This project implements a secure, multi-client communication system in C++ using modern cryptographic algorithms: ChaCha20-Poly1305 for authenticated encryption and X25519 for secure key exchange. It allows simultaneous connections from multiple clients to a central server, enabling encrypted real-time messaging and file transfer with built-in logging and full control from the server side.
Designed as a robust, modular, and real-world secure communication platform.
Hereβs a live demonstration showing:
- The server running and accepting connections.
- 3 clients connected, each with a unique ID.
- Using the
listcommand to view connected clients. - Sending a
broadcastmessage to all clients at once.
- β End-to-end encryption using ChaCha20-Poly1305 (AEAD).
- β Ephemeral session keys via X25519 ECDH key exchange.
- β Multiclient support with unique session per client.
- β Encrypted file transfer including metadata (name, size).
- β Binary communication protocol (type + length + data).
- β XML-based configuration for IP/PORT.
- β Custom command interface for both client and server.
- β Logging system for all communications.
- β Safe packet reconstruction before decryption.
+------------+ +-------------+
| Client 1 | <--+ +->| Server |<--+--> Client N
+------------+ | | +-------------+ |
| ChaCha20 |<---+ +--| X25519 | +-> Logger
+------------+ +-------------+
- Each client initiates connection and performs ECDH handshake.
- A unique symmetric session key is derived.
- All communication is encrypted + authenticated using ChaCha20-Poly1305.
- Server handles multiple clients concurrently with threading.
graph LR
A[ChaCha20-Poly1305-X25519/] --> A1[README.md]
A --> A2[LICENSE]
A --> A3[client.cpp]
A --> A4[server.cpp]
A --> A5[common_crypto.h]
A --> A6[logger.h]
A --> A7[tinyxml2.cpp/.h]
A --> B[logs/]
B --> B1[communications_history.log]
A --> C[bin/]
C --> C1[client.exe]
C --> C2[server.exe]
A --> D[public/]
D --> D1[COMPILATION.md]
D --> D2[images/]
D2 --> D3[demo_execution.png]
A --> E[received_files/]
A --> F[src/]
F --> F1[client.bat]
F --> F2[server.bat]
F --> F3[client.xml]
F --> F4[server.xml]
- C++17 or higher
- OpenSSL (1.1.1+)
- TinyXML2
- g++ (MinGW-w64) for Windows
g++ client.cpp tinyxml2.cpp -lws2_32 -lssl -lcrypto -o bin/client.exe
g++ server.cpp tinyxml2.cpp -lws2_32 -lssl -lcrypto -o bin/server.exeEnsure that the DLLs from OpenSSL are accessible at runtime (libssl, libcrypto).
Use the .bat scripts to run:
src/client.bat
src/server.batThey load config from:
client.xmlfor the clientserver.xmlfor the server
Each file contains:
<config>
<ip>127.0.0.1</ip>
<port>40000</port>
</config>- X25519: Each connection uses ephemeral keys to derive a shared session key securely.
- ChaCha20-Poly1305:
- 256-bit key
- 96-bit nonce
- 128-bit authentication tag
- Nonces and keys are generated using secure RNG (OpenSSL).
Every message is sent in this format:
[ 4 bytes length ] [ 1 byte type ] [ encrypted content ] [ 16 bytes tag ]
- Types:
0x01Text message0xAAEncrypted file with metadata0x04Broadcast message0xFFExit / shutdown
- Command:
file <path> - Payload structure (encrypted):
[4 bytes client ID][4 bytes name_len][filename][8 bytes size][file_data]
- Files are saved on the server in
received_files/ - All parts (name, size, content) are encrypted.
- Client connects and receives server public key
- Client sends its public key
- Server derives shared key and sends nonce
- Communication begins: encrypted messages/files
- Messages are reconstructed based on length before decryption
- Each client gets a unique 4-digit ID
- Server operator can:
- List connected clients:
list - Send private messages:
send <id> <msg> - Broadcast to all:
broadcast <msg>
- List connected clients:
- Keys are ephemeral and regenerated on every connection
- No key is stored on disk
- Each session is uniquely encrypted
- AEAD cipher ensures confidentiality + authenticity
- No plaintext metadata transmitted
- Per-client encryption avoids shared state
- Secure random generation for all nonces and keypairs
- Logs never store plaintext content
mario@server:~$ list
[*] Connected clients:
ID: 1032
ID: 4821
mario@server:~$ send 1032 Hola, cliente 1032
[>] Message sent to Client 1032
mario@client[1032]:~$ file C:/Users/user/Desktop/test.pdf
[*] Archivo enviado: test.pdf (14358 bytes)Logs are automatically stored with timestamp, source, and message. Sample:
[2025-04-16 00:01:01.646] [Servidor 1842] Cliente conectado
[2025-04-16 00:01:08.984] [Servidor 7935] Cliente conectado
[2025-04-16 00:01:12.122] [Servidor 6263] Cliente conectado
[2025-04-16 00:03:20.371] [Broadcast 6263] Hola a todos los clientes
[2025-04-16 00:03:20.371] [Broadcast 7935] Hola a todos los clientes
[2025-04-16 00:03:20.371] [Broadcast 1842] Hola a todos los clientes
[2025-04-16 00:03:20.372] [Servidor -1] Broadcast: Hola a todos los clientes
[2025-04-16 00:03:45.434] [Servidor 7935] Hola cliente individual
[2025-04-16 00:04:11.820] [Cliente 1842] Hola Servidor, soy un Cliente
[2025-04-16 00:04:46.816] [Cliente 6263] Oye Servidor, te voy a enviar un NFT
[2025-04-16 00:05:42.763] [Cliente 6263] Archivo recibido: NFT_V5.jpg (72523 bytes)
[2025-04-16 00:06:09.480] [Servidor 6263] Recibido el NFT, muchas gracias
[2025-04-16 00:06:17.591] [Cliente 7935] Adios
[2025-04-16 00:06:20.620] [Servidor 7935] Cliente desconectado
[2025-04-16 00:06:35.365] [Cliente 6263] Tengo que irme
[2025-04-16 00:06:37.895] [Servidor 6263] Cliente desconectado
[2025-04-16 00:07:00.628] [Servidor -1] Server terminated via 'exit' command.
π Full log file available here: communications_history.log
Caution
The code provided is for educational and informational purposes only. The author assumes no responsibility for any misuse, damage, or consequences resulting from its application. Use at your own risk.
This project is licensed under a custom educational license.
See the full license here: LICENSE
Developed by @marichu_kt
Official Repository: ChaCha20-Poly1305-X25519