v1.0.0

CMD-CHAT v1.0.0

Terminal-based encrypted chat over raw TCP sockets.

Run

Binaries are available only for Windows. You need to start the server first and open your ports to the internet. After that, you create a password and your server is hosted. All your clients need is the IP, port, and password. That's it.

Architecture

Single-port TCP server using asyncio.start_server(). No HTTP layer, no WebSocket upgrade — just persistent TCP connections with newline-delimited JSON framing.

Authentication

SRP-6a (Secure Remote Password) protocol per RFC 5054. Client and server perform zero-knowledge proof of password possession without transmitting the password or its hash. Both parties independently derive identical session keys through Diffie-Hellman-like exchange using password as additional entropy.

Flow:

1. Client sends public ephemeral A
2. Server responds with public ephemeral B + salt
3. Client computes proof M from password + salt + A + B
4. Server verifies M, responds with H(A, M, K) for mutual authentication

Encryption

Two-tier key hierarchy:

• Session key: Derived from SRP exchange, unique per connection, used for transport authentication
• Room key: Derived via HKDF-SHA256(password, room_salt), shared across all clients with same password

Messages encrypted with Fernet (AES-128-CBC + HMAC-SHA256). Server stores and relays ciphertext without decryption capability.

Transport

Protocol: JSON messages terminated by \n (0x0A)

Connection lifecycle:

CONNECT → SRP_INIT → SRP_VERIFY → AUTHENTICATED → CHAT_LOOP → DISCONNECT

All phases occur on single TCP socket. No reconnection logic — connection drop requires full re-authentication.

Memory Model

All state held in process memory. MessageStore and UserSessionStore are dict-backed in-memory structures. No persistence layer, no disk I/O. Process termination destroys all data.

Dependencies

• cryptography: Fernet symmetric encryption, HKDF key derivation
• srp: SRP-6a protocol implementation
• rich: Terminal UI rendering