For our MSc Group Project, we were tasked to create a secure, distributed chat application with 2 separate client applications.
We opted to create an Android app as a mobile client, written in Java and a Desktop client written in Java as most of our team had learnt Java previously.
We also created our backend using Elixir to take advantage of distributed Erlang and as an opportunity to learn a new language.
Our backend was hosted on AWS ECS w/ WeaveNet (to provide multicast gossip discovery of additional Erlang nodes), and we utilised AWS S3 for publishing of released artefacts. We also utilised Travis CI to run our tests and publish development artefacts
Our clients generate an asymmetric 4096 bit RSA key on launch which are used to encrypt messages end-to-end between users. For example:
Alice wishes to send an encrypted message to Bob.
- Alice and Bob’s clients generate a 4096 bit RSA key on launch.
- Both of their clients send their public keys APub and BPub to the backend as registration.
- Alice sees that Bob is online after his client has registered.
- Alice composes the message she’d like to send to Bob and clicks send.
- Alice’s client downloads Bob’s public key, encrypts it and then sends the encrypted message to the server which brokers it to Bob.
- Bob receives the encrypted message and decrypts it with his public key, BPub.
This design does have it’s flaws, most notably that users have to trust the server.
For more information:
- see the GitHub repository here: https://github.com/MonarchsofCoding/chitchat
- Artefacts/Binaries here: https://s3-eu-west-1.amazonaws.com/kcl-chit-chat-artifacts/index.html