Most modern messaging apps put ease of use first, but privacy is often not as important. A lot of services keep track of not just the content of your messages, but also metadata like who you talk to, when you send messages, and how often you talk to them.
This information can tell you a lot about a person's life and relationships, even if you don't read the message itself.
This means that privacy shouldn't be an afterthought. It must be included in the design of the system from the start.
Encrypting Messages
Before being sent over the network, messages in my project EchoId are encrypted.
The Advanced Encryption Standard (AES) is used by the system to encrypt the message itself.
AES is a symmetric encryption algorithm, which means that the same key is used to encrypt and decrypt data.
This is what the basic process looks like:
An AES key is made at random.
That AES key is used to encrypt the message.
RSA encrypts the AES key itself.
The encrypted key and message are sent together.
People often call this method "hybrid encryption."
What is the purpose of this design?
AES is a very fast way to encrypt message data.
RSA is used to safely share the AES key.
This lets messages stay encrypted while still being sent quickly.
What This Means
In simple terms, the message you send is converted into unreadable data before it leaves your device. Only the intended receiver, who can decrypt the AES key, can turn that data back into the original message.
The goal is to ensure that even if the network or server is compromised, the message content itself cannot be read.
Final Note
This is something Iām currently experimenting with while building EchoId, a privacy-focused messaging system exploring encrypted communication and WebRTC-based calls.
Open source:
https://github.com/fabulousman12/echoid-open_source
Top comments (0)