Whenever a new client gets connected, he generates public-private RSA key pair, the public key is then sent to the server, which saves it in connection with that client. All messages sent from this client must also contain messages signature, which prevents others from impersonating the client. In case the signature is wrong, a warning message will be sent by server informing all other clients that someone's account is compromised.