Privacy and security-focused messaging application featuring end-to-end encryption.
Built with WebSockets, Drogon HTTP web framework, and SQL database for secure communication.
Features • Installation • Building • Usage • E2E Encryption • Testing • Architecture • Contributing
Sentinel is a proof-of-concept, privacy and security-focused messaging application co-created as a demonstration of secure communication protocols. It features end-to-end encryption and utilizes WebSockets, the Drogon HTTP web framework, and an SQL database to provide a secure and efficient communication platform. After completing the text-based user interface and proof of concept, the project was open-sourced for the community to learn from and build upon.
- End-To-End Encryption: All messages are encrypted between clients for maximum privacy
- WebSocket Support: Real-time, bidirectional communication for instant messaging
- Drogon Framework: High-performance C++ HTTP application framework
- SQL Database: Reliable data persistence with database integration
- Text-Based UI: Clean, minimal interface for terminal-based communication
- Privacy-Focused: Built with security and user privacy as primary concerns
- C++ compiler with C++17 support
- CMake (3.10 or higher)
- vcpkg package manager (recommended)
- Drogon framework
git clone --recursive https://github.com/theczechr/Sentinel-server.git
cd Sentinel-servervcpkg install drogon:x64-windows opensslvcpkg install drogon opensslmkdir build
cd build
cmake ..
make- Open the project in Visual Studio
- Configure CMake with vcpkg toolchain
- Build the solution
The server is designed as a dumb relay. It does not decrypt messages. Clients are responsible for encrypting/decrypting.
- Register:
/register?username=<u>&pub_key_fprint=<f>&recovery_phrase=<r>[&public_key=<base64>] - Publish/rotate key:
/publishPubKey?pub_key_fprint=<f>&public_key=<base64>&signed_payload=<base64>&signature=<base64>- Server validates that
pub_key_fprintequalsSHA-256(public_key)in lowercase hex and verifies the Ed25519signatureoversigned_payload. signed_payloadformat:pub_key_fprint|timestamp(as UTF-8), Base64-encoded; max age 5 minutes.- Rate limit: 5 publish attempts per minute per
ip|pub_key_fprint.
- Server validates that
- Discover peer key:
/getPubKey?pub_key_fprint=<peer_fingerprint>returns the peer’s public key string (empty if unknown). - Send messages: Encrypt on the client, then send the opaque ciphertext to
/sendtxt?room_name=<room>. The server relays without inspecting or logging message contents. - Message size limit: Text frames larger than 64KB are dropped by the server.
- Public key persistence: Published keys are stored on disk in a simple file-backed store (
keys.db). Replace with a production database for real deployments.
Build tests alongside the project:
mkdir build && cd build
cmake ..
make SentinelTests
./tests/SentinelTests # or run per-test binaries if splitThis project is open source and available under the MIT License.
- Built with Drogon - A C++14/17-based HTTP application framework
- Inspired by the need for privacy-focused communication tools
Made with ❤️ for secure communication