SKES - Secure Key Exchange Server
SKES is a secure key exchange server to exchange encryption keys between two parties in a secure manner. The two parties can then communicate through an unsecure channel, by encrypting messages with AES,... Using SKES to exchange keys will eliminate the risk of Man-in-the-Middle attacks. A SKES server has to listen behind an encrypted HTTPS proxy with a valid signed SSL certificate.
This server currently does not support HTTPS encryption. Instead add an Nginx proxy server to handle encryption.
There are two possibilities to configure the application.
You can use both methods simultaneous.
Configure through a settings file
You should pass a settings file path as a command line argument:
skes -s "path/to/settings.toml"
# The listen address for the server. # Default: :5000 ListenAddress = ":5000" # TCP or UNIX socket. # Values: tcp or unix # Default: tcp SocketType = "tcp" # The length of the keys. # Default: 64 KeyLength = 64 # Delete the keys after the timeout. # The timeout is specified in seconds. # Default: 15 seconds KeysTimeout = 15 # A list of allowed hosts to perform POST request. # If left empty, all hosts are allowed. # Default:  # Sample: [ "127.0.0.1" ] AllowHosts = 
Configure settings with environment variables
List of available environment variables:
There is a Turtlefile available. Install the SKES turtle app within seconds without setting up and linking required dependency containers.
See the official turtle documentation for more information.
There is an automatic build available on Docker Hub.
docker pull desertbit/skes
Start the skes container.
docker run -p 80:80 desertbit/skes
A SKES server is a simple HTTP server.
POST requests are server requests.
There are two post methods available:
- /new Create a new key and return its access token in the response body. A remote address has to be in the request body, specifing the allowed remote address to obtain the key via the HTTP GET method.
- /get Obtain the newly created key by its access token. The access token has to be in the request body. This request can only be triggered once per token. The key is returned in the response body.
GET requests are client requests.
Create a simple get requests with the host URL followed by the access token.
This request can only be triggered once per token. The key is returned in the response body.
Let's assume the following scenario:
- One HTTP server
- One HTTP client
To improve the security and to not transmit messages unencrypted over the HTTP connection, we'll use SKES to help encrypting messages with AES-256.
- Client connects to the server.
- Server sends a POST /new request to the SKES server. An access token is returned in the response body.
- Server sends a POST /get request to the SKES server. The key is returned in the response body.
- Meanwhile the server sends the access token to the client.
- The client sends a GET requests with the access token obtained from the server to the SKES server. The key is returned in the response body.
- Client and Server encrypt messages with AES using the shared key.