Public | Automated Build

Last pushed: 9 days ago
Short Description
Secure Key Exchange Server
Full Description

SKES - Secure Key Exchange Server

SKES is a secure key exchange server to exchange encryption keys between two parties in a secure manner. The two parties can then communicate through an unsecure channel, by encrypting messages with AES,... Using SKES to exchange keys will eliminate the risk of Man-in-the-Middle attacks. A SKES server has to listen behind an encrypted HTTPS proxy with a valid signed SSL certificate.

WARNING The SKES server URL and handshake server and client code has to be hardcoded and verified! Otherwise the setup is not secure against Man-in-the-Middle attacks! Don't use this with Javascript code, which is transmitted to the client. It can be manipulated...

This server currently does not support HTTPS encryption. Instead add an Nginx proxy server to handle encryption.

Configuration

There are two possibilities to configure the application.
You can use both methods simultaneous.

Configure through a settings file

You should pass a settings file path as a command line argument:

skes -s "path/to/settings.toml"

Sample configuration:

# The listen address for the server.
# Default: :5000
ListenAddress = ":5000"

# TCP or UNIX socket.
# Values: tcp or unix
# Default: tcp
SocketType = "tcp"


# The length of the keys.
# Default: 64
KeyLength = 64

# Delete the keys after the timeout.
# The timeout is specified in seconds.
# Default: 15 seconds
KeysTimeout = 15

# A list of allowed hosts to perform POST request.
# If left empty, all hosts are allowed.
# Default: []
# Sample:  [ "127.0.0.1" ]
AllowHosts = []

Configure settings with environment variables

List of available environment variables:

  • SKES_LISTEN_ADDRESS
  • SKES_SOCKET_TYPE
  • SKES_KEY_LENGTH
  • SKES_KEYS_TIMEOUT

Turtle

There is a Turtlefile available. Install the SKES turtle app within seconds without setting up and linking required dependency containers.
See the official turtle documentation for more information.

Docker

There is an automatic build available on Docker Hub.

docker pull desertbit/skes

Start the skes container.

docker run -p 80:80 desertbit/skes

API

A SKES server is a simple HTTP server.

POST requests

POST requests are server requests.
There are two post methods available:

  • /new Create a new key and return its access token in the response body. A remote address has to be in the request body, specifing the allowed remote address to obtain the key via the HTTP GET method.
  • /get Obtain the newly created key by its access token. The access token has to be in the request body. This request can only be triggered once per token. The key is returned in the response body.

GET requests.

GET requests are client requests.
Create a simple get requests with the host URL followed by the access token.

Sample: https://host/NLMKEQqiy3D3DltItonwwssUNficyi

This request can only be triggered once per token. The key is returned in the response body.

Example

Let's assume the following scenario:

  • One HTTP server
  • One HTTP client

To improve the security and to not transmit messages unencrypted over the HTTP connection, we'll use SKES to help encrypting messages with AES-256.

  1. Client connects to the server.
  2. Server sends a POST /new request to the SKES server. An access token is returned in the response body.
  3. Server sends a POST /get request to the SKES server. The key is returned in the response body.
  4. Meanwhile the server sends the access token to the client.
  5. The client sends a GET requests with the access token obtained from the server to the SKES server. The key is returned in the response body.
  6. Client and Server encrypt messages with AES using the shared key.
Docker Pull Command
Owner
desertbit
Source Repository

Comments (0)