In popular E2E encryption methods, both side of a conversation should know connection state of each other. so they create a RSA keys in local machine and ask for handshake to other side to pass their publicKey to each other. this method should recall just when any of those want's to update her RSA.
The problem is when someone lost her connection or by any reason change her local RSA, the other side should know about this immediately, but we don't keep any conversation status on the server to do this (and of-course telling telling this to whole system is a wrong thing). So what if user X sent a message to user Y encrypted by a publicKey that doesn't exists on Y machine anymore?
So the current thing that i'm thinking about, is that all users should tell her publicKey plus a random number as a sign to server and server keeps those. when a user lost her connection or make a new RSA, server will know and update her status. So, when user X wants to message to user Y, first should ask server to get her publicKey and server will respond with user publicKey and the sign, so he can keep it on local. Now user X can actually encrypt message by that publicKey and attach the sign to the data. Whenever server get sendMessage request, first check status of message target, then check received sign by actual target user sign and if everything was ok, server will send a message to Y. any problem that happens during this process will throw an error to user X and he should re-ask for user YpublicKey and sign.
In popular E2E encryption methods, both side of a conversation should know connection state of each other. so they create a RSA keys in local machine and ask for
handshaketo other side to pass theirpublicKeyto each other. this method should recall just when any of those want's to update her RSA.The problem is when someone lost her connection or by any reason change her local RSA, the other side should know about this immediately, but we don't keep any conversation status on the server to do this (and of-course telling telling this to whole system is a wrong thing). So what if user
Xsent a message to userYencrypted by apublicKeythat doesn't exists on Y machine anymore?So the current thing that i'm thinking about, is that all users should tell her
publicKeyplus a random number as asignto server and server keeps those. when a user lost her connection or make a new RSA, server will know and update her status. So, when userXwants to message to userY, first should ask server to get herpublicKeyand server will respond with userpublicKeyand thesign, so he can keep it on local. Now userXcan actually encrypt message by thatpublicKeyand attach thesignto the data. Whenever server getsendMessagerequest, first check status of message target, then check receivedsignby actual target usersignand if everything was ok, server will send a message toY. any problem that happens during this process will throw an error to userXand he should re-ask for userYpublicKeyandsign.