diff options
| author | Gab <24553253+gabrix73@users.noreply.github.com> | 2025-10-06 04:13:23 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-10-06 04:13:23 +0200 |
| commit | 965050012c4a0a3d7dd0f060f6bd0e5cfce85a9d (patch) | |
| tree | f699975c9222cdd21808f778c7b30dad4ad64e45 | |
| parent | 1d2c6b9e86eadbf7b385701a6800fe21a56b57c7 (diff) | |
| download | noshitalk-965050012c4a0a3d7dd0f060f6bd0e5cfce85a9d.tar.gz noshitalk-965050012c4a0a3d7dd0f060f6bd0e5cfce85a9d.tar.xz noshitalk-965050012c4a0a3d7dd0f060f6bd0e5cfce85a9d.zip | |
Update README.md
| -rw-r--r-- | README.md | 536 |
1 files changed, 359 insertions, 177 deletions
@@ -1,182 +1,364 @@ -# Noshitalk -NoshiTalk is a zero-knowledge, end-to-end encrypted messaging system designed for maximum privacy and security. Built with Go, it operates seamlessly over Tor hidden services and implements military-grade cryptography with perfect forward secrecy. - -🌟 Features -🔒 Uncompromising Security - -End-to-End Encryption: ECDH key exchange + AES-256-GCM -Perfect Forward Secrecy: New keys for every session -TLS 1.3: Modern secure transport layer -Memory Protection: Secure key handling with memguard -Zero-Knowledge Architecture: Server learns nothing about messages - -🧅 Complete Anonymity - -Native Tor Support: Built-in .onion routing -No Logs Policy: Zero data retention -Anonymous Identities: Random user IDs per session -No Registration: Connect and chat instantly -Auto-Wipe: Session data destroyed on disconnect - -💪 Reliability & Performance - -Persistent Connections: No timeouts, infinite session support -Auto-Reconnection: Intelligent connection recovery -Heartbeat Protocol: Keep-alive mechanism -Low Latency: Optimized for Tor networks -Cross-Platform: Linux, macOS, Windows support - -🚀 Quick Start -Prerequisites - -Go 1.21 or higher -Tor (for .onion connections) -Git +# NoshiTalk -Installation -bash# Clone the repository -git clone https://github.com/gabrix73/noshitalk.git -cd noshitalk - -# Install dependencies -go mod init noshitalk -go get github.com/awnumar/memguard -go get fyne.io/fyne/v2 -go get golang.org/x/net/proxy - -# Build server -go build -trimpath -ldflags="-s -w" -o noshitalk-server server.go - -# Build client (requires CGO for GUI) -CGO_ENABLED=1 go build -trimpath -ldflags="-s -w" -o noshitalk-client client.go -📖 Usage -Starting the Server -bash# Standard mode -./noshitalk-server - -# The server will: -# - Generate self-signed certificates (first run) -# - Listen on port 8083 -# - Accept connections via Tor or direct -Running the Client -bash# Launch GUI client -./noshitalk-client - -# Connect to: -# - Local server: localhost:8083 -# - Tor hidden service: xyz123.onion:8083 -Tor Hidden Service Setup - -Install Tor: - -bash# Debian/Ubuntu -sudo apt install tor - -# macOS -brew install tor - -# Start Tor -tor - -Configure Hidden Service (/etc/tor/torrc): - -bashHiddenServiceDir /var/lib/tor/noshitalk/ -HiddenServicePort 8083 127.0.0.1:8083 - -Get your .onion address: - -bashsudo cat /var/lib/tor/noshitalk/hostname -🔧 Configuration -Server Options -ParameterDefaultDescriptionPort8083Listening portTLSAuto-generatedECC certificatesTimeoutNonePersistent connectionsLoggingDisabledZero-knowledge policy -Client Features - -Auto-Reconnect: Checkbox to enable/disable -Debug Log: Real-time connection monitoring -Secure Input: Encrypted before leaving client -Message History: Session-only, wiped on disconnect - -🏗️ Architecture -┌──────────────┐ ┌──────────────┐ ┌──────────────┐ -│ Client A │◄────────┤ Server ├────────►│ Client B │ -├──────────────┤ ECDH + │ │ ECDH + ├──────────────┤ -│ AES-256-GCM │ TLS 1.3│ Zero-Trust │ TLS 1.3│ AES-256-GCM │ -│ memguard │◄────────┤ No Storage ├────────►│ memguard │ -└──────────────┘ Tor └──────────────┘ Tor └──────────────┘ -Cryptographic Flow - -TLS Handshake: Establish secure channel -ECDH Exchange: Generate shared secret (X25519) -Key Derivation: Create AES-256-GCM key -Message Encryption: AES-256-GCM with random nonce -Forward Secrecy: Keys destroyed on disconnect - -🔮 Roadmap -v0.2 - Quantum Resistance (In Development) - - McEliece post-quantum cryptography - Hybrid classical-quantum encryption - Independent from NIST curves - -v0.3 - Secure File Transfer - - End-to-end encrypted file sharing - Chunked transfer protocol - Integrity verification (BLAKE3) - -v0.4 - Multimedia Support - - Encrypted audio/video streaming - WebRTC integration - Opus/AV1 codecs - -v0.5 - Advanced Steganography - - Hide messages in images - Drag & drop interface - Multiple encoding algorithms - -🛡️ Security Considerations -What NoshiTalk Protects Against -✅ Message Interception: End-to-end encryption -✅ Traffic Analysis: Tor routing -✅ Identity Correlation: Anonymous, ephemeral IDs -✅ Memory Forensics: Secure key wiping -✅ Replay Attacks: Nonce-based encryption -✅ Future Decryption: Perfect forward secrecy -Operational Security (OPSEC) - -Always verify .onion addresses out-of-band -Use Tor Browser for additional anonymity -Run on trusted, encrypted systems -Consider using Tails OS for maximum security -Never share session identifiers - -🤝 Contributing -Contributions are welcome! Please ensure: - -Code follows Go best practices -Security is never compromised for features -All cryptographic changes are peer-reviewed -Tests pass and coverage remains high +Self-hosted encrypted chat over Tor with Ed25519 cryptographic identity. -📄 License -MIT License - See LICENSE file for details -⚠️ Disclaimer -NoshiTalk is provided as-is for educational and legitimate privacy purposes. Users are responsible for complying with local laws and regulations. The developers assume no liability for misuse. -🙏 Acknowledgments +[](LICENSE) +[](https://go.dev/) -memguard - Secure memory handling -Fyne - Native Go GUI framework -Tor Project - Anonymous communication -Cryptography community for peer review - -📞 Contact - -Security Issues: Open a private security advisory -Feature Requests: Use GitHub Issues -General Discussion: GitHub Discussions +## Overview +NoshiTalk is a self-hosted instant messaging platform designed for decentralized operation over Tor. Each instance operates independently with no central authority. -Remember: True security comes from good OPSEC, not just good crypto. -🔐 Stay Secure, Stay Anonymous, Use NoshiTalk +**Key characteristics:** +- Ed25519 cryptographic identity (no registration) +- E2E encryption (ECDH X25519 + AES-256-GCM) +- Ephemeral messages (RAM only, no persistence) +- Tor-only routing (.onion hidden services) +- Zero-knowledge server architecture + +--- + +## VPS Installation (Debian/Ubuntu) + +### Requirements + +- Debian 11+ or Ubuntu 20.04+ +- 512MB RAM minimum (1GB recommended) +- Tor daemon +- Go 1.19+ + +### Setup + +#### 1. Install dependencies + +```bash +sudo apt update && sudo apt upgrade -y +sudo apt install -y tor golang-go git build-essential +``` + +Verify: +```bash +tor --version # Expected: 0.4.x+ +go version # Expected: 1.19+ +``` + +#### 2. Clone repository + +```bash +cd ~ +git clone https://github.com/gabrix73/Noshitalk.git +cd Noshitalk +``` + +#### 3. Build with hardened flags + +```bash +go build \ + -ldflags="-s -w" \ + -trimpath \ + -buildmode=pie \ + -o noshitalk-server \ + noshitalk-web-client.go +``` + +**Build flags:** +- `-ldflags="-s -w"`: Strip symbols and DWARF tables +- `-trimpath`: Remove filesystem paths +- `-buildmode=pie`: Position-independent executable (ASLR) + +#### 4. Configure Tor + +Edit configuration: +```bash +sudo nano /etc/tor/torrc +``` + +Add: +``` +HiddenServiceDir /var/lib/tor/noshitalk/ +HiddenServicePort 8080 127.0.0.1:8080 +``` + +Restart Tor: +```bash +sudo systemctl restart tor +sudo systemctl enable tor +``` + +Retrieve .onion address: +```bash +sudo cat /var/lib/tor/noshitalk/hostname +``` + +#### 5. Create systemd service + +```bash +sudo nano /etc/systemd/system/noshitalk.service +``` + +Configuration: +```ini +[Unit] +Description=NoshiTalk Server +After=network.target tor.service +Requires=tor.service + +[Service] +Type=simple +User=YOUR_USERNAME +WorkingDirectory=/home/YOUR_USERNAME/Noshitalk +ExecStart=/home/YOUR_USERNAME/Noshitalk/noshitalk-server +Restart=always +RestartSec=10 + +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=/home/YOUR_USERNAME/Noshitalk + +[Install] +WantedBy=multi-user.target +``` + +Replace `YOUR_USERNAME` with actual username. + +Enable and start: +```bash +sudo systemctl daemon-reload +sudo systemctl enable noshitalk +sudo systemctl start noshitalk +``` + +Check status: +```bash +sudo systemctl status noshitalk +``` + +#### 6. Configure firewall + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +sudo ufw allow ssh +sudo ufw enable +``` + +Note: No incoming ports required (Tor handles routing). + +#### 7. Verify + +Access via Tor Browser: +``` +http://YOUR_ONION_ADDRESS.onion +``` + +--- + +## Architecture + +### Decentralization + +Each server operates independently. No federation protocol implemented (servers do not communicate). Users connect directly to specific .onion addresses. + +**Network characteristics:** +- No single point of failure +- Geographic/jurisdictional distribution +- Each instance sets own policies + +### Cryptographic Implementation + +**Identity:** Ed25519 public key hash serves as user identifier + +**Key Exchange:** ECDH X25519 generates shared secret + +**Encryption:** AES-256-GCM with derived keys + +**Authentication:** Challenge-response using Ed25519 signatures + +**Transport:** Tor v3 hidden services + +### Zero-Knowledge Design + +Server cannot: +- Decrypt message content (E2E encrypted) +- Log IP addresses (Tor anonymization) +- Access private keys (client-side generation) +- Store messages (RAM only, no database) + +### Client Implementation + +**Web:** JavaScript WebCrypto API, keys in browser memory + +**Desktop:** Go native with memguard (encrypted RAM) + +**CLI:** Go terminal interface + +All clients generate keys locally and support .noshikey file export. + +--- + +## Configuration + +### Performance Tuning + +For high-traffic servers, increase file descriptor limits: + +```bash +sudo nano /etc/security/limits.conf +``` + +Add: +``` +YOUR_USERNAME soft nofile 65535 +YOUR_USERNAME hard nofile 65535 +``` + +### Monitoring + +View logs: +```bash +sudo journalctl -u noshitalk -f +``` + +Check Tor: +```bash +sudo systemctl status tor +``` + +### Updates + +```bash +cd ~/Noshitalk +git pull +go build -ldflags="-s -w" -trimpath -buildmode=pie -o noshitalk-server noshitalk-web-client.go +sudo systemctl restart noshitalk +``` + +--- + +## Troubleshooting + +### Server fails to start + +Check logs: +```bash +sudo journalctl -u noshitalk -n 50 +``` + +Common causes: +- Tor not running: `sudo systemctl start tor` +- Port conflict: Change port or kill conflicting process +- Permission errors: Verify systemd service user + +### Tor connection issues + +Verify Tor status: +```bash +sudo systemctl status tor +``` + +Check Tor logs: +```bash +sudo journalctl -u tor -f +``` + +Verify hidden service: +```bash +sudo ls -la /var/lib/tor/noshitalk/ +``` + +### Client connection failures + +1. Verify .onion address: `sudo cat /var/lib/tor/noshitalk/hostname` +2. Check server listening: `sudo netstat -tlnp | grep 8080` +3. Test locally: `curl -x socks5h://localhost:9050 http://YOUR_ONION.onion` + +--- + +## Technical Specifications + +| Component | Algorithm | Key Size | +|-----------|-----------|----------| +| Identity | Ed25519 | 256-bit | +| Key Exchange | ECDH X25519 | 256-bit | +| Encryption | AES-GCM | 256-bit | +| Authentication | HMAC-SHA256 | 256-bit | +| Transport | Tor v3 | - | + +**Language:** Go + +**License:** MIT + +--- + +## Security + +### Threat Model + +**Protected against:** +- Network surveillance (Tor) +- Server compromise (E2E encryption) +- Metadata harvesting (zero-knowledge design) + +**Not protected against:** +- Client device compromise +- Physical device seizure +- Social engineering +- Global passive adversary + +### Memory Protection + +**Desktop client:** memguard encrypts key material in RAM + +**Web client:** Keys cleared on disconnect/panic + +### Build Security + +Recommended compilation: +```bash +go build -ldflags="-s -w" -trimpath -buildmode=pie +``` + +This enables: +- ASLR (Address Space Layout Randomization) +- Symbol stripping (reduced attack surface) +- Path obfuscation (information disclosure prevention) + +--- + +## Contributing + +1. Fork repository +2. Create feature branch +3. Commit changes +4. Open pull request + +### Development + +```bash +git clone https://github.com/gabrix73/Noshitalk.git +cd Noshitalk +go mod download +go test ./... +``` + +### Security Issues + +Report to: security@virebent.art + +Do not open public issues for vulnerabilities. + +--- + +## License + +MIT License. See [LICENSE](LICENSE) file. + +--- + +## Links + +- Documentation: [virebent.art/noshitalk.html](https://virebent.art/noshitalk.html) +- Repository: [github.com/gabrix73/Noshitalk](https://github.com/gabrix73/Noshitalk) +- Issues: [github.com/gabrix73/Noshitalk/issues](https://github.com/gabrix73/Noshitalk/issues) |
