Score:0

How to use symmetric encryption on 1on1 and group chat messenger?

cn flag

Hi everyone so currently I'm trying to learn about encryption to build secure messaging app (Mobile-app, flutter based). I want the app to have 2 messaging features which are 1 on 1 messaging and group-chat messaging. Firstly I wanted to try using symmetric encryption for the app, but there are some question that make me a little bit confused:

1. When using symmetric encryption, assuming that each user have their own key. When Person A send message Person B should we fetch the person A key or person B key for the encryption ?

2. What's the best practice to store the user key ? can I just generate the key and keep it in the cloud database ?

3. Can I do like some double AES algorithm for the encryption? So the potential hacker will have to do more work for altering the system (1 main app Key, 1 user key)

4. How does symmetric encryption work for group chat messenger ? I don't get the flow logic

Eugene Styer avatar
dz flag
Any reason that TLS (transport-layer security, sometimes called SSL) won't handle your situation?
Kim San avatar
cn flag
how does SSL help with my current situation ? can you explain it to me please ?
Eugene Styer avatar
dz flag
TLS provides security (the "S" in "HTTPS" for example) between a client and a server. If you are using a central server, get a certificate for your server, and TLS handles all the details of encryption between the client and server. You would just need to handle the username/password for A and B. The private key corresponding to the public key in the certificate needs to be secret, but not much else. If you want A to send messages directly to B (peer-to-peer networking) then treat A as the client and B as the server. Again TLS will handle the rest of the details.
Jake Peralta avatar
mx flag
Just for clarification of @KimSan as you're learning encryption, in Symmetric encryption key used by both users will be same. So you need different key for each conversation but not for user.
Score:0
jp flag
Lev

Here are some resources which might help you understand your problem.

This kind of use-case lends itself to the use of public key cryptography. Secure messaging protocols of this form already exist - see the Signal protocol.

If you are insistent on using symmetric key encryption. See the Kerberos protocol, which is a solution to your first two questions.

  1. Can I do like some double AES algorithm for the encryption? So the potential hacker will have to do more work for altering the system (1 main app Key, 1 user key)

There are many answers to this question. For instance, here.

  1. How does symmetric encryption work for group chat messenger ? I don't get the flow logic

This is not a trivial thing to construct. This is a brief video which explains why.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.