end to end encryption
Hi, I currently want to build a chat app with basic end to end encryption. Could someone show me a little bit how this should work?
Like how do both participants in a chat know with what to decrypt the messages?
Solution:Jump to solution
Both chat clients must generate a key pair, then send their public keys to one another. Before sending the message you encrypt it with the public key you got from them. When you receive the message you decrypt it with your private key.
13 Replies
Solution
Both chat clients must generate a key pair, then send their public keys to one another. Before sending the message you encrypt it with the public key you got from them. When you receive the message you decrypt it with your private key.
Ok, cool. How can I easily exchange the keys? In general. Or is the tech stack needed to give a profound anwser?
What types of tools are needed in order to do that? I already have my database and I think for the encryption/decryption the crypto web api is enough, right?
I think you can just send the public keys over https. Web crypto api is enough. You need the RSA-OAEP algorithm
Hmm, let me think through it. I send the Private Keys (?) Via my backend to the other User?
The public keys*
but yes
the private keys stay secret and never leave the client
Ok, now that I think about it, if someone controls your server, they can inject some code to swap the public key with their key and decrypt the messages.
You need the clients to sign each other's public keys with their private keys to make sure they talk directly to each other
Nice
Ok, so every client signs their public key with their private key and send it to the other. Then they encrypt the messages with their Private key and the other one decrypts the messages with his (?) Key?
How can I sign the keys?
How can I finish this? https://excalidraw.com/#room=42e3b35d80e57fe49005,ccPzXBPCa1Ceg9pqo15L2w
Excalidraw
Excalidraw — Collaborative whiteboarding made easy
Excalidraw is a virtual collaborative whiteboard tool that lets you easily sketch diagrams that have a hand-drawn feel to them.
Ok, I looked into it and just signing the keys is not enough and there are a lot more crazy algorithms you need. I think you should build your app assuming you can trust the backend server, and then add the key exchange algorithms later, if you want.
So first just exchange the keys without signing etc. and later adding the signing process?
yeah
Ok, then what should be encrypted with what and with what decrypted?
Before you send, you encrypt the message with the other person's public key. They can decrypt the message with their private key.
ok, nice
i think i get it now
thank you for your help