In recent PR https://github.com/cs01/termpair/pull/70, termpair was changed so that the only info someone needed to connect via a browser was the terminal ID, not the AES key as before. It used public key encryption to securely obtain the AES keys. The terminal ID is 128 bits, so it would be extremely difficult for someone to guess a terminal id. While no plaintext data is exposed to the server, the id is known by the server, which makes for a trivial attack vector (log the terminal id being issued, and go to the corresponding url to obtain the keys). This scheme was never published to PyPI, only the master branch of this repo.
This PR removes the public key encryption and replaces it with a third AES key: a "bootstrap" key for the other two. This third key is provided via the url hash as before, so the terminal id is not sufficient to gain access to the session. Upon initial websocket connection, the broadcasting terminal encrypts the other two AES keys with the bootstrap key before sending over the wire.
In addition to embedding in the URL, users can also enter the base-64 encoded key via an input in the webpage.
Test plan
Tested by running
> nox -s broadcast
nox > Running session broadcast
nox > Re-using existing virtual environment at .nox/broadcast.
Note: Frontend must be built for this to work
nox > python -m pip install -e .
nox > termpair share
--------------------------------------------------------------------------------
Connection established with end-to-end encryption 🔒
Shareable link: http://localhost:8000/?terminal_id=c5954a19358d629fd211fe89d6d40b29#S+lD9KRerCWbkc2YWy4bYA==
Terminal ID: c5954a19358d629fd211fe89d6d40b29
Secret encryption key: S+lD9KRerCWbkc2YWy4bYA==
TermPair Server URL: http://localhost:8000/
Type 'exit' or close terminal to stop sharing.
--------------------------------------------------------------------------------
CHANGELOG.mdSummary of changes
In recent PR https://github.com/cs01/termpair/pull/70, termpair was changed so that the only info someone needed to connect via a browser was the terminal ID, not the AES key as before. It used public key encryption to securely obtain the AES keys. The terminal ID is 128 bits, so it would be extremely difficult for someone to guess a terminal id. While no plaintext data is exposed to the server, the id is known by the server, which makes for a trivial attack vector (log the terminal id being issued, and go to the corresponding url to obtain the keys). This scheme was never published to PyPI, only the master branch of this repo.
This PR removes the public key encryption and replaces it with a third AES key: a "bootstrap" key for the other two. This third key is provided via the url hash as before, so the terminal id is not sufficient to gain access to the session. Upon initial websocket connection, the broadcasting terminal encrypts the other two AES keys with the bootstrap key before sending over the wire.
In addition to embedding in the URL, users can also enter the base-64 encoded key via an input in the webpage.
Test plan
Tested by running
(note the new
Secret encryption key)fyi @colmmacc @ignoramous