-
Notifications
You must be signed in to change notification settings - Fork 275
Proposal: end to end encryption
Ben Smiley edited this page Oct 10, 2018
·
4 revisions
Here is a proposed scheme for end-to-end encryption. In each of these examples we will imagine a chat between various users: User A, User B, User C etc...
- Users A and B generate new public private key pairs and store the public key on their vcard / user profile
- User A starts a new conversation with User B
- User A downloads User B's public key from the vcard / profile
- User A generates a new symmetric encryption key and encrypts the payload using it
- User A then encrypts the symmetric key using User B's public key
- User B receives the message and decrypts the symmetric key using their it using the private key
- User B then decrypts the message using the symmetric key
- Users A, B and C generate new public private key pairs and store the public key on their vcard / user profile
- User A starts a new conversation with Users B and C
- User A downloads the public keys of Users B and C
- User A generates a new symmetric key and encrypts the payload using it
- User A then encrypts the symmetric key twice - once using User B's public key and again using User C's public key
- The message is sent to Users B and C
- Users B and C each find their version of the encrypted symmetric key and decrypt it using their private key
- Each can then decrypt the payload
Multi device chat is similar to multi-user chat. However, if User B has two devices - B1 and B2. Each device would generate it's own public / private key pair. Then any message addressed to B, would have the symmetric key for the payload encrypted twice too. Once for each device.