gossip Svelte Themes

Gossip

An E2E encrypted hub & spoke communications network with WebRTC P2P calling, built with Golang and Svelte

Gossip

End-to-End Encrypted Hub & Spoke Communications Network with Mesh P2P WebRTC Voice and Video Calling

Overview

Gossip is a secure, decentralized communications platform that combines the reliability of a hub-and-spoke architecture with the privacy and efficiency of peer-to-peer (P2P) connections. Built with Go and modern web technologies, Gossip provides end-to-end encrypted messaging, voice, and video calling capabilities.

Key Features

  • šŸ” End-to-End Encryption: All communications are encrypted using OpenPGP with elliptic curve cryptography
  • šŸ›”ļø Zero-Knowledge Architecture: Server cannot decrypt client communications despite facilitating key exchange
  • 🌐 Hub & Spoke Architecture: Centralized signaling server with decentralized P2P connections
  • šŸ“ž WebRTC Voice/Video: High-quality real-time communication using WebRTC with unlimited participant group calling*
  • šŸŽÆ Mesh P2P Network: Direct peer-to-peer connections for optimal performance
  • šŸ’¬ Ephemeral Messaging: Messages with configurable expiration times
  • šŸŽØ Modern UI: Beautiful, responsive interface built with Svelte and Tailwind CSS
  • šŸ”§ Cross-Platform: Desktop application built with Wails framework
  • šŸš€ Real-time: Instant messaging and live audio/video streaming

Architecture

System Components

ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”    ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”    ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”
│   Gossip Client │    │  Gossip Server  │    │  Gossip Common  │
│   (Desktop App) │◄──►│  (Signaling)    │◄──►│  (Shared Lib)   │
ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜    ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜    ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜
         │                       │                       │
         │                       │                       │
         ā–¼                       ā–¼                       ā–¼
ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”    ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”    ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”
│   WebRTC P2P    │    │   TCP Server    │    │   Crypto Utils  │
│   Connections   │    │   (Port 1720)   │    │   & Packets     │
ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜    ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜    ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜

Communication Flow

  1. Signaling Phase: Clients connect to the central server for initial handshake
  2. Zero-Knowledge Key Exchange: Public keys are exchanged through the server using client-side encryption
  3. P2P Establishment: WebRTC connections are established directly between peers
  4. Encrypted Communication: All data flows through encrypted P2P channels

Project Structure

gossip/
ā”œā”€ā”€ gossip-client/          # Desktop client application
│   ā”œā”€ā”€ frontend/          # Svelte-based UI
│   │   ā”œā”€ā”€ src/
│   │   │   ā”œā”€ā”€ App.svelte     # Main application component
│   │   │   ā”œā”€ā”€ Chat.svelte    # Chat interface
│   │   │   └── components/    # UI components
│   │   └── package.json
│   ā”œā”€ā”€ app.go             # Main application logic
│   ā”œā”€ā”€ stream.go          # WebRTC streaming implementation
│   ā”œā”€ā”€ audio.go           # Audio capture and playback
│   ā”œā”€ā”€ events.go          # Event handling
│   └── main.go            # Application entry point
ā”œā”€ā”€ gossip-server/         # Central signaling server
│   ā”œā”€ā”€ main.go            # Server entry point
│   └── events.go          # Server event handling
└── gossip-common/         # Shared utilities and protocols
    ā”œā”€ā”€ crypto.go          # Encryption/decryption functions
    ā”œā”€ā”€ packet.go          # Network packet definitions
    └── utility.go         # Common utilities

Technology Stack

Backend

  • Go 1.22.1+: Core application logic
  • Wails v2: Desktop application framework
  • WebRTC v4: Real-time communication
  • OpenPGP: End-to-end encryption
  • Pion: WebRTC implementation

Frontend

  • Svelte 4: Reactive UI framework
  • Tailwind CSS: Utility-first styling
  • Skeleton UI: Component library
  • Vite: Build tool and dev server

Networking

  • TCP: Server-client signaling
  • WebRTC: Peer-to-peer connections
  • STUN/TURN: NAT traversal

Installation

Prerequisites

  • Go 1.22.1 or higher
  • Node.js 18+ and npm
  • Git

Building from Source

  1. Clone the repository

    git clone https://github.com/yourusername/gossip.git
    cd gossip
    
  2. Build the common library

    cd gossip-common
    go mod download
    go build
    cd ..
    
  3. Build the server

    cd gossip-server
    go mod download
    go build -o gossip-server
    cd ..
    
  4. Build the client

    cd gossip-client
    go mod download
    cd frontend
    npm install
    npm run build
    cd ..
    wails build
    

Usage

Starting the Server

cd gossip-server
./gossip-server [options]

Options:
  -h string     IP to listen on (default "127.0.0.1")
  -p int        Port to listen on (default 1720)
  -k string     Server password (default "anonymous")
  -d            Enable debug logging
  -l            Enable connection logging

Running the Client

  1. Launch the application

    cd gossip-client
    ./gossip-client
    
  2. Connect to a server

    • Enter server host (default: 127.0.0.1)
    • Enter port (default: 1720)
    • Enter server password
    • Enter your username
  3. Start communicating

    • Send messages in channels
    • Initiate voice/video calls
    • Manage your settings

Security Features

Zero-Knowledge Key Exchange

Gossip implements a sophisticated zero-knowledge key exchange mechanism that ensures the server cannot decrypt any client-to-client communications, even though it facilitates the key distribution process.

Key Exchange Process

  1. Client Registration: When a client connects, it sends its public key to the server
  2. Server Encryption: The server encrypts each client's public key with the recipient's public key before forwarding
  3. Client Decryption: Each client decrypts received public keys using their private key
  4. Secure Communication: Clients can now communicate directly using each other's public keys

Zero-Knowledge Properties

  • Server Blindness: The server never sees unencrypted public keys
  • Client-Side Encryption: All key encryption/decryption happens on client devices
  • No Key Storage: The server only stores encrypted keys temporarily
  • Forward Secrecy: Even if server is compromised, past communications remain secure

Implementation Details

// Server encrypts client keys before forwarding
encryptedKey, err := gossip_common.GWEncrypt(clientPublicKey, recipientPublicKey)
keyPacket := gossip_common.NewSignalPacketFromData("ckp", recipientID, senderID, encryptedKey)

// Client decrypts received keys
decryptedKey, err := gossip_common.GWDecrypt(packet.Payload)
publicKeys[packet.Sender] = decryptedKey

Encryption

  • OpenPGP Implementation: Uses elliptic curve cryptography
  • Key Generation: Automatic key pair generation on first run
  • Message Encryption: All messages encrypted with recipient's public key
  • Perfect Forward Secrecy: WebRTC provides additional security layer
  • Zero-Knowledge Key Exchange: Server cannot decrypt client-to-client communications

Authentication

  • Server Authentication: Password-based server access
  • Client Identification: Unique client IDs for message routing
  • Channel Security: Encrypted channel communications

Privacy

  • No Message Storage: Messages are ephemeral and not stored
  • P2P Communication: Direct connections bypass server for data
  • Configurable Expiration: Messages auto-delete after set time
  • Zero-Knowledge Architecture: Server acts as encrypted relay without decryption capability

Configuration

Server Configuration

The server creates configuration files in the system temp directory:

  • gossip_server.name: Server display name
  • gossip_channels.list: Available channels (one per line)

Client Configuration

Client settings are stored in gossip_settings.json:

{
  "selectedTheme": "wintry",
  "defaultUsername": "your_username",
  "defaultHost": "127.0.0.1",
  "defaultPort": "1720"
}

Development

Project Setup

  1. Install Wails CLI

    go install github.com/wailsapp/wails/v2/cmd/wails@latest
    
  2. Install frontend dependencies

    cd gossip-client/frontend
    npm install
    
  3. Run in development mode

    cd gossip-client
    wails dev
    

Code Structure

Packet Types

  • GMSigPacket: Signaling messages for WebRTC negotiation
  • GMDataPacket: Encrypted data messages with metadata
  • GMStreamPacket: Real-time audio/video streaming data

Security Packet Flow

Client A                    Server                    Client B
   |                          |                          |
   |-- GMSigPacket(grtng) -->|                          |
   |<-- GMSigPacket(hru) ----|                          |
   |-- GMSigPacket(ighru) -->|                          |
   |<-- GMSigPacket(ig) -----|                          |
   |-- GMSigPacket(gmk) -----|                          |
   |<-- GMSigPacket(ckp) ----|-- GMSigPacket(ckp) ----->|
   |                          |                          |
   |-- GMDataPacket(msg) ---->|-- GMDataPacket(msg) ---->|
   |                          |                          |

Packet Security Levels:

  • Type 0 (GMSigPacket): Server can read metadata, encrypted payload
  • Type 1 (GMDataPacket): Server cannot decrypt, only forwards
  • Type 2 (GMStreamPacket): Server cannot decrypt, targeted forwarding

Key Functions

  • Crypto: GWEncrypt(), GWDecrypt(), GenerateKeys()
  • Networking: SendSignalPacket(), SendDataPacket()
  • WebRTC: SendOfferToClient(), HandleOffer(), SendAudioToChannels()

API Reference

Client Methods

// Connection management
Boot(host string, port int, username string, password string) error
Disconnect() error

// Messaging
SendMessage(message string, expiry int64, channel string) error

// Voice/Video
StartRecording()
StopRecording()
ToggleGoMute()
ToggleGoDeaf()
UpdateCallID(callerID string)

// Settings
LoadSettings() (Settings, error)
SaveSettings(settings Settings) error

Server Commands

Authentication & Key Exchange

  • grtng: Client greeting with public key
  • hru: Server response with server public key
  • ighru: Encrypted password authentication
  • ig: Server confirmation of authentication
  • gmk: Request for all client public keys
  • ckp: Encrypted client public key packet
  • cup: Encrypted channel update packet
  • eok: End of keys transmission
  • rmk: Remove client key notification

Messaging & Calls

  • msg: Encrypted text message
  • gmp: Get call participants
  • start_call: Initialize call session
  • offer: WebRTC offer
  • answer: WebRTC answer
  • ice: ICE candidate exchange
  • hang-up: Terminate call session

Security Classification

  • Server-Readable: grtng, hru, gmk, eok, rmk (metadata only)
  • Server-Encrypted: ighru, ig, ckp, cup (server can decrypt for routing)
  • Client-Only: msg, offer, answer, ice (server cannot decrypt)

Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Development Guidelines

  • Follow Go coding standards
  • Add tests for new functionality
  • Update documentation for API changes
  • Ensure encryption security is maintained

Troubleshooting

Common Issues

  1. Connection Failed

    • Verify server is running
    • Check firewall settings
    • Confirm host/port configuration
  2. Audio/Video Issues

    • Check microphone/camera permissions
    • Verify WebRTC support in browser
    • Test with STUN/TURN servers
  3. Encryption Errors

    • Regenerate keys if corrupted
    • Check OpenPGP implementation
    • Verify key exchange process

Debug Mode

Enable debug logging for detailed troubleshooting:

# Server
./gossip-server -d -l

# Client (set debugLogging = true in main.go)

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

* Roadmap

  • Video calling support
  • File sharing capabilities
  • Mobile client development
  • Advanced encryption options
  • Server clustering support
  • Plugin system
  • API documentation

Gossip - Secure communications for the modern world. Built open and free by m4yc3x under the Open Research Initiative for Web Technologies Foundation

Top categories

Loading Svelte Themes