TCP proxy using Enigma rotor cipher.
中文
Simple experimental TCP proxy using Enigma rotor cipher applied to base24 encoded data, written in D. The only dependency is botan.
Flint provides strong integrity and really weak confidentiality, as Enigma is a WWII cipher. It is recommended to use stunnel for some true confidentiality.
On client side,
After handshake, the following message structure is used.
from https://github.com/nametoolong/flint
----------
dub的安装,参见https://dlang.org/download.html#dmd
在64位linux vps上,安装dmd和dub
wget http://downloads.dlang.org/releases/2.x/2.078.1/dmd.2.078.1.linux.tar.xz
tar Jxvf dmd.2.078.1.linux.tar.xz
cd dmd2
root@RegalMusty-VM:~/dmd2# ls
README.TXT html linux osx solaris windows
freebsd license.txt man samples src
root@RegalMusty-VM:~/dmd2# cd linux
root@RegalMusty-VM:~/dmd2/linux# ls
bin32 bin64 lib32 lib64
root@RegalMusty-VM:~/dmd2/linux# cd bin64
root@RegalMusty-VM:~/dmd2/linux/bin64# ls
README.TXT dman dmd.conf dumpobj obj2asm
ddemangle dmd dub dustmite rdmd
(dmd和dub是可执行文件)
root@RegalMusty-VM:~/dmd2/linux/bin64#
root@RegalMusty-VM:~/dmd2/linux/bin64# echo 'export PATH=$PATH:~/dmd2/linux/bin64'>> /etc/profile
root@RegalMusty-VM:~/dmd2/linux/bin64# . /etc/profile
root@RegalMusty-VM:~/dmd2/linux/bin64# which dmd
/root/dmd2/linux/bin64/dmd
root@RegalMusty-VM:~/dmd2/linux/bin64# which dub
/root/dmd2/linux/bin64/dub
root@RegalMusty-VM:~/dmd2/linux/bin64#
这样dmd和dub就安装好了。
https://github.com/dlang/dub
中文
Simple experimental TCP proxy using Enigma rotor cipher applied to base24 encoded data, written in D. The only dependency is botan.
Flint provides strong integrity and really weak confidentiality, as Enigma is a WWII cipher. It is recommended to use stunnel for some true confidentiality.
Building
dub build --build=release
flint.config and server side flint.config_server. You can start the server using --config=flint.config_server.Where are my keys?
cd keytool
dub --build=release
Usage
Use--config=<file> to specify a config file. Explanations go below.type should be client or server.rotors and rings should be the settings of the first, second and third rotors. reflector is the type of the reflector. Only 3 rotors are supported currently. See enigma.d for available types.On client side,
listen and port specify where to listen for application connections and remote and rport specify the server address. On server side, listen and port specify where to listen for clients and remote and rport specify where to forward applications connections to. timeout is the timeout of client or server connections and does not affect application connections. idletimeout affects only the server and specifies the length of inactivity before disconnecting a client.keyfile specifies the RSA public or private key file. powleadingzero is the required number of leading zero bytes (0x00) in client's proof of work and powfirstbytemax is the the highest acceptable value of the first non-zero byte in client's proof of work. powsalt is the salt value for proof of work hashes. maxdisconnectdelay is the the maximum delay when disconnecting, during which a random delay between 0 and this value will be chosen and the shutdown of connection will only be done after the random delay.How does it work?
Flint multiplexes application TCP connections in one TCP connection. When started, the client does a proof of work and then connects to the server. The first message sent over the connection is the 'hello' message from client to server, which is a 32-byte proof of work string followed by some random alphabetical data. The server checks the proof of work and replies with a 'cookie' message, which is a 8-byte cookie concatenated with a 26-byte alphabet, followed by some random alphabetical data. The client then replies with a 'key' message, which is a base24 encoded RSA cipher string containing crypto keys, mixed with the two letters unused in the base24 process and followed by some random alphabetical data again. After the server's successful decryption, the handshake is finished. The three handshake messages have no length field and flint clearly has broken behavior that an intact message is required to be received at one time. Spaces are always ignored in flint protocol, so an arbitrary amount of spaces could be added into the message being sent over the wire, making flint data stream look more like plain text and enables flint to be a replacement of bananaphone.After handshake, the following message structure is used.
[HMAC][length authentication tag][length][payload]
from https://github.com/nametoolong/flint
----------
dub的安装,参见https://dlang.org/download.html#dmd
在64位linux vps上,安装dmd和dub
wget http://downloads.dlang.org/releases/2.x/2.078.1/dmd.2.078.1.linux.tar.xz
tar Jxvf dmd.2.078.1.linux.tar.xz
cd dmd2
root@RegalMusty-VM:~/dmd2# ls
README.TXT html linux osx solaris windows
freebsd license.txt man samples src
root@RegalMusty-VM:~/dmd2# cd linux
root@RegalMusty-VM:~/dmd2/linux# ls
bin32 bin64 lib32 lib64
root@RegalMusty-VM:~/dmd2/linux# cd bin64
root@RegalMusty-VM:~/dmd2/linux/bin64# ls
README.TXT dman dmd.conf dumpobj obj2asm
ddemangle dmd dub dustmite rdmd
(dmd和dub是可执行文件)
root@RegalMusty-VM:~/dmd2/linux/bin64#
root@RegalMusty-VM:~/dmd2/linux/bin64# echo 'export PATH=$PATH:~/dmd2/linux/bin64'>> /etc/profile
root@RegalMusty-VM:~/dmd2/linux/bin64# . /etc/profile
root@RegalMusty-VM:~/dmd2/linux/bin64# which dmd
/root/dmd2/linux/bin64/dmd
root@RegalMusty-VM:~/dmd2/linux/bin64# which dub
/root/dmd2/linux/bin64/dub
root@RegalMusty-VM:~/dmd2/linux/bin64#
这样dmd和dub就安装好了。
https://github.com/dlang/dub