Score:1

End to end encrypted chat design

au flag

I am in the process of creating a flutter application that will include direct messaging. You can message 1 person or a group of people. I want this to all be encrypted for privacy.

The method I was thinking about is to do a hybrid RSA, AES system. On signup, a RSA key pair would be generated and the public key would be sent to the database for storage. Then when the user wants to message someone, they would request the other persons public key and create a AES-256 key for encrypting any messages. Then when the user wants to send the message it will be encrypted with AES and the AES key will be encrypted with RSA, so that the receiver can decrypt the message.

The problem I am facing is that I want the user to be able to sync the messages across devices. I had the idea of generating the public and private keys from a mnemonic phrase and then using that for recovery.

However this doesn’t solve the AES recovery issue. I am unsure if storing the AES key in the database for each chatroom is secure, even if it is encrypted with RSA. An encrypted AES key for each person involved in the chat would have to be stored.

If anyone has any recommendations or tips please let me know.

fgrieu avatar
ng flag
You are thinking of hybrid encryption. Usually, the AES key is drawn at random for each message, and not stored in clear anywhere: it's stored along or aside the AES-encrypted message, and encrypted using the public key of each intended recipient, including the public key(s) of the post author. Among the difficulties of what you plan is safe key distribution. "Generating the public and private keys from a mnemonic phrase" can be done, but users choose poor passwords/passphrases, thus at the bare minimum you want key stretching to try compensate that. There are other options.
Maarten Bodewes avatar
in flag
This can be "solved" in numerous ways. I put "solved" in quotation marks because there is always some level at trust required towards the presentation of the service. RSA key pair generation from a "seed" is e.g. covered [here](https://crypto.stackexchange.com/a/30216/1172) and note the most efficient option [in the other answer](https://crypto.stackexchange.com/a/30228/1172). To create the seed you'd use a PBKDF to provide the stretching mentioned above.
Matrix avatar
au flag
@fgrieu If I store each persons individual AES key encrypted by their own public key if anyone is able to crack that encryption then all of the messages would fall regardless if I use one AES key for the messages or a new one for each one that is my issue. The reason I was thinking to store the AES keys in the database is so the user can easily access messages on a new device, just by importong their mnemonic. Also for the mnemonic I am using bip39 so the users aren’t generating the mnemonic.
crypt avatar
cn flag
you may use double rachet algorithm by Signal to provide end to end encryption. Java implementation of Signal protocol is at https://github.com/signalapp/libsignal-protocol-java
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.