Coding Encrypted Chat in Python

00:00

what is going on guys welcome back in

00:02

today's video we're going to learn how

00:03

to build an encrypted chat in Python so

00:05

let us get right into it

00:10

[Music]

00:15

alright so I already have quite a lot of

00:17

tutorials on this channel on how to

00:19

build a chat in Python beat a TCP chat a

00:22

UDP chat a TCP chat room a web chat and

00:25

flask and in today's video we're going

00:27

to build an encrypted chat which means

00:29

that the communication between the

00:30

individual clients is going to be

00:32

encrypted we will not send any clear

00:33

text messages we will encrypt the

00:36

messages at the sending client and they

00:37

will be decrypted at the receiving

00:39

client making it basically impossible

00:42

for me as a third party to just listen

00:44

to the network traffic and say hey this

00:46

is the content of the message I can read

00:48

it as well just because I'm listening to

00:50

the network connection I can see what

00:51

you guys are talking about this is not

00:53

possible when the connection is

00:54

encrypted and in fact I'm going to show

00:56

you the difference between uh encryption

00:59

and not not encryption by using

01:02

Wireshark and actually listening to the

01:04

network traffic in this case only on my

01:06

machine but this can also be done in a

01:07

network if you're a router or something

01:09

you can just listen to the network

01:10

traffic that's happening and you can see

01:12

okay what package is being sent you can

01:14

extract the messages in cleared text

01:16

unless they are encrypted so this is

01:19

what we're going to do today in Python

01:21

and for that we're going to use One

01:22

external Library called RSA this is

01:24

going to be the library that we use for

01:25

the encryption and the rest is going to

01:28

be done in core python so we're going to

01:29

use the socket module the threading

01:31

module for the connection and everything

01:33

and we're going to use RSA the external

01:35

module for the actual encryption and for

01:38

that we're going to open up the command

01:39

line and we're going to say pip install

01:42

RSA and this is asymmetric encryption so

01:45

this basically means in a nutshell we

01:47

have a private key and a public key and

01:50

the public key is known by everyone so

01:52

if I have a public key you can know it

01:54

everyone can know it there's no secret

01:56

about this key everyone can know this

01:58

key and everyone can use this key to

02:00

encrypt a message for me and this

02:02

encrypted message can only be decrypted

02:05

with my private key which hopefully only

02:08

I know so the private key is also

02:10

sometimes called the secret key should

02:12

be kept secret at all times so only I

02:15

can know it because that's the only way

02:16

to decrypt the message and it's is

02:18

called asymmetric because we use a

02:20

different key for the encryption in a

02:22

different key for the decryption it's

02:24

not like using a password that you just

02:25

you know use to encrypt and decrypt

02:27

something you use a public key that is

02:29

known by everyone everyone can use that

02:31

to encrypt a message specifically for

02:33

you and only you can decrypt that

02:35

message with the respective private key

02:37

and it's basically impossible to derive

02:41

the private key from the public key so

02:42

that's the basic idea here and this is

02:44

what we're going to use as an encryption

02:46

here and we're going to start by saying

02:48

import socket

02:50

we're going to also import threading

02:54

and we're going to say import RSA and

02:57

before we talk about anything regarding

02:59

the

03:00

um encryption we're going to have a

03:02

basic choice because we want to use one

03:04

script in this video for the client and

03:06

we don't want to use a service script

03:08

and a client script so we want one

03:10

Central script and you can choose

03:12

whether you want to host or you want to

03:14

connect because one client will have to

03:16

host a conversation and one client will

03:19

connect to the uh to the hosted socket

03:22

because you cannot just have two clients

03:24

talking to each other one client has to

03:25

also

03:27

um host a connection at least when we

03:29

use TCP in UDP we could just send

03:31

packages so for that reason we're going

03:34

to say Choice equals input do you want

03:37

to host this is option one or do you or

03:43

let's say or to

03:45

connect option two

03:48

and then we say if maybe not a question

03:50

mark maybe colon

03:54

if the choice is equal to one then we're

03:58

going to host the connection so we're

03:59

going to say server equals socket dot

04:03

socket socket Dot afinet and socket dot

04:06

stockstream that basically means

04:08

internet socket TCP because connection

04:10

oriented protocol here if you want to

04:13

use UDP you would just say sock dgram

04:15

for datagram and then we say server dot

04:19

bind and we bind it to the local ipv4

04:22

address which can be found out in the

04:24

terminal on Windows by saying ipconfig

04:27

so in the command line

04:29

um we just go to the ethernet adapter

04:32

and we go to ipv4 and we copy this IP

04:35

address here

04:37

and I'm bind it to the Tuple of this and

04:39

the port number 99999

04:43

that's the basic idea and now we say

04:45

server Dot listen

04:48

and this is going to be a client that

04:51

will only accept one connection so we

04:53

don't need anything to handle uh we

04:56

don't we don't need

04:58

um multiple connections which is why

05:00

we're going to call the accept function

05:01

only once and we're going to say that

05:03

the client and the address that is

05:05

connected actually we don't need the

05:07

address so we can just leave this as an

05:08

empty as a placeholder here as an

05:12

unnamed return value so client is going

05:14

to be equal to server dot accept so when

05:18

a client connects to that server it's

05:20

going to just accept and this client

05:22

here will be our communication method to

05:25

that client that connected

05:28

um that's the idea here and then what

05:30

we're going to do

05:32

uh or actually let's do that later on um

05:35

we're going to exchange the keys here

05:36

because the other client needs to know

05:38

our public key and we need to know the

05:40

public key of the other client so that

05:42

they can encrypt something for us and we

05:44

can encrypt something for them uh but

05:46

we're going to add this here in a second

05:47

so let's just accept the connection for

05:49

now and let's say also otherwise we're

05:51

actually elif the choice happens to be

05:55

two then we're going to say that the

05:57

client is equal to socket socket again

06:00

socket

06:02

AF inet sock stream

06:05

but this time we're going to connect

06:08

client dot connect to in this case we're

06:11

going to use the same IP address of

06:13

course if you use this across the

06:15

network or maybe even in the internet

06:17

you would want to specify your IP

06:19

address here and the other person would

06:21

specify

06:22

um

06:23

the IP address of you your public IP

06:27

address

06:27

and you would specify if you connect the

06:30

public IP address of the other person

06:32

but in this case all of this happens on

06:34

one machine so we're going to do it with

06:37

the same IP address of course you can

06:38

also ask for input so you can say IP

06:40

equals input enter the IP address if you

06:43

want to but in this case I'm going to

06:44

use only my IP address so that's not

06:46

necessary

06:48

um and then here we would also exchange

06:51

the key otherwise we're going to say

06:53

exit

06:54

because that's an invalid input and then

06:58

essentially all we need to do is we need

06:59

to send messages and receive messages so

07:01

we're going to have uh one function

07:03

that's going to run a separate thread

07:06

which is going to be the sending

07:07

messages function

07:10

is going to run with a parameter C which

07:12

is going to be our client and we're

07:14

going to say while true we're going to

07:16

be asked for new messages so message is

07:18

going to be inputs what do you want to

07:21

send to this person and then we're going

07:22

to just say C sent

07:26

message dot encode

07:29

and uh we're gonna print you and then

07:33

whatever you

07:34

sent to the other client

07:37

so that you have a protocol a log

07:40

um and then

07:42

we're going to also have a receiving

07:46

messages

07:49

function which is going to say while

07:51

true

07:52

just print partner whatever the partner

07:55

says and this is going to be C receive

07:58

1024 bytes decode

08:03

that is the idea and then we're going to

08:05

just say threading dot threat

08:09

we don't need the input here

08:11

threading.thread one is going to Target

08:13

the sending messages function

08:17

um we're going to pass as arguments here

08:19

the client

08:21

and one is going to be the receiving

08:24

messages also with the argument client

08:27

uh what's the problem here client can be

08:30

undefined okay we're not gonna care

08:32

about this year because it's not going

08:33

to be undefined uh and one nice thing

08:36

you can see here is the decline is

08:37

always going to be the correct object to

08:39

talk about because we don't need the

08:40

server the server is only made for

08:41

accepting the connection the client is

08:44

the accepted connection so this is the

08:45

client we use to communicate with the

08:47

other client and here we also have the

08:49

client that we use to communicate so

08:50

basically after going through this block

08:52

here the client is going to be declined

08:54

and we can just do it like that so this

08:57

should already be an unencrypted chat

08:59

so I should already be able to run a

09:02

terminal here

09:03

and what was the key bind for split I

09:06

hope this is it there you go

09:09

I'm gonna navigate to my current working

09:12

directory which is this one and I'm

09:16

gonna do this here as well

09:20

uh wrong directory

09:27

and

09:29

now we're going to run main.py here

09:32

we're going to run main.py here

09:36

and I'm going to say I want to host and

09:38

I'm going to say I want to connect

09:41

and this crash the script why is that oh

09:45

because we need to start the threads as

09:49

well

09:51

that is the issue

09:55

so let's do the same thing I want to

09:57

host I want to connect

09:59

hey

10:01

hey hello

10:03

what's up

10:06

not much there you go so this works

10:11

um this is the ordinary connection now

10:13

we're going to encrypt this connection

10:14

so we're going to use RSA first of all

10:17

when we start the script to create our

10:19

own public private uh key pair and

10:22

usually you don't generate public and

10:24

private key for every session you have

10:26

your public key for a certain amount of

10:28

time and you just put it on your website

10:30

or something

10:31

um on a public website and uh you don't

10:34

necessarily generate it for each session

10:36

but in this case we're going to do it

10:38

like that we're going to say that the

10:40

public

10:42

key

10:43

private key

10:46

is going to be equal to RSA new keys

10:49

1024 bytes

10:51

or bits not sure

10:53

um and then we say

10:56

also that the public key of the partner

10:58

is going to be none by default

11:02

and we're going to get it then via the

11:04

socket connection so in this case here

11:06

once we accepted the connection we're

11:08

going to start by saying client dot send

11:11

so the hosting person the hosting client

11:14

is going to send the key first we're

11:16

going to send to our other client the

11:19

public key but of course in order to be

11:21

able to send it we need to package it as

11:23

bytes so we're going to say public key

11:25

dot safe pkcs1

11:30

um

11:31

and this is going to be sent

11:35

um

11:38

wasn't like yeah we need to specify the

11:40

format which is pem so basically we take

11:42

the public key we save it in this format

11:44

pm and then we receive also the public

11:47

key of the other client by saying public

11:53

well the partner is going to be equal to

11:55

client receive

11:57

1024 bytes and this is going to be the

12:01

basis for the public key and we're going

12:03

to say RSA public key uh what was it RSA

12:08

uh public key.load pkcs1

12:13

whatever we get here

12:15

and this is how it works we're going to

12:17

do the same thing down here but we're

12:19

going to do it the other way around

12:20

because when one client is sending the

12:22

other has to receive so the hosting

12:25

client will send first and then receive

12:26

and the connecting client will receive

12:28

and then send

12:30

and then the only thing that we need to

12:31

change now that we have that is we need

12:33

to encrypt every message and we need to

12:35

decrypt every message so instead of just

12:37

sending we're going to say

12:40

um RSA dot encrypt

12:43

we're going to encrypt the message dot

12:45

encode

12:45

so the encoded message will be encrypted

12:48

with the public key of the partner so

12:51

that the partner can then decrypt it

12:53

with the private key and we're now the

12:56

partner the partner or where now we

12:59

we're receiving from the partner in this

13:01

case we're not just printing whatever we

13:02

get here we're going to say that

13:05

um

13:07

what we want to print is RSA dot decrypt

13:11

and this is going to be whatever we

13:13

receive here in the form of bytes so

13:15

we're not going to decode in here we're

13:17

going to receive whatever we receive and

13:19

it's going to be decrypted with our

13:21

private key

13:25

and this result here will be decoded

13:29

that's that so let's see before we look

13:32

into Wireshark and package sniffing if

13:34

that works

13:36

so let me just split this here again

13:37

let's go to the python directory okay

13:40

wrong one again I changed the binding

13:42

recently which I have a different

13:44

functionality so I'm gonna navigate here

13:52

and then I'm gonna run

13:54

main py again

13:56

run main py again I want to host here

14:01

I want to connect here

14:03

test

14:05

hey okay so you can see everything is

14:07

clear text even though it's encrypted

14:09

actually and now let's see what the

14:11

actual difference is because right now

14:13

we just had the same functionality as

14:15

before but what changed behind the

14:17

scenes

14:18

so for that we're going to open up

14:20

Wireshark if you don't have Wireshark

14:21

you need to install it the installation

14:23

process is not too complicated you just

14:25

download Wireshark and you run it and

14:27

then what you can do is you can capture

14:29

certain interfaces so I can go to

14:30

options here I can choose an interface

14:32

usually of course you would want to

14:34

choose Ethernet or Wi-Fi or something

14:37

but since this is happening here on the

14:39

same machine so since I'm sniffing and

14:41

listening on the same machine I will go

14:43

with the loop back traffic because at

14:46

the end of the day I'm sending myself

14:48

some messages on localhost so I'm going

14:50

to start this network here and you can

14:52

see now packages are being sent all the

14:54

time for all sorts of reasons you don't

14:58

have to look at everything here but uh

15:00

let's briefly just disable the

15:04

encryption so we're going to say

15:07

they can still exchange keys but we're

15:09

not going to encrypt the messages we're

15:11

just gonna receive and decode

15:16

and we're going to just

15:18

send without encryption

15:23

and then we're going to see how easy it

15:25

is to get the content of these uh

15:28

packages so I'm going to run here

15:30

again maybe I should leave this open

15:41

there you go Main

15:44

Main

15:47

and now I'm going to say I want a host

15:49

here I'm gonna connect here and now I'm

15:51

gonna say hello world

15:54

what is up

15:57

My secret is that I love Matlab

16:03

but I am afraid

16:06

to admit rightfully so uh let's go into

16:10

Wireshark and let's see if we can see

16:13

some packages I can stop capturing now

16:15

and you can see here that we have some

16:18

packages from this IP to this IP so not

16:21

just from localhost localhost but from

16:23

specifically this IP to this IP and if I

16:25

click on it you can see that I see

16:27

something that no one wants to see

16:29

someone confessing his love to Matlab

16:31

and you can see my secret is that I love

16:33

Matlab but I'm afraid to admit it or to

16:36

admit you can see I just listened to the

16:39

packages and this package contains data

16:42

58 bytes and this is clear text I can

16:45

just read what's in it now we have a

16:47

second package here with some other data

16:49

and we should have more packages

16:51

containing more messages here I can see

16:53

what is up

16:55

then I can see here hello world so you

16:58

can see I can just look at the packages

17:00

with Wireshark and see what's happening

17:02

let's do the same thing now with the

17:04

encrypted

17:06

um lines of code

17:10

so now we encrypt every message and we

17:12

decrypt every message and I can run this

17:14

again so I can

17:18

uh okay I cannot close this I have to

17:20

restart this

17:22

sorry about that

17:25

let's navigate there again

17:36

I'm going to run main py here I'm going

17:38

to run main py here host connect and now

17:43

let's run Wireshark again options

17:47

loopback start continue without saving

17:51

listens again to some packages and now I

17:54

can just go ahead and type some messages

17:57

hello world

18:00

how are you

18:03

I am afraid to admit that I code in

18:09

Matlab

18:11

and now we can go to Wireshark again we

18:13

can stop the capturing and we can look

18:15

at the same packages so let's look again

18:18

there you go here we have again Source

18:21

the IP address and destination the IP

18:23

address if I click on it you can see now

18:25

I still have data but it's always going

18:27

to be 128 bytes and I cannot see what's

18:30

in it so I can I cannot read any of that

18:32

content here and we can also look at the

18:34

other packages so I can scroll up here

18:36

we have

18:37

another message again 128 bytes no

18:41

chance to see what's in there so I I

18:43

don't know I cannot see the content of

18:45

this message

18:47

um I don't know actually what would

18:49

happen if I include a very long message

18:51

probably I would have some uh problems

18:55

let's try maybe we can find out I mean

18:57

actually I stopped capturing right

18:59

but you can see the difference you can

19:00

see that we can no longer just sniff the

19:03

network connection we can no longer just

19:04

listen to the connection and see what

19:06

two clients are communicating about

19:08

because we only get some random bytes

19:11

that we don't know

19:12

how to interpret now I'm going to send a

19:15

bit more content maybe we're going to

19:18

get either an error or maybe we're going

19:21

to get larger packages or we're going to

19:23

get 128 again

19:27

uh

19:28

okay no overflow error okay but you can

19:32

see the difference you can see that when

19:33

we encrypt the messages for our clients

19:36

there's no difference in experience but

19:39

we are not able to just listen to the

19:42

connection and see what they're talking

19:43

about which is very good because now we

19:46

have a little bit more security as long

19:48

as you keep the private key private it's

19:49

basically impossible to uh to

19:54

unencrypt these messages and this is how

19:56

you do that this is how you build an

19:58

encrypted chat in Python all right so

20:00

that's it for today's video I hope you

20:01

enjoyed it and hope you learned

20:03

something if so let me know by hitting a

20:04

like button and leaving a comment in the

20:06

comment section down below and of course

20:07

don't forget to subscribe to this

20:09

Channel and hit the notification Bell to

20:10

not miss a single future video for free

20:12

other than that thank you much for

20:13

watching see you next video and bye

20:23

thank you

20:26

foreign

20:28

[Music]