{ "info": { "author": "Michal Krenek (Mikos)", "author_email": "m.krenek@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Intended Audience :: End Users/Desktop", "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Topic :: Communications :: Chat", "Topic :: Security :: Cryptography" ], "description": "Pyxolotl\n========\n\nSend and receive messages encrypted with `Axolotl (Double Ratchet) `_ protocol\n\nDescription\n-----------\n\nPyxolotl allows you to send and receive secure end-to-end encrypted messages with \n`perfect forward and future secrecy `_ over\nany channel (email, IM, IRC, Twitter, Hangouts, Facebook, etc.). It uses same\n`Axolotl (Double Ratchet) `_ protocol as Signal\nmessaging app by Open Whisper Systems.\n\nProtocol\n--------\n\nActual wire protocol is described\n`here `_. Headers\n(for differentiating between standard message and key exchange message) are obfuscated\nwith 100000 iterations of PBKDF2 (with whole encrypted message used as salt). This should make\nidentifying Pyxolotl messages very resource-intensive to impede mass surveillance or filtering.\n\nKey exchange\n------------\n\nPyxolotl is serverless, all messages are sent P2P, so it doesn't use\n`prekeys `_. You must first send initial key\nexchange message to recipient and wait for his reply before sending actual message (this is same as\n`SMS Transport `_\nin older versions of TextSecure and in SMSSecure / Silence). Once this initial key exchange is completed,\nboth parties can send messages to each other without any other inconveniences. Security model is\n`TOFU `_ (Trust On First Use), both parties\nshould compare public keys via independent secure channel to mitigate potential MITM attack during\ninitial key exchange.\n\nTransports\n----------\n\nPyxolotl have pluggable transports. For now there is only *plaintext* transport (which prints\nencoded messages to terminal) and *email* transport (messages are encoded to / decoded from\nwell-formed MIME emails).\n\nEncodings\n---------\n\nEncrypted messages can use different transport encodings. For now there is standard *Base64*\nencoding (without padding) and as a curiosity *mnemonic* encoding (based on\n`BIP-0039: Mnemonic code for generating deterministic keys `_\nwhich encodes encrypted messages as a sequence of words). Mnemonic encoding is inefficient\n(messages are about 3.5x larger than Base64), but it can add another layer of obfuscation against\nmass surveillance or filtering.\n\nLocal encryption\n----------------\n\nLocal database (private key, sessions, etc.) is encrypted with AES-CBC using 256-bit key derived\nfrom passphrase (with 100000 iterations of PBKDF2 and random salt) and authenticated with HMAC-SHA256.\n\nRequirements\n------------\n\n- Python >= 3.3\n- enum (https://pypi.python.org/pypi/enum) for Python < 3.4\n- python-axolotl (https://github.com/tgalal/python-axolotl)\n- python-axolotl-curve25519 (https://github.com/tgalal/python-axolotl-curve25519)\n- protobuf (https://github.com/google/protobuf) >= 2.6\n- pycrypto (https://github.com/dlitz/pycrypto)\n\nUsage\n-----\n\nRun ``pyxolotl --help`` to see all available options.\n\nHelp\n----\n::\n\n usage: pyxolotl [-h] [-d] [-t {plaintext,email}] [-e {base64,mnemonic}]\n [--log LOG] [--db DB] [--config CONFIG] [--version]\n [-a ADDRESS] [-s SUBJECT]\n {list,ls,send,receive,recv,exchange,delete,del,rm,passwd} ...\n \n send and receive messages encrypted with Axolotl protocol\n \n optional arguments:\n -h, --help show this help message and exit\n -d, --debug log detailed debugging messages (default: False)\n -t {plaintext,email}, --transport {plaintext,email}\n choose message transport (default: plaintext)\n -e {base64,mnemonic}, --encoder {base64,mnemonic}\n choose message encoding (default: base64)\n --log LOG log file path (default:\n ~/.local/share/pyxolotl/pyxolotl.log)\n --db DB database file path (default:\n ~/.local/share/pyxolotl/pyxolotl.db)\n --config CONFIG configuration file path (default:\n ~/.local/share/pyxolotl/pyxolotl.json)\n --version show program's version number and exit\n \n email transport:\n -a ADDRESS, --address ADDRESS\n your own email address (default: None)\n -s SUBJECT, --subject SUBJECT\n subject of sent emails (default: None)\n \n commands:\n run `pyxolotl COMMAND --help` to see help message for specific command\n \n {list,ls,send,receive,recv,exchange,delete,del,rm,passwd}\n available commands\n list (ls) list known identities\n send send message to recipient\n receive (recv) receive message from sender\n exchange start initial key exchage with recipient\n delete (del, rm) end session with recipient\n passwd change passphrase to local storage\n\nTodo:\n-----\n\n- write more transports (especially Google Hangouts, Twitter Direct Messages, Facebook Messenger,\n IRC and XMPP)\n- make email transport more complete (sending with SMTP, receiving with IMAP IDLE)\n- create IM-like console UI (with ``asyncio`` and `Urwid `_)\n- create IM-like Qt 5/QML based GUI\n- add support for multiple devices\n- add support for group messages\n- add support for verifying identity with question (using\n `socialist millionaire `_ protocol)\n\nExample\n-------\n::\n\n [alice@nsa.gov ~]$ pyxolotl exchange bob\n SEND:\n To: bob\n Encrypted message: 4uJ8zyMIwSgSIQUuLKlC8WdspRietP45P6nFU6/50wT4cQYxNw4vvqKLHxohBYLC5sDLZ78syjQIMf9PA+3Q9MGootUvOajaZA3thspDIiEF6sSiWxB6l0B4oE7gcMl1T3W+hzI548U46cYrR5KUjXY\n \n [bob@fsb.ru ~]$ pyxolotl receive\n RECEIVE:\n From: alice\n Encrypted message: 4uJ8zyMIwSgSIQUuLKlC8WdspRietP45P6nFU6/50wT4cQYxNw4vvqKLHxohBYLC5sDLZ78syjQIMf9PA+3Q9MGootUvOajaZA3thspDIiEF6sSiWxB6l0B4oE7gcMl1T3W+hzI548U46cYrR5KUjXY\n \n Received initial key exchange request! Send this reply to complete key exchange:\n SEND:\n To: alice\n Encrypted message: 0yx89TMIwigSIQVN+wtEio0h+Zx7WPcIwM9WreOy0r7eETBclhOtDAvANhohBb4qfe8R05/167DQDdd2Gqp5OrxAPcriwJMtzi+2b7QrIiEFhfVGHlCm6b1SX36V1HeFX4pAeW15v1aLb2nGi57NZFAqQD3rKGjPDCCm1Kj6i8GUnf4MAc56fhRIYhUJH2mSvlcSAl2XotmR2Yz2lY0wa7TW1JnmUX+YBbIEgIHk0gQ9Log\n\n [alice@nsa.gov ~]$ pyxolotl receive\n RECEIVE:\n From: bob\n Encrypted message: 0yx89TMIwigSIQVN+wtEio0h+Zx7WPcIwM9WreOy0r7eETBclhOtDAvANhohBb4qfe8R05/167DQDdd2Gqp5OrxAPcriwJMtzi+2b7QrIiEFhfVGHlCm6b1SX36V1HeFX4pAeW15v1aLb2nGi57NZFAqQD3rKGjPDCCm1Kj6i8GUnf4MAc56fhRIYhUJH2mSvlcSAl2XotmR2Yz2lY0wa7TW1JnmUX+YBbIEgIHk0gQ9Log\n \n Initial key exchange completed!\n\n [alice@nsa.gov ~]$ pyxolotl ls\n Your public key: 05eac4a25b107a974078a04ee070c9754f75be873239e3c538e9c62b4792948d76\n Existing sessions:\n Identity: bob, Pending key exchange: False\n Public key: 0585f5461e50a6e9bd525f7e95d477855f8a40796d79bf568b6f69c68b9ecd6450\n\n [bob@fsb.ru ~]$ pyxolotl ls\n Your public key: 0585f5461e50a6e9bd525f7e95d477855f8a40796d79bf568b6f69c68b9ecd6450\n Existing sessions:\n Identity: alice, Pending key exchange: False\n Public key: 05eac4a25b107a974078a04ee070c9754f75be873239e3c538e9c62b4792948d76\n\n [alice@nsa.gov ~]$ pyxolotl send bob\n Message: Hello Bob!\n SEND:\n To: bob\n Encrypted message: a74TljMKIQWJl7sz1bTEIhF/7nwKBLRi7XeEpzcur7t/MOixAOfbHRAAGAAiEEgco7NQXppy/qsm5TdJllpW+nTQ1QjVsQ\n\n [bob@fsb.ru ~]$ pyxolotl receive\n RECEIVE:\n From: alice\n Encrypted message: a74TljMKIQWJl7sz1bTEIhF/7nwKBLRi7XeEpzcur7t/MOixAOfbHRAAGAAiEEgco7NQXppy/qsm5TdJllpW+nTQ1QjVsQ\n \n DECRYPTED:\n Hello Bob!\n\n [bob@fsb.ru ~]$ pyxolotl send alice\n Message: Hello Alice!\n SEND:\n To: alice\n Encrypted message: Zd/HKjMKIQXLGyTr5AcvrpUhfR2H7bYqLXqVy7GpE84VvFFkm1LDbxAAGAAiEJDC8/kM59yVzNeCBtjDVOe1CHWuFDbhYg\n\n [alice@nsa.gov ~]$ pyxolotl receive\n RECEIVE:\n From: bob\n Encrypted message: Zd/HKjMKIQXLGyTr5AcvrpUhfR2H7bYqLXqVy7GpE84VvFFkm1LDbxAAGAAiEJDC8/kM59yVzNeCBtjDVOe1CHWuFDbhYg\n \n DECRYPTED:\n Hello Alice!\n\n", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/xmikos/pyxolotl", "keywords": null, "license": "GNU GPLv3", "maintainer": null, "maintainer_email": null, "name": "Pyxolotl", "package_url": "https://pypi.org/project/Pyxolotl/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/Pyxolotl/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/xmikos/pyxolotl" }, "release_url": "https://pypi.org/project/Pyxolotl/0.2/", "requires_dist": null, "requires_python": null, "summary": "Send and receive messages encrypted with Axolotl (Double Ratchet) protocol", "version": "0.2" }, "last_serial": 2335591, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "bac19b9d75744731cd8287d3edae0288", "sha256": "329763a260c59dd87958e497b01d83fe34a5ea06e09dec5522ec95853511cc2e" }, "downloads": -1, "filename": "Pyxolotl-0.1.tar.gz", "has_sig": false, "md5_digest": "bac19b9d75744731cd8287d3edae0288", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 24130, "upload_time": "2016-09-11T00:48:45", "url": "https://files.pythonhosted.org/packages/04/51/e4e7f824c22af1733e3ed5bcba8f2b30e7c7230a19353000f0099a2b53e1/Pyxolotl-0.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "45a77b09d8e51eec4634db99ff03057b", "sha256": "246514ad675c8f0a9cfd8999d7aeec1f34e08ed550f8b27e73a70a36469eb92e" }, "downloads": -1, "filename": "Pyxolotl-0.2.tar.gz", "has_sig": false, "md5_digest": "45a77b09d8e51eec4634db99ff03057b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36459, "upload_time": "2016-09-11T01:09:24", "url": "https://files.pythonhosted.org/packages/52/82/db5d1c6da50c19250c38e2858bb291dd950ba0c3340b48ec35ecf602ec6a/Pyxolotl-0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "45a77b09d8e51eec4634db99ff03057b", "sha256": "246514ad675c8f0a9cfd8999d7aeec1f34e08ed550f8b27e73a70a36469eb92e" }, "downloads": -1, "filename": "Pyxolotl-0.2.tar.gz", "has_sig": false, "md5_digest": "45a77b09d8e51eec4634db99ff03057b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36459, "upload_time": "2016-09-11T01:09:24", "url": "https://files.pythonhosted.org/packages/52/82/db5d1c6da50c19250c38e2858bb291dd950ba0c3340b48ec35ecf602ec6a/Pyxolotl-0.2.tar.gz" } ] }