Send encrypted messages via Secrez
Secrez 0.8.0 introduces the ability to exchange end-to-end, encrypted messages between local accounts, using a remote hub for SSL tunneling.
If you don’t know what Secrez is, please read my previous post:
https://medium.com/@sullof/secrez-a-secrets-manager-in-time-of-cryptocurrencies-b15120c5aa14
How it works
Supposing that you are using Secrez locally, the communication between accounts is possible thanks to two external components: a courier and a hub.
The courier must run on your machine. It works as a post office, sending and receiving letters — ignoring the content.
The hub must be accessible from anywhere. It is used by couriers to publish themselves and talk to other couriers. The hub does only one thing: generate SSL tunnels towards the couriers (by default, they use https://secrez.cc).
Any message moving around is composed of a payload and a signature. Hub and courier verify the signature and accept or reject the message, only the Secrez account can generate the payload with the encrypted message, and decrypt others’ messages.
The algorithm used for the exchange is x25519-xsalsa20-poly1305 — more info at https://github.com/dchest/tweetnacl-js/blob/master/README.md#public-key-authenticated-encryption-box.
The flow
How to chat
If you haven’t yet, update Secrez to a version >= 0.8.0:
$ npm i -g secrez@latestInstall the Courier:
$ npm i -g @secrez/courierRun the courier
$ secrez-courierIf you don’t specify the hub you like to use, it will use the default hub on secrez.cc.
If there are no issues, it will show something like:
In Secrez, execute courier. It will ask you the port where the courier is listening to. If the courier is listening, Secrez connects to the courier and take ownership of it. Now, you are ready to chat with someone. First, look at your own data running whoami. It will show your public key and, most relevantly, your url on the hub that you must pass to your friend.
The method used in Secrez is experimental and is far from perfect. So, sometimes the connection to the hub gets lost — some other time you have to update the contact (using contacts -u …). I am working on it. However, in most cases, just repeat the process and the courier will reset the connection.
A quick video
Your own hub
I have set up a hub on secrez.cc to simplify people’s life. But in many case, it would be better if you use your own hub. For example, a company could set up the hub that its employees will use.
The simplest way to go is to install the Secrez Hub on a remote server:
npm i -g @secrez/huband run it:
secrez-hubIf you don’t specify otherwise, it will start listening on port 8433.
A more reliable way is to use a process manager. If you clone the Secrez monorepo. You can run the script in the folder packages/hub/bin/pm2. It will use Pm2 and will keep the hub up.
Despite your preference, you should use a proxy, like Nginx, to expose it to HTTPS. You can generate free certificates using Let’s Encrypt.
Since the hub generates subdomains for any courier, it is essential that you set up the DNS for the domain to handle *.yourdomain.ltd. Also, the firewall must allow access at ports higher than 32k on TCP.
Feedback, requests, suggestions
If you have suggestions, requests, etc. please open an issue at:
https://github.com/secrez/secrez/issues
You can also join the Discord group. It is very silent, right now, but hopefully, sooner or later, it will become active:
https://discord.gg/2A3nSA
🙏 Acknowledgments
Secrez Hub is based on Localtunnel Server, which has been created by Roman Shtylman (zombie). I forked it and added some restrictions to make it suitable for Secrez (and only for it). I want to publicly thank Roman to allow the world to use his brilliant code.
If you like this post, please 👏 and share it!
This post has been also published at https://room29.art/secrez-for-messaging/.
