How hard is it to develop a secure, client-server style messaging system that supports multiple devices per user and multiple recipients per message?

This is my attempt to find out!

This repository contains the server portion of the system against which many potential clients can be built (Desktop CLI, Desktop GUI, mobile, js).

The design aims to retain as little data as possible:

• Username
• master verification key
• device verification key
• device public key
• messages awaiting delivery
• message recipients for messages awaiting delivery

No authentication is provided for API responses. It is necessary to implement public access to the server through at least one of:

• SSL terminator (e.g. nginx/haproxy), ECDH recommended
• Tor Hidden Service
• I2P eepsite

• Fedora:
  • dnf install redhat-rpm-config python3-devel libffi-devel libsodium-devel mariadb-devel mariadb-server python3-pip python3-virtualenvwrapper

• CREATE DATABASE shsmd;
• CREATE USER 'shsmd'@'%' IDENTIFIED by 'shsmd';
• GRANT ALL ON shsmd.* TO 'shsmd'@'%';

• git clone https://github.com/sinner-/shsmd
• cd shsmd
• source /usr/bin/virtualenvwrapper.sh
• mkvirtualenv shsmd
• python setup.py install
• shsmd-manage --initschema

• workon shsmd (if not already in virtualenv created during setup
• shsmd-api (optionally run shsmd-manage --dropschema --initschema first)