DeskCon Connection Security
First of all, I’m not a Security Expert, I just use the well known Encryption and Security standards. So if you find any flaws in how I implemented that stuff, please tell me.
Basically I use self-signed Certificates with a TLSv1.2 SSL Connection. During the “pair”-Process, Desktop and mobile Device exchange their X509v3 Certificate and print out the Fingerprints (sha256), so that the User can verify their Identity. If the User says they match, the Certificates will be stored.
The Certificates are generated from a 2048-bit RSA Key-pair and signed with SHA256 Algorithm.
The SSL Connection is actually over TLSv1,TLSv1.1 or TLSv1.2 depending on your Android Version (TLSv1.2 is supported in Android 4.1 and up) and the OpenSSL Library Version. Server and Client have to authenticate each other with the mentioned Certificates.
So the whole data Transfer is encrypted and the Devices (Desktop and MID) can be sure they talk with the right Machine.
Mighty stuff, I had been looking for something like this for a while! (to the extend I was even thinking of starting it myself). I hope you keep up the good work.
I had a small problem running the server script, initially it kept failing at main.py line 226 (‘ctx.load_verify_locations(configmanager.cafilepath) ‘) with a python exception. I only had a quick look at it, but here’s my theory;
cafilepath points to (in configmanager.py) ~/.deskcon/keys/cas.pem. I think this file only gets created upon initially exchanging keys with the Android device. I commented line 226 out, set up a connection with my phone, and then uncommented the line again. This seemed to have worked.
Anyways, keep it up, and if I can help with anything, please don’t hesitate. I’m thinking I might write a few configuration options for the Gnome-shell indicator, for example.
Thanks for the Bug-report, didn’t notice it, because my CA File wasn’t empty. The fixed Version is up on Github. I’m sometimes struggling with GJS, so your offer might come in handy, thanks