In technology culture, social media has been a staple of the online world. You have the ability to interact with millions of people at the touch of your fingertips. When communicating with your worldwide buddies, you may wonder how your messages are only sending a person without everyone else online having access to these private messages. This is due to encryption. In this article, I will define what end-to-end encryption means and how to implement this encryption method.
End-to-end encryption is a secure line of communication that blocks third-party users from accessing transferred data. When the data is being transferred online, only the sender and recipient can decrypt it with a key. End-to-end encryption can help protect the contents of your messages, text, and even files from being understood by anyone except their intended recipients. It can also be used to prove that a message came from a particular person and has not been altered.
With end-to-end encryption, you decide what data you want to encrypt. This could include chat messages, files, photos, sensory data on IoT devices, permanent or temporary data.
How does End-to-End Encryption Work?
End-to-end encryption scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a sender’s device, sent to the recipient’s device in an unreadable format, then decoded for the recipient.
There are several ways to do encrypt this way, but the most popular works like this: A program on your device mathematically generates two cryptographic keys — a public key and a private key.
You can share a public key with anyone who wants to encrypt a message to you. The private key, or secret key, decrypts messages sent to you and never leaves your device. You can liken this to a locked mailbox. Anyone with a public key can put something in your box and lock it, but only you have the private key to unlock it.
A more common form of encryption, known as transport layer encryption, relies on a third party, like a tech company, to encrypt messages as they move across the web.
Implementation
In this example, you might want to keep benign information related to a chat app (like timestamps) in plaintext but end-to-end encrypt the message content.
Every user has a private & public key which the SDK will generate on your users’ device at signup or next time they log in.
The user’s public key is published to Virgil’s REST-based key management service for users to find each other’s public keys and be able to encrypt data to each other.
The user’s private key remains on the user’s device, protected by the operating system’s native key store:
import { EThree } from '@virgilsecurity/e3kit';
// Fetch Virgil JWT token from Firebase function
const fetchToken = async () => {...}
// Log in Firebase user on client device
firebase.signInWithEmailAndPassword(email, pwd)
// Once Firebase user authenticated, bootstrap e3kit to load user's private key
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// Initialize e3kit
const eThree = await EThree.init(fetchToken);
// Bootstrap user (i.e. load user's private key)
eThree.bootstrap(pwd);
// User private key loaded, ready to end-to-end encrypt!
} else {
// No user signed in.
}
});
Before sending a chat message or sharing a document, the app encrypts the contents using the recipient’s public key (client-side).
const usersToEncryptTo = ["alice@myapp.com", "bob@myapp.com", 'sofia@myapp.com'];
// Lookup destination user public keys
const chatRoomParticipants = await eThree.lookupKeys(usersToEncryptTo);
// Encrypt message using target user public keys
const encryptedMessage = eThree.encrypt('Hello there!', chatRoomParticipants);
After receiving a message, the app decrypts it using the recipient user’s private key.
// Decrypt message from the chat room
const decryptedMessage = eThree.decrypt(encryptedMessage, chatRoomParticipants);
This technique ensures that only end-users can see messages. The plaintext data won’t be visible to Firebase, to developers at your company, or to clients that the message wasn't intended for. If you’re building a chat feature or app, you’ll be able to build professional-quality end-to-end encrypted chat. You can also build an end-to-end encrypted IoT product or team collaboration suite, or use end-to-end encryption for any use case to protect your users’ data.
Sources
https://ssd.eff.org/en/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work
https://www.nytimes.com/2019/11/19/technology/end-to-end-encryption.html#:~:text=End%2Dto%2Dend%20encryption%20scrambles,sender%20and%20the%20intended%20recipient.&text=A%20message%20is%20encrypted%20on,Unlock%20more%20free%20articles.
https://virgilsecurity.com/blog/simplified-firebase-sdk
Top comments (0)