End-to-end encryption can be realized using a Certificate Authority (CA). When a user signs in on a device for the first time, the device generates an RSA key pair and sends information to the CA. The key information stored on the CA includes:
Username: a unique identifier of the user.
Public key: public key of the RSA 1024 key pair generated by the client.
Expiration date: expiration date of the public key. Need to obtain a new public key if expired.
The CA stores all users' key information in respect to their username. In order to send a message, the sender must obtain the recipient's key information from the CA and generate a symmetric key for message encryption, then deliver the encrypted message to the recipient.
- Clients generate private and public keys using the RSA algorithm on client devices and publish public keys to the CA that associates the keys with clients’ usernames.
- Client A uses Client B's username to obtain the key info from the CA.
- Client A checks the validity of Client B's public key and proceeds with the valid key.
- Client A generates an AES 128-bit true random number as a symmetric key.
- Client A encrypts the symmetric key using Client B's public key.
- Client A computes the hash value of the symmetric key using SHA-256 algorithm and signs the hash value with its own private key as a signature.
- Encrypted symmetric key (step 5) and signature (step 6) are attached to the message extension and sent from Client A to Client B.
- Upon receiving messages from Client A, Client B reaches CA to obtain Client A's public key in respect to Client A’s username.
- Client B checks the validity of Client A's public key and proceeds with the valid key.
- Client B extracts the encrypted symmetric key and signature from the message received.
- Client B decrypts the encrypted symmetric key using its local private key.
- Client B computes the hash value of the symmetric key using SHA-256 algorithm.
- Client B uses the hash value and Client A's public key to verify the signature to see if it was signed by Client A.
- Client B decrypts the message using the symmetric key.
Figure 1. the key negotiation process
- After a successful key negotiation, the encrypted message will be sent and carry the encrypted symmetric key and signature to the recipient.
- The recipient verifies the signature and uses the symmetric key to encrypt messages. The sender encrypts the message using the recipient’s public key.
- Clients can save the symmetric key to the local database to decrypt messages in the future.
- Client can generate new symmetric keys by following the key negotiation rules, but remember to send a message with the updated symmetric key to the peer client.
Users can utilize the strategy of key info updates to maximize the security of the key. The following steps demonstrate the key renewal and update process:
- The client generates a new RSA key pair (public and private keys).
- The client computes the hash value of the new public key by using SHA-1 algorithm.
- The client obtains the signature by signing the hash value with its old private key.
- The client uploads the new public key, the signature (step 3), and the expiration date of new private key to CA.
- The CA computes the hash value of the new public key by using SHA-1 algorithm.
- The CA uses the hash value obtained earlier and the old public key to verify the signature and confirms that the client uploaded the data (step 4) is the same client in the record.
- The CA updates the key information if the verification is successful.
- The client can now use the new RSA key pair as its local authentication identifier. However, keep the old RSA key pair until the negotiation process is completed to avoid the potential encryption key issue while CA is updating the key information during the key negotiation process.
Figure 2. CA key info renewal
Unread offline message decryption
The encryption approach described cannot be applied to decrypting unread offline messages if the user switches to a new device, since the RSA key pair is tied to an individual device.