I am in the process of creating a flutter application that will include direct messaging. You can message 1 person or a group of people. I want this to all be encrypted for privacy.
The method I was thinking about is to do a hybrid RSA, AES system. On signup, a RSA key pair would be generated and the public key would be sent to the database for storage. Then when the user wants to message someone, they would request the other persons public key and create a AES-256 key for encrypting any messages. Then when the user wants to send the message it will be encrypted with AES and the AES key will be encrypted with RSA, so that the receiver can decrypt the message.
The problem I am facing is that I want the user to be able to sync the messages across devices. I had the idea of generating the public and private keys from a mnemonic phrase and then using that for recovery.
However this doesn’t solve the AES recovery issue. I am unsure if storing the AES key in the database for each chatroom is secure, even if it is encrypted with RSA. An encrypted AES key for each person involved in the chat would have to be stored.
If anyone has any recommendations or tips please let me know.