Building a secure private chat application with VB.NET

Introduction

Text chatting is becoming a popular way to communicate with clients and coworkers, and for good reason. However, exchanging sensitive information through the Internet could be a problem in some situations.

This article shows how to build a secure private chat application in VB.NET.

Before we start

Download and install the freeware edition of secure socket library, which is free for non-commercial use.

It offers a simple alternative to the standard SSL based solutions for small to medium groups. The component employs 128-bit AES encryption, without need of SSL certificates. Instead, it uses a shared secret key, which creates an application-based virtual private network.

Main form

Load the sample project SecureChat and open the form frmMain in the designer.

All communication is done through the main form. We place a read-only TextBox for the log, another small TextBox for composing the new messages, a ListView for the list of connected peers, and two buttons for sending the messages: to the selected user and to all users. The main menu provides access to the other forms.

Points of interest

In the form creation routine, we set the properties of the socket component to their initial values.

  'Set the component properties
  Private Sub SetSettings()
    If frmSettings.txtKey.Text > "" Then
      SockLib.SecurityMode = 2  'shared secret key
      SockLib.SecretKey = frmSettings.txtKey.Text
    Else
      SockLib.SecurityMode = 0  'no encryption
    End If

    SockLib.StopListening()
    If frmSettings.cbxAccept.Checked Then
      SockLib.StartListening(Val(frmSettings.txtPort.Text))
    End If
  End Sub

property SecurityMode - a value of 0 sets a plain mode, without encryption. We are going to use value 2, which sets an encryption mode with a shared secret key.

property SecretKey - holds the cryptographic key used to encrypt the data. Only peers with the same key will be able to connect to us.

method StartListening - If we want to accept incoming connection, we must call this method beforehand.

The socket component events of interest are:

OnSessionInvoked event is generated when an incoming connection is just established.

  'A new session is open because of an incoming call
  Private Sub SockLib_OnSessionInvoked(ByVal sender As Object, ByVal e As AxbsSocketLibrary.IBSSockLibXEvents_OnSessionInvokedEvent) Handles SockLib.OnSessionInvoked
    AddPeer(e.aHandle)
  End Sub

We invoke the subroutine for adding a new peer.

OnSessionCreated event is generated when an outgoing connection is just established.

  'Successful call
  Private Sub SockLib_OnSessionCreated(ByVal sender As Object, ByVal e As AxbsSocketLibrary.IBSSockLibXEvents_OnSessionCreatedEvent) Handles SockLib.OnSessionCreated
    CallHandle = 0
    AddPeer(e.aHandle)
  End Sub

We reset the call handle and invoke the subroutine for adding a new peer.

OnSessionClosed event is generated when a connection has just been broken.

  'The socket is disconnected
  Private Sub SockLib_OnSessionClosed(ByVal sender As Object, ByVal e As AxbsSocketLibrary.IBSSockLibXEvents_OnSessionClosedEvent) Handles SockLib.OnSessionClosed
    lvPals.Items.RemoveAt(IndexFromSocket(e.aHandle))  'remove the list item
    UpdateStatus()
  End Sub

We have to find the list item representing the connection and to remove it.

OnPacketReceived event is generated whenever a new data packet is received.

  'A new packet is available
  Private Sub SockLib_OnPacketReceived(ByVal eventSender As System.Object, ByVal eventArgs As AxbsSocketLibrary.IBSSockLibXEvents_OnPacketReceivedEvent) Handles SockLib.OnPacketReceived
    Select Case SockLib.GetRcvdCmnd(eventArgs.aHandle)
      Case pcUSER
        Call HaveUser(eventArgs.aHandle)  'user message
      Case pcCHAT
        Call HaveChat(eventArgs.aHandle)  'chat message
    End Select
  End Sub

We have to examine the packet command with method SockLib.GetRcvdCmnd and to invoke the appropriate subroutine.

Creating a new connection

To establish a new connection to another peer, we have to call the method SockLib.CreateSession(Addr, Port), passing as parameters the IP address/domain name and the listening port of the peer.

  'Initiate a call
  Private Sub miConnect_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles miConnect.Click

    If frmConnect.ShowDialog <> DialogResult.OK Then Exit Sub

    'create a new calling socket
    CallHandle = SockLib.CreateSession(frmConnect.txtIP.Text, Val(frmConnect.txtPort.Text))
    If CallHandle = 0 Then
      Call MsgBox("Cannot initiate a call", MsgBoxStyle.SystemModal, "Error")
      CallHandle = 0
    End If

    UpdateStatus()
  End Sub

If the call cannot be initiated, we show an error message. The event OnSessionCreated will be fired when the connection is established successfully.

Sending a chat message

In order to send a message to a peer, we have to store the message text in the outgoing buffer with SockLib.TextToBuffer and post a packet with SockLib.SendPacket, passing as parameter the command ID identifying a chat message.

  'Send a message to the selected peer
  Private Sub btnSendOne_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSendOne.Click
    Dim Line As String

    Call SockLib.TextToBuffer(lvPals.SelectedItems(0).Tag, txtMessage.Text)   'Store the message
    Call SockLib.SendPacket(lvPals.SelectedItems(0).Tag, pcCHAT)              'Send the message
    Line = ""
    If txtLog.Text > "" Then
      Line = Chr(13) & Chr(10)
    End If
    Line = Line & "[" & VB6.Format(Now, "hh:mm:ss") & "] " & frmSettings.txtUser.Text & ": " & txtMessage.Text
    txtMessage.Text = ""
    txtLog.Text = txtLog.Text & Line
  End Sub

The message text is added to the log, and the composing text box is cleared.

Settings form

The form frmSettins asks the user to specify some options such as the local user name, crypto key and listening port.

Connection form

The form frmConnect asks the user to enter the host address and the listening port of the peer before a new connection request to be issued.

The bottom line

Communicating over the Internet in real time can streamline communications and save you time and money. In this article we presented one simple solution how to secure the connections for private use.

(c) BigSpeed Computing Inc. - Secure private networking