Plutonium

What is it?

Plutonium is a two-device chat application that utilises WebSockets and a X25519 ECDH Key Exchange, in addition to AES-256 to securely communicate between the two clients.

One client also doubles as the server, allowing the other to connect. This means there are no middlemen, and everything happens on presumably-secure machines.

#![forbid(unsafe_code)] has been used to ensure that all code is, well, safe. Some dependencies do use unsafe code by design, but they have also received appropriate audits to ensure things are done correctly.

Usage

• plutonium --host 127.0.0.1:9999 -u for hosting a Plutonium server (this also doubles as the client)
• plutonium --connect 127.0.0.1:9999 -u for connecting to a Plutonium server

127.0.0.1 and 9999 can be swapped out for a more suitable IP address and port number.

Additional Information

Plutonium has been tested and is fully working on Linux (Fedora 36). More platforms will be tested in the near future.

To Do

• Finalise Encryption between the two clients
  • Change the agreed key to use pbkdf2 or similar
• Clippy the code
• Make the code uniform, i.e sender in one part and tx in another
• Possibly separate the code all out of main.rs
• Add disconnect handling
  • Still need to allow the server to re-initialise once a client disconnects.
• Unify the logs between the client and the server - the server has more
• UPnP support
• Encrypt usernames to prevent metadata leakage
• Add detailed comments
• Fix argument checks in main.rs, they do a lot of double checking
• TUI (not high on the list at all)
• Error handling