Make the Chats end-to-end Encrypted

[Maxaseel]

How to approach

1. When creating the account, the user generates a public and private key pair and saves them in local storage.
2. The user then sends the public key to the server alongside his credentials. THE PRIVATE KEY IS NOT SHARED WITH ANYONE
3. The server receives the user's credentials and his public key, generates a certificate out of the public key, and saves the user in the server.
4. Each time user_A wants to chat with user_B, the server sends user_B's certificate to user_A and vice versa. Each user saves the other's certificate in their local storage to be able to encrypt messages and send them.
5. The ENCRYPTED messages are saved in Monge DB.

Ref:

• https://github.com/muke1908/chat-e2ee
• https://github.com/VertikaJain/react-chat-app
• https://github.com/signalapp/libsignal-protocol-javascript
• https://docs.lens.xyz/docs/encrypted-dms [ Web3 Approach ]

Pre-reqs [ Encryption Algorithms ]:

• Diffie-Hellman Key Exchange Algorithm
• Extended Triple Diffie-Hellman (X3DH)
• Double Ratchet Mechanism

[nfdz]

@Maxaseel Thanks for your feedback.

People have been asking for some implementation of asymmetric encryption for a while now (https://github.com/nfdz/Cryptool/issues/7).

The main problem I see is how to introduce this feature in a user-friendly way, not hiding the cryptographic work from the user. Why do we want another app that does cryptographic asymmetric encryption in a magical and transparent way for the user? I think there are already several open source chat apps that does this, right?

The idea of ​​not hiding the cryptographic part of the app is so that a non-specialized user can understand what is going on all the time. I think that is the differentiating part of this app. Maybe I am wrong.

I think it has to be possible to implement this feature in a way that the user can see the cryptographic process in the background, we just don't have reached a good sketch and plan yet. You are welcome to share/contribute more about this topic.