CipherMQ 1.4.2

In this release, we've made some minor changes to the directory structure of CipherMQ.

CipherMQ 1.4.1

Summary of this version 🚀:

This release introduces a complete overhaul of the encryption system to align with international hybrid encryption standards. The new implementation adheres to RFC 7539 and RFC 8439, ensuring robust security, compatibility with modern cryptographic libraries, and compliance with industry best practices.

Key Changes

1. Standardized Hybrid Encryption

• Description: Transitioned to a standardized hybrid encryption model combining asymmetric and symmetric cryptography for enhanced security and efficiency.
• Details:
  • Session Key Generation: Random 256-bit session key generated per message using a secure random number generator.
  • Asymmetric Encryption: Session key encrypted using the recipient's public key with X25519 and SealedBox (libsodium).
  • Symmetric Encryption: Message content encrypted using ChaCha20-Poly1305 AEAD, ensuring confidentiality, integrity, and authenticity.
  • Message Structure: Transmitted as enc_session_key || nonce || (ciphertext || tag), following AEAD standards.
• Benefits:
  • Conformance to RFC 7539 (ChaCha20 and Poly1305 for IETF Protocols) and RFC 8439 (ChaCha20-Poly1305 AEAD Construction).
  • Forward secrecy with unique session keys per message.
  • Unique nonces to prevent replay attacks.
  • Post-quantum readiness with X25519-based key exchange.
  • Compatibility with modern cryptographic libraries like libsodium.

2. Removal of Manual Authentication Tag Separation

• Reason for Change:
  • Eliminates error-prone manual handling of authentication tags.
  • Ensures compliance with AEAD standards, where the tag is managed automatically by the ChaCha20-Poly1305 construction.
  • Improves compatibility with standard cryptographic libraries.
• Impact:
  • Reduced risk of implementation errors.
  • Streamlined encryption and decryption processes.
  • Enhanced reliability and maintainability.

CipherMQ 1.4.0

What's New 🚀

Database Backend Migration

• SQLite to PostgreSQL: Switched from SQLite to PostgreSQL for enhanced scalability and concurrency in key storage.
• Public Key Storage: public_keys table now stored in PostgreSQL, with client public keys encrypted using ChaCha20-Poly1305.
• Metadata Table: Added message_metadata table to store message-related metadata.

Storage Enhancements

• Updated Storage Logic: Revised storage.rs to use tokio-postgres for asynchronous PostgreSQL queries, replacing synchronous rusqlite operations.
• Table Structure:
  • public_keys: Fields include client_id, public_key_ciphertext, nonce and tag .
  • message_metadata: Fields include message_id, client_id, exchange_name, routing_key ,sent_time, delivered_time and acknowledged_time .
• Metadata Insertion: Implemented logic in storage.rs to insert metadata for each message during publish operations, updating status on acknowledged_time (ACK).
• Error Handling: Enhanced StorageError to handle PostgreSQL-specific errors while maintaining compatibility with existing error types.

Configuration Updates

• Database Configuration: Updated config.rs to include PostgreSQL connection parameters (host, port, user, password, dbname) in DatabaseConfig.
• Validation: Strengthened Config::load to validate PostgreSQL connection parameters for TLS configurations, ensuring robust setup.

Changes from 1.3.1

• Replaced SQLite with PostgreSQL for public_keys and added message_metadata table.
• Updated storage.rs for async PostgreSQL integration and metadata handling.
• Modified config.rs to support PostgreSQL connection details.

Issues Fixed

• No specific bug fixes; focus on database migration and metadata tracking for improved performance.

CipherMQ 1.3.1

Issues Fixed

• Removed redundant files from the source code, resulting in a cleaner codebase.
• Deleted the benchmark directory associated with the CipherMQ 1.2.0 release.

CipherMQ 1.3.0

What's New 🚀

• Dynamic CN-based Key Distribution:
  • Replaced static client_id with Common Name (CN) extracted from receiver’s mTLS certificate (client.crt) during TLS handshake.
  • Server stores public keys in SQLite using CN as the identifier, encrypted with AES-GCM.
  • Updated register_key to register_key <public_key> and get_key to get_key <receiver_cn>.
• Hybrid Encryption Update :
  • Replaced RSA with x25519 for session key encryption, maintaining AES-GCM-256 for message encryption to support Perfect Forward Secrecy.
• Configuration Updates:
  • Updated sender_config.json to use receiver_cns (list of Common Names) instead of receiver_client_ids.
  • Added aes_key in config.toml for SQLite encryption.
  • Standardized certificate paths to certs.
• Code Enhancements:
  • Modified receiver.py to extract CN from client.crt for register_key.
  • Updated sender.py to use CN for get_key and store keys as certs/<receiver_cn>_public.key.
  • Added storage.rs for SQLite-based key management.
• Documentation Improvements:
  • Updated Project_Architecture.md with CN-based key distribution, x25519 encryption, and timestamped logging.
  • Revised Activity_Diagram. and Sequence_diagram to reflect CN extraction and key distribution processes.

Changes from 1.2.0

• Replaced static client_id with dynamic CN extracted from mTLS certificate.

• Replaced RSA with x25519 for session key encryption.

• Introduced automated public key distribution via register_key and get_key.

Installation

Follow the updated README.md for mTLS setup and certificate generation instructions.

Issues Fixed

• Eliminated static client_id configuration, resolving manual identifier management issues.

• Resolved RSA-related security concerns by adopting x25519.

CipherMQ 1.2.0

what's new

• Mutual TLS (mTLS) Support: Added two-way authentication for secure client-server communication using X.509 certificates (ca.crt, client.crt, client.key).
• Updated Configuration:
  • Server: Added ca_cert_path in config.toml for client certificate verification.
  • Clients: Added client_cert_path and client_key_path in config.json for mTLS.
• Improved Documentation:
  • Updated README.md and Project_Architecture.md to reflect mTLS setup and certificate generation.
• Code Enhancements:
  • Kept #[allow(dead_code)] for configure method in auth.rs to maintain future extensibility.

Changes from v1.1.1

• Replaced TLS with mTLS for enhanced security with client authentication.

Installation

Follow the updated [README.md] for mTLS setup and certificate generation instructions.

Issues Fixed

• Clarified certificate paths and mTLS configuration to prevent handshake errors.
• Enhanced logging for mTLS connection status.

CipherMQ 1.1.1

Feature of this release:

TLS-only implementation: Disabled TCP connections to focus exclusively on TLS protocol for enhanced security

Changelog:

• Commented the TCP connection (See this commit)

CipherMQ 1.1.0

What's new in CipherMQ 1.1.0

• Added TLS support for secure client-server communication 🔐
• Refactored codebase into modular architecture 🧑‍💻
• Enhanced security and code organization 🪪

CipherMQ 1.0.0

Features of the first stable release 🚀

• Hybrid Encryption: Combines RSA for session key encryption and AES-GCM for message encryption and authentication.
• Zero Message Loss: Sender retries until server acknowledgment (ACK <message_id>), and server retries delivery until receiver acknowledgment (ack <message_id>).
• Exactly-Once Delivery: Receiver deduplicates messages using message_id to prevent reprocessing.
• Reliable Batch Processing: Sender collects and sends all queued messages in batches, ensuring no messages are missed.
• Clear Acknowledgment Logging: Both sender and receiver log ACKs for visibility (e.g., ✅ [SENDER] Server ACK received and ✅ [RECEIVER] Server confirmed ACK).
• Push-Based Messaging: Messages are actively delivered to connected consumers.
• Flexible Routing: Supports exchanges and queues with routing keys for message delivery.
• Asynchronous Processing: Uses Tokio for high-performance, concurrent connection handling.
• Thread-Safe Data Structures: Leverages DashMap for safe multi-threaded operations.

Note

For windows users we put the compiled (binary) file ciphermq.exe in the assets. You can only download and run this file to run the server and enjoy 😎. In the upcoming release, we will also upload the binary for other operating systems.

CipherMQ 0.2.0

Features of this release

• Hybrid Encryption: Combines RSA for session key encryption and AES-GCM for message encryption and authentication.
• Zero Message Loss: Sender retries until server acknowledgment (ACK <message_id>), and server retries delivery until receiver acknowledgment (ack <message_id>).
• Exactly-Once Delivery: Receiver deduplicates messages using message_id to prevent reprocessing.
• Clear Acknowledgment Logging: Both sender and receiver log ACKs for visibility (e.g., ✅ [SENDER] Server ACK received and ✅ [RECEIVER] Server confirmed ACK).
• Push-Based Messaging: Messages are actively delivered to connected consumers.
• Flexible Routing: Supports exchanges and queues with routing keys for message delivery.
• Asynchronous Processing: Uses Tokio for high-performance, concurrent connection handling.
• Thread-Safe Data Structures: Leverages DashMap for safe multi-threaded operations.