JavaScript Cryptographic Chat: Chat system that exchanges encrypted messages

Recommend this page to a friend!
  Info   Documentation   View files Files   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 178 All time: 292 This week: 2Up
Version License JavaScript version Categories
cchat 1.0.6GNU General Publi...2AJAX, Cryptography, Chat
Description 

Author

This package implements a chat system that exchanges encrypted messages.

Users can send messages to the peers over a network using AJAX requests.

The messages are encrypted with a previously agreed password between the peers.

The messages are stored encrypted in the server database using PHP.

Innovation Award
JavaScript Programming Innovation award winner
August 2016
Winner


Prize: One ebook of choice by Packt
Since Eduard Snowden has disclosed that many people communications were being intercepted, many users become worried with whether they were being tapped on the Internet.

Several solutions appeared to provide end-to-end encryption of messages exchanged between users.

This package provides a solution to chat between two users that uses a secret key to encrypt the messages.

Even though messages are stored on the server database, it is not possible to decrypt the messages without using the password that only the users have on the browser side.

Manuel Lemos
Picture of Martin Latter
  Performance   Level  
Name: Martin Latter <contact>
Classes: 3 packages by
Country: United Kingdom
Age: ???
All time rank: 1034 in United Kingdom
Week rank: 6 Up1 in United Kingdom Up
Innovation award
Innovation award
Nominee: 2x

Winner: 2x

Documentation

CChat

Lightweight end-to-end encrypted chatbox, with an emphasis on speed and minimalism.

[1]: https://tinram.github.io/images/cchat.png ![cchat][1]

Password

Uses a previously agreed password with the recipient, avoiding any initial key exchange across a network.

Features

  • Lightweight (45kB).
  • All data encrypted by the browser's JavaScript.
  • Uses only PHP, MySQL, and JavaScript.
  • POST AJAX used (GET AJAX data would be recorded in server logs).
  • Coded to PHP 5.3 and using legacy JavaScript event handlers for maximum server-client compatibility.

Encryption

  • SHA-256-hashed key.
  • Blowfish cipher in CBC-mode (base64 display overlays binary-encrypted data).
  • Messages stored encrypted in the database.

The Blowfish block cipher is simple, strong, and fast. Its speed is ideal for JavaScript implementation.

Set-up

  1. Clone the repository (or extract the ZIP archive) into a suitable directory in the server's web directory e.g.

    `cd /var/www/html`

    `sudo git clone https://github.com/Tinram/CChat.git`

  2. On Linux/BSD servers, set appropriate file ownership / permissions e.g. for Debian-based distros, Apache is www-data:

    `sudo chown -R www-data:<username> CChat/`

    `cd CChat`

    `sudo chmod 664 install.php classes/cchat.class.php`

  3. Edit the configuration section details in install.php (line 18 onwards): username, passwords, database, host etc.
  4. Edit the relevant constants in /classes/cchat.class.php (line 19 onwards) to conform to the credentials used in install.php
  5. Execute install.php via the terminal: `php install.php` or through the server:

    `http://localhost/CChat/install.php`

    (which, if you have root MySQL access, should mean set-up is now complete)

  6. View CChat's index.php in a browser, which if install.php ran correctly, should display without connection errors to the server, and display init: test as the first message.

    `http://localhost/CChat/`

  7. Alter the timezone if required: index.php (line 7):

    `date_default_timezone_set('Europe/London');`

Operation

Fields:

  1. message display
  2. your name
  3. your password (use a strong password, previously agreed, to share messages with a recipient)
  4. your message

The decrypt button will decrypt existing encrypted messages in field 1, if the correct password is present in field 2.

Enter your name in field 2, password in field 3, and a message in field 4, then click the chat button.

A page refresh (encrypted messages displayed) or the wrong password will result in gibberish displayed in field 1.

Default Timings

The AJAX polling is 6 seconds between server checks for new messages (change the iCheckFreq variable (in microseconds) /js/cchat.js (line 21)).

The last hour's messages are displayed in field 1 (change the MESSAGE_BUFFER constant /classes/cchat.class.php (line 25)).

Character Set Limitation

Unicode character encoding is unfortunately not possible with the present JavaScript Blowfish cipher encryption (the reason the database remains as latin1 encoding).

Known Bugs

  1. Intermittent duplicate message bug (refresh page and it disappears): /js/cchat.js (line 297).
  2. Some intermittent line break character removal when using Linux and Windows browser clients together.

Credits

  • Nils Reimers for the Blowfish cipher implementation in JavaScript.
  • Angel Marin and Paul Johnston for the SHA-256 hash function implementation in JavaScript.
  • Matthew of JS Classes for testing / revision suggestions.
  • Karl, who asked me to create a 'shoutbox' in 2010.

Dedications

  • To God (I narrowly escaped death in 1992).
  • To Sofia.

License

CChat is released under the GPL v.3.

Miscellaneous

alt

<small>Won a JS Classes Innovation Award (August 2016).</small>


  Files folder image Files (10)  
File Role Description
Files folder imageclasses (1 file)
Files folder imagecss (1 file)
Files folder imageincludes (2 files)
Files folder imagejs (2 files)
Files folder imagesql (1 file)
Accessible without login Plain text file index.php Data Auxiliary data
Accessible without login Plain text file install.php Data Auxiliary data
Accessible without login Plain text file README.md Doc. Read me

  Files folder image Files (10)  /  classes  
File Role Description
  Accessible without login Plain text file cchat.class.php Data Auxiliary data

  Files folder image Files (10)  /  css  
File Role Description
  Accessible without login Plain text file cchat.css Data Auxiliary data

  Files folder image Files (10)  /  includes  
File Role Description
  Accessible without login Plain text file check.php Data Auxiliary data
  Accessible without login Plain text file update.php Data Auxiliary data

  Files folder image Files (10)  /  js  
File Role Description
  Plain text file bf.js Class Class source
  Plain text file cchat.js Class Class source

  Files folder image Files (10)  /  sql  
File Role Description
  Accessible without login Plain text file cchat.sql Data Auxiliary data

 Version Control Unique User Downloads Download Rankings  
 100%
Total:178
This week:0
All time:292
This week:2Up