mafintosh / webcat Goto Github PK

Mad science p2p pipe across the web using webrtc that uses your Github private/public key for authentication and a signalhub for discovery

License: MIT License

JavaScript 100.00%

webcat's Introduction

webcat

Mad science p2p pipe across the web using webrtc that uses your Github private/public key for authentication and a signalhub for discovery

We also want to support other key hosts beyond Github. If you have suggestions or want to help implement this check out this issue.

npm install -g webcat

If you have trouble getting it to compile try following the wrtc install instructions

Usage

webcat lets you establish a p2p pipe to other github users over the web. Let's say I wanted to connect to @maxogden

First I need to configure webcat once

webcat --configure
Enter your github username: mafintosh

Then on my machine I run

webcat maxogden
hello max

On Max's machine he runs

webcat mafintosh
hi mathias

webcat will create a p2p pipe between connect me and max by using a signalhub to exchange webrtc metadata and Github private/public keys to authenticate that Max is actually @maxogden and that I am actually @mafintosh

On my machine my prompt now looks like

webcat maxogden
hello max
hi mathias

And on Max's machine it now looks like

webcat mafintosh
hi mathias
hello max

How it works

webcat works the following way

First you sign a message that says you want to connect to another user using your Github private key
You post this message to a known signalhub in the channel /{another-username}
The other user does the same thing only they posts it to the channel /{my-username}
One of you receives the connect message and verifies that it came from the right person by looking up the other users public key using https://github.com/{another-username}.keys (and this will work in the browser if Github adds CORS GET to this API!)
You then create a webrtc signal handshake, sign it and post it to the other user's lobby
The other user receives this and posts back a signed version of their signaling data
You use this data to establish a secure webrtc connection between eachother that is encrypted using DTLS
You are now connected :)

warning. we invented the first 6 parts of this scheme. it has not been properly peer reviewed so use at your own risk :)

we use the following crypto dependencies:

openssl from node core (rsa signing and https for fetching public keys)
dtls from webrtc

Use cases

You can use webcat to pipe files across the internet!

On my machine

webcat maxogden < some-file

On Max's machine

webcat mafintosh > some-file

Pipe to yourself

Assuming you have your github key on two different machines you can also open and pipe between them by using the same username.

On one machine connected to the internet that has your Github key

echo machine one | webcat mafintosh

On another machine connected to the internet that has your Github key

echo machine two | webcat mafintosh

Programmatic usage

You can use webcat from node as well.

var webcat = require('webcat')

var stream = webcat('mafintosh') // put in the name of the person you want to talk to
process.stdin.pipe(stream).pipe(process.stdout)

License

MIT

webcat's People

Contributors

Stargazers

Watchers

Forkers

reqshark prodigeni c0dr amir-s jabez128 cool-aleuser01 imclab omphalos raymond-h maniacs-satm galeksandrp hackur wolfforest puppycodes evaluation-alex kidgodzilla hamnox zouxuewei clean-code-studio

webcat's Issues

support other key hosts beyond github

right now we use github because: https://github.com/maxogden.keys

but we should be able to use any scheme where you can type a username and it can figure out how to get a public key. it should probably prompt the user and double check that they wanna trust the public key from the domain it resolves, similar to what keybase does.

keybase might be a good next one to support actually, as they have a CORS enabled endpoint to get the pgp key for any user

node-pre-gyp not installed?

It seems node-pre-gyp is a dependency (??) and not listed (???):

npm ERR! [email protected] install: `node-pre-gyp install --fallback-to-build`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script 'node-pre-gyp install --fallback-to-build'.
npm ERR! This is most likely a problem with the wrtc package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node-pre-gyp install --fallback-to-build
npm ERR! You can get their info via:
npm ERR!     npm owner ls wrtc

the first webcat national user

leave this issue open for the internet historical societies and for visibility

23:20 $ webcat maxogden
YO REQSHARK!
IM IN SEATTLE
dope
got
it
woooooooot. im on some router at a meetup space. nat traversal FTW
mafintosh is sitting next to me fixing a bug in the lobby so connections work better (it caches too long right now and ports get closed but you get the old ports from the lobby)
holy shit this is real
you guys are my heros
haha
im moving to california on saturday
BAY AREA
fuck new york
you have the honor of being the first webcat national user
this is wonderful
also this is encryptted
encrypted*
ya just dont mess with my .ssh dir
tcause webrtc generates a new keypair and does diffie helman between the peers
^R
lol
awesome
so it fucking works

Support binary transfers

This module is sweet! I cant believe it does all of that in so few lines of code

@feross and I just tried streaming a one-hour-long mp3 using webcat.

The first issue we ran into is that webcat doesn't support binary data. Maybe it's interpreting the input as ascii or UTF8? Either way, I had to pipe thru base64 before sending it thru webcat.

With that workaround, it works for a few minutes before it dies. I think what's going on is that there isn't any backpressure, so the receiving webcat process buffers a lot of data. Once the whole (~150MB) file is sent, the sending webcat process closes the connection & exits. The receiving process sees the connection died and exits as well, even though it still has lots of data that needs to be flushed to stdout.

With the following fixes, I think it would work

Flush stdout before exiting (most important)
Handle binary input
Implement back pressure

use github-current-user

✨

TypeError: Object #<Object> has no method 'indexOf'

I've configured webcat but if I try and initiate a session with another user I get this error

/Users/owen/.nvm/v0.10.36/lib/node_modules/webcat/node_modules/ghsign/index.js:24
  return key.indexOf('-----BEGIN ') > -1 ? key : sshKeyToPEM(key)
             ^
TypeError: Object #<Object> has no method 'indexOf'
    at toPEM (/Users/owen/.nvm/v0.10.36/lib/node_modules/webcat/node_modules/ghsign/index.js:24:14)
    at Array.map (native)
    at signer (/Users/owen/.nvm/v0.10.36/lib/node_modules/webcat/node_modules/ghsign/index.js:42:32)
    at /Users/owen/.nvm/v0.10.36/lib/node_modules/webcat/node_modules/ghsign/index.js:95:20
    at identitiesAnswer (/Users/owen/.nvm/v0.10.36/lib/node_modules/webcat/node_modules/ghsign/node_modules/ssh-agent/lib/ssh_agent_client.js:179:12)
    at Socket.<anonymous> (/Users/owen/.nvm/v0.10.36/lib/node_modules/webcat/node_modules/ghsign/node_modules/ssh-agent/lib/ssh_agent_client.js:279:12)
    at Socket.emit (events.js:95:17)
    at Socket.<anonymous> (_stream_readable.js:765:14)
    at Socket.emit (events.js:92:17)
    at emitReadable_ (_stream_readable.js:427:10)

The only thing about my account that might be different is I have two factor auth on, but not sure if that's meaninful or not.

tried this, but it simply doesn't work

no error message, nothing.

i type "webcat [foo]" and foo does the same for me "webcat silky", the program stays up, and we type things, but we never see what we are typing on the others screen.

more efficient signing

rsa can be a bit slow especially if you have to do it a lot, it might be faster to just come up with a shared secret (ecdh is pretty cheap) and use hmacs to verify it incrementing the key each time (https://github.com/calvinmetcalf/hmac-stream does it for a binary stream or since it's already an object stream you could just do it manually).

Support sign/verify in options

It would be nice if a consumer of this library could pass some version of sign and verify in as options. I think that would remove the hard dependency on ghsign. Also it would help make the scheme more generic per the comments in #4. If this sounds okay I can probably put together a PR.

what's the addressable context

can i do this locally?

or should i be typing this into a publicly addressable server terminal on the internet?

Dependent version of ghsign is broken

There is a bug in ghsign v2.0.0 which will be fixed when mafintosh/ghsign#7 is merged (hopefully). When a new version of ghsign is released it should be upgraded here.

Currently you'll get the error "ReferenceError: yourPrivateKey is not defined" when using webcat for the first time