Make it possible for the client to sync their data across multiple devices

[n-aggarwal]

This is an open question as to how this will be implemented. The problem with implementing this feature is the private Key, and the AES keys for all the rooms which are stored locally. We would have to find a way to transfer them from one device to another (and perhaps also give the option to delete the keys),

[n-aggarwal]

Here is a potential implementation using a database:

(1) When a user creates an account using a device a device UID, and a device public-private key pair is generated and the UID is stored both in local storage and in the Database while the public key is stored only in the DB and private key is stored only locally. (2) The users' collection in the database will have an additional field called devices which would be an array of objects with each object containing the following information: {device_uid, public_key}. The private key will be stored in the phone locally. Note. this will (probably) be a different public-private key pair than the one used to exchange AES keys. (3) Now whenever a user logs in, the program checks if the device has a UID and if it matches to one of the UID's already in the database. If not the a new UID, and public-private key pair is generated for the device. Then one of the devices which already has the private key used for decrypting AES keys, and AES Keys will encrypt that information using the new devices public key and store it in the database. Then the new device can use its private key to decrypt the AES Key and private key information.

Notice that this implementation may require modification of the messages object in the messageRooms Schema so to incorporate an additional field AESKey2. Previously AESKey was the AESKey encrypted using person_2's public key so that person_2 can access the AES Key. AESKey2 would be the AES Key encrypted using person_1's public key so that they can access the AES Key. If we do this then we only need to share the private key used needed to decrypt the AES key across different devices of the user. The only concern here is that if I have the same message encrypted by two different public-keys is it somehow possible to get the encrypted information (or either of the private keys) using this alone?

Apart from the above approach an alternative Implementation that could be used is Peer-to-Peer (P2P) Communication. I am going to explore this later and then see which is the better approach.

[n-aggarwal]

Here is a high level overview of using P2P communication as described by chatGPT:

Yes, you can use WebRTC for establishing a secure peer-to-peer (P2P) connection between the old device and the new device to transmit the verification number securely. WebRTC provides a framework for real-time communication between web browsers and mobile applications, and it supports secure and encrypted data transmission.

Here's how you can utilize WebRTC for transmitting the verification number securely:

Establish WebRTC Connection: Both the old device and the new device need to support WebRTC capabilities. Use WebRTC APIs to establish a P2P connection between the devices. This involves creating an offer from the old device and exchanging it with the new device, which responds with an answer.

Secure Data Channel: Once the WebRTC connection is established, create a secure data channel within the connection. Encrypt the data channel using the built-in encryption capabilities provided by WebRTC. Ensure that the data channel is configured to use encryption algorithms and protocols that provide secure transmission.

Transmitting the Verification Number: On the old device, generate the verification number securely and send it through the established data channel. On the new device, receive the verification number through the data channel and validate it against the user input. By leveraging WebRTC's P2P capabilities and secure data channels, you can establish a direct and encrypted connection between the old and new devices. This ensures that the verification number is transmitted securely without being exposed to potential eavesdropping or interception.

Remember to implement appropriate error handling, encryption, and validation mechanisms to enhance the security of the communication channel. Additionally, follow WebRTC best practices and guidelines to ensure a robust and secure implementation.

Please note that implementing WebRTC requires knowledge of web development, browser compatibility, and handling network configurations.

Here are some resources for learning WebRTC and firebase/firestore integration: https://webrtc.org/getting-started/overview https://webrtc.org/getting-started/firebase-rtc-codelab https://github.com/webrtc/FirebaseRTC

[n-aggarwal]

I am going to try using the WebRTC approach as I have never used P2P communication before, so I can learn about that using this project. If however, I fail to do so in a reasonable amount of time, then I will fall back to using the database implementation.