Signal Protocol for a P2P Webapp
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
@xoron Does it have to be compiled to WASM?
-
@xoron Does it have to be compiled to WASM?
fraid so. i would prefer to avoid it, but it seemed nessesary. i had an older version of it that was using the js primitives from the browser, but the issue there was that crypto primitives were not always provided by the browsers and different browsers have their only roadmap for supporting it.
so rust to wasm was a reliable way to get the crypto primitives needed. that was how it was done on several other projects including the official signal one.
-
fraid so. i would prefer to avoid it, but it seemed nessesary. i had an older version of it that was using the js primitives from the browser, but the issue there was that crypto primitives were not always provided by the browsers and different browsers have their only roadmap for supporting it.
so rust to wasm was a reliable way to get the crypto primitives needed. that was how it was done on several other projects including the official signal one.
@xoron Yes I understand that, I was more wondering if it couldn't have been a more general library which could compile to x86 or ARM?
-
@xoron Yes I understand that, I was more wondering if it couldn't have been a more general library which could compile to x86 or ARM?
i havent considered those compile targets. i supose it could be done. is there not something already out there?
i think it would be better to start off with the official version and take it from there. https://github.com/signalapp/libsignal
my version is created specifically for the browser environment.
-
R relay@relay.infosec.exchange shared this topic
