README
¶
Strike
End-to-End Encrypted Messaging service using gRPC
Running Strike Locally
The following instructions may reference podman as the container runtime, but docker is interchangeable here.
The makefile will account for whether you are using Docker or Podman (target: check-runtime)
Keys
Signing: ED25519 key pair is used for signing messages to ensure that the sender of a message is authentic. Encryption: Curve25519 key pair is used for message encryption Key-Exchange/Encryption/Key derivation
Keys that are yet to be implemented:
- Ephemeral Key Pair - Session keys
- Symmetric Key Pair - Message Encryption
Configuration references a key path for ~/.strike-keys/, this is where keys will be placed by default if you make use of the strike client binary --keygen flag. This generates 2 sets of long term keys (ED25519 signing keys & Curve25519 encryption keys)
This will generate you a private and public key that can be then used with the client.
Certificate
To use Strike with TLS enabled you will need to generate a Certificate for your server using its private key and distribute that to your users.
Using the --keygen flag with the server binary (go build cmd/strike-server/main.go && ./cmd/strike-server/main.go --keygen) will automatically generate a certificate for you.
Like the server keys these can be found at ~/.strike-server.
Configuration
The Client currently supports config from either a JSON file or ENV vars.
If you wish to run the Client in a container use make target client-container-run, but ensure that you provide config to the container correctly, ENV vars recommended:
SERVER_HOST=strike_server:8080
PRIVATE_SIGNING_KEY_PATH=/home/.strike-keys/strike_signing.pem
PUBLIC_SIGNING_KEY_PATH=/home/.strike-keys/strike_public_signing.pem
PRIVATE_ENCRYPTION_KEY_PATH=/home/.strike-keys/strike_encryption.pem
PUBLIC_ENCRYPTION_KEY_PATH=/home/.strike-keys/strike_public_encryption.pem
CLIENT_SERVER_CERT_PATH=/home/strike-client/strike_server.crt
The Server container also requires Env vars to specify paths to keys and its certificate.
SERVER_NAME=endpoint0
PRIVATE_SIGNING_KEY_PATH=/home/strike-server/strike_server.pem
PUBLIC_SIGNING_KEY_PATH=/home/strike-server/strike_server_public.pem
SERVER_CERT_PATH=/home/strike-server/strike_server.crt
These Env vars are loaded into the containers by their repective Makefile targets and currently only work for a local deployment,
but should you wish to deploy Strike another way, env.server & env.client can be found in the config directory.
Container runtime network
Create a network for strike using the following:
podman network create strikenw
This will facilitate our container's communicating
Postgres
Build DB container
make db-container-build
Run DB container
make db-container-run
Server
Build Server container
make server-container-build
Run Server container
make server-container-run
Client
Build client container
make client-container-build
Run client container
make client-container-run
Run another client container (Testing purposes)
make another-client-container-run
Build client binary
make client-binary-build
Run client binary
make client-binary-run
Useage
To run a local version of the Strike Messaging service, you can make use of the above steps for key generation, and the supplied environment files.
The generated keys will be placed in ~/.strike-keys for the client, and ~/.strike_server will hold the servers signing keys and its certificate which is used by any client you wish to connect as TLS is enabled.
As it stands, a local useage should look like the following.
Run the Strike DB: make db-container-build followed by make db-container-run
Assuming that keys have been generated by using a strike client and server binary.
Run the Strike Server: make server-container-build followed by make server-container-run
You can run several clients if you wish, but it is important to change the container name so it doesn't conflict when you try to run multiple. Both of these can be achieved by modifying the make client-container-run target, or running the container runtime commands yourself (podman/docker)
Run Strike Clients: make client-container-build followed by make client-container-run
Note: make another-client-container-run will create a second client container with the same set of keys, but a new container name, strike_client1, this will be useful to test functions between 2 clients (Chat creation, messaging, etc.)
Now that you are running the client/clients you will be presented a shell and have access the following commands:
/signup will enable the client to register a user with the server, followed by logging that User in.
/login will enable an existing user access to the strike server, this will then register a status stream on the server, and you should see that your username has logged in. The user status stream will be used to enable Online/Offline status at a later date.
Once the user is logged in:
/msgshell will enable an interactive messaging shell, from here you will be able to send messages to yourself or other clients message streams.
This however, requires an active Chat.
/beginchat will allow you to send a chat invite to another user, you will be prompted for a username, and if they are online an invite will be sent.
/invites will list any pending invites that you have recieved and not responded to. y will accept an invite, n will decline.
/chats will list chats that you have joined via Invite, and will allow you to set one as active. This active chat will allow you to send messages.
Inputting <target username>:<message> will deliver a message to the targetted user (i.e. client0:Hello World!)
As of now invites and chats are not persisted.
As this project is in a working state, changes will be incremental, eventually we would like to intergrate a terminal library for a nicer shell experience.
Dependencies
Protoc - for generating Protobuf definition code
Directories