encrypted terminal chat with file xfer, shared terminal acess, sandbox vm supporitn docker, multipass and virtualbox. also local ai model integration.
5cbe355660
- Replace RSA key exchange with SRP (Secure Remote Password) - Password never transmitted over network - Add unit tests for endpoints - Fix datetime.UTC compatibility for Python < 3.11 - Fix logger.exception usage - Update README with new auth flow diagram |
||
|---|---|---|
| cmd_chat | ||
| tests | ||
| .gitignore | ||
| cmd_chat.py | ||
| example.gif | ||
| LICENSE | ||
| README.MD | ||
| requirements.txt | ||
| tests.bat | ||
🤐 CMD-CHAT
encrypted terminal chat. no servers. no logs. ram only.
peer-to-peer encrypted chat that runs in your terminal. you host, you control. close the window — everything's gone.
why
every "secure" messenger still stores metadata somewhere. this doesn't. it's just two terminals talking over an encrypted tunnel. nothing written to disk, ever.
how it works
┌──────────────────────────────────────────────────────────────────┐
│ SRP AUTHENTICATION │
├──────────────────────────────────────────────────────────────────┤
│ │
│ CLIENT SERVER │
│ │ │ │
│ │─────── POST /srp/init {username, A} ───────► │ │
│ │ (A = client public ephemeral) │ │
│ │ │ │
│ │◄────────── {user_id, B, salt} ────────────── │ │
│ │ (B = server public ephemeral) │ │
│ │ │ │
│ │ │ │
│ │ [both sides compute shared session key │ │
│ │ using password + ephemeral values] │ │
│ │ │ │
│ │ │ │
│ │─────── POST /srp/verify {user_id, M} ──────► │ |
│ │ (M = client proof) │ │
│ │ │ │
│ │◄────────── {H_AMK, session_key} ──────────── │ │
│ │ (H_AMK = server proof) │ │
│ │ │ │
│ │ [password never transmitted] │ │
│ │ [MITM can't derive session key] │ |
│ │ │ │
├──────────────────────────────────────────────────────────────────┤
│ ENCRYPTED CHAT │
├──────────────────────────────────────────────────────────────────┤
│ │ │ │
│ │═══════ WebSocket /ws/chat?user_id ═════════► │ │
│ │ (authenticated session) │ │
│ │ │ │
│ │◄═══════════ AES-encrypted messages ════════► │ │
│ │ (Fernet = AES-128-CBC + HMAC) │ │
│ │ │ │
│ │ │ │
│ │ [on disconnect: keys wiped from RAM] │ │
│ │ │ │
└──────────────────────────────────────────────────────────────────┘
SRP (Secure Remote Password) — password is never sent over the network. both sides prove they know it via zero-knowledge proof, then derive identical session keys.
install
git clone https://github.com/emilycodestar/cmd-chat.git
cd cmd-chat
python -m venv venv && source venv/bin/activate && pip install -r requirements.txt
windows:
python -m venv venv ; .\venv\Scripts\activate ; pip install -r requirements.txt
usage
start server:
python cmd_chat.py serve 0.0.0.0 3000 --password mysecret
connect:
python cmd_chat.py connect SERVER_IP 3000 username mysecret
features
- ram only — nothing touches disk
- rsa + aes — key exchange + symmetric encryption
- no central server — direct p2p connection
- srp auth — password never sent over network
license
MIT