Creating cards on server

VirgilSecurity / virgil-e3kit-js

E3Kit is a security framework that simplifies work with Virgil services and presents the easiest way to add full end-to-end security to your chat application to become HIPAA and GDPR compliant and more.

https://virgilsecurity.com/e3kit/

BSD 3-Clause "New" or "Revised" License

56 stars 18 forks source link

Creating cards on server #66

Closed psico-digital closed 4 years ago

psico-digital commented 4 years ago

We have a practice management software for psychologists. In it, the psychologist can give access to the client portal to his clients. At the time of client creation, I need to generate his public key so that he can see his data later when the psychologist creates his access (new user in Firebase).

But when trying to create the client card on server, I noticed that the register() function only works in the browser as it needs to store the private key on the device.

How could I solve this problem?

rebeccaly commented 4 years ago

Thanks for the question. Can you help me understand your use case and requirements more? Why could you not 1) register the new client and create the client's card with E3Kit and then store the private key on their device in the standard fashion provided by E3Kit, and then 2) the psychologist encrypts all data in that client's portal with the client's public key so that they both can access the data in the portal?

psico-digital commented 4 years ago

It may work. I'll need to make some drastic changes here, but that's fine. Thanks @rebeccaly !

rebeccaly commented 4 years ago

If we know more about what how your app is currently set up, we can try and help you find a solution without requiring drastic changes. Can you lay out the flow? Ex: 1) psychologist creates profile for client and encrypts client file data, 2) client registers, etc.

psico-digital commented 4 years ago

1) Psychologist creates client profile (set a document in firebase firestore with basic information from client) 2) The psychologist may or may not invite your client to use the portal (in the invitation function, I register the client user on firebase auth using a temporary password and then send an email to the client with the access link and his credentials) 3) The client accesses the link contained in the email and then logs in (after logging in he will be asked to change his password)

rebeccaly commented 4 years ago

Would this flow work? 1) Psychologist creates client profile and encrypts the profile data for herself (the psychologist) only. 2) When the client logs in to register with Firebase, you also register the client with Virgil and the psychologist then sends/shares the encrypted file with the client, as they now have a Card in the Virgil Cloud and a private key stored on their device.

psico-digital commented 4 years ago

Yes, it's possible. Not the way it is now, but from a drastic change, I'll just need a small change in the way the portal works. Thanks!