"Secure" Client-Server Communications "framework"


(0x00Jinx) #1

With the recent “burst” in cryptography posts on 0x00sec, I’ve decided to start a, more or less, point of concept framework. Nothing in the program is going to be groundbreaking new security measures, but a collection of many of the best.

  • The framework is going to be written in Python, and Cython.

  • Hosted on Github, I’m taking all suggestions and criticism that I can to make it better
    As with all my projects, they are open source. It will provide as much flexibility as possible.

  • Server-client model

  • 2048 bit RSA encryption (can be lowered or raised based on user needs)

  • The data is hashed before being sent, and the hash is encrypted with the sender’s private key, proving that the message came from the person that we believed sent it.

  • The hash, providing it was decrypted, will make sure the message wasn’t corrupted along the way

  • Data is decrypted within the server to perform, if configured, to filter data or search for keywords.

It’s been a while since I programmed and my skills are a bit rusty, so code checks are welcome.
Github for Project (Updated first, but updates will be moved to GitLab after thorough testing)
GitLab for Project

## Edit Secure key exchange is absolutely something I am going to implement, but after the base form of the framework is complete. Any more suggestions of implementations are going into consideration.

(oaktree) #2

Hi, maybe you should move the codebase over to https://git.0x00sec.org? That’s where we host our community projects.

This looks like an interesting start!

(0x00Jinx) #3

Thanks @oaktree. I’ll move it over there right away!


I’ll take a looksie, can’t resist reading best language

(Cal0X) #5

Nice project! I was meaning to do hashing and RSA encryption soon. Glad you posted.



(Leader & Offsec Engineer) #6

Awesome! Are you using diffie hellman? @Joe_Schmoe is a python freak and loves Diffie xD

(Leader & Offsec Engineer) #7

C++ is beginning to win my over. And I must say. Ruby is bae.

(Cal0X) #8

As far as I understood from the script, it’s SHA256 hashing and RSA encryption. Diffie Hellman is the well known AES encryption.




Diffie Hellman key exchange is a way to share an encryption key over an insecure channel. An example from wikipedia:

Alice and Bob agree on a prime modulus P = 23 and a base G = 5. Alice then chooses a secret integer, A = 6. Bob also chooses a secret number, B = 15.

Alice then computes C = G^A mod P, and Bob computes D = G^B mod P.

C and D are then exchanged over the insecure channel. They can now compute the shared secret: Alice computes S = D^A mod P, and Bob computes S = C^B mod P. S can now be used as a symmetric key, i.e. for AES.

(Not a N00b, but still learning) #10

I might be wrong, but did you mistake Diffie Hellman with Rijndael?

(Cal0X) #11

@SmartOne As Joe_Schmoe told, it’s a way of exchanging keys and is popular for it’s application in AES. Where as Rijndael is the block cipher algorithm used in AES. Hope this cleared up my ambiguous statement I made above. My bad!