Timeline for Encryption implementation for websocket chat (RSA + AES)
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 10, 2023 at 3:52 | comment | added | O'Niel | bowedes: I posted a follow-up question: codereview.stackexchange.com/questions/288348/… | |
| Dec 10, 2023 at 3:11 | vote | accept | O'Niel | ||
| Dec 9, 2023 at 22:44 | comment | added | O'Niel | I is indeed really complex but oh so interesting. I made a typo: I meant - generate salt server side > send salt to clients > Clients generate AES-key with the salt + password they enter client-side. Server can't generate AES-key because it doesn't know what password the clients agreed to use for the session. | |
| Dec 9, 2023 at 22:29 | comment | added | Maarten Bodewes | Nah, if your server generates or is able to generate the keys then it knows the keys and so it is not E2E. If you e.g. use DH key agreement on both clients then the server can simply forward the DH public keys. The users then could e.g. authenticate the DH public keys using RSA. In that case the server cannot act as a man in the middle. Note that creating a transport protocol is hard; creating a chat protocol is significantly harder, even for me (and I'm top cryptography user on Stack Overflow). I've seen many attempts from crypto novices fail at the first hurdle; it is really tricky. | |
| Dec 9, 2023 at 22:15 | comment | added | O'Niel | Okay thanks. And if I then generate a salt server side for each session. And use argond2id with that salt. I could generate the same AES-key server side using the password the two users input. That way it is E2EE? | |
| Dec 9, 2023 at 22:13 | comment | added | Maarten Bodewes | That could be an option for users to authenticate for instance. If you can do key agreement + authentication of the handshake then you can establish the keys securely (this is also e.g. TLS does). Even better if that USB device is something that also protects the private key, e.g. a YubiKey. Generally the authentication part and the session key generation are largely decoupled. | |
| Dec 9, 2023 at 21:46 | comment | added | O'Niel | Thanks for your answer. I just read that Whatsapp uses asymmetric encryption as well. Would it be secure to give the server a public key, and the users a USB-stick with the private key. So only the users with the correct private key can decrypt it? | |
| Dec 9, 2023 at 7:58 | history | edited | Maarten Bodewes | CC BY-SA 4.0 |
added 1048 characters in body
|
| Dec 9, 2023 at 7:50 | history | answered | Maarten Bodewes | CC BY-SA 4.0 |