrpUhfR2H7bYqLXqVy7GpE84VvFFkm1LDbxAAGAAiEJDC8/kM59yVzNeCBtjDVOe1CHWuFDbhYg DECRYPTED: Hello Alice!