End-to-end encryption (E2EE) in XMPP

There are various end to end encryption algorithm written till date but I found holes in most of them. One of the best end to end encryption is OpenPGP, OX, OTR, and OMEMO. Some encryption doesn’t support Multiple Devices or Offline Messages or File Transfer or archiving.

The best one I found is OMEMO which is reliable and looks very promising. But some issues found in it as well for message archiving. It also need pep node subscription open for device list and bundle identifier which allow non rosters to see the data. Also OMEMO uses a signal protocol from whisper systems which makes it GPL license which prevents people from legally shipping forks or derivatives works that include our code to the App Store (without an exemption). Although many people and organizations have requested license exemptions.

I decided to write an encryption standard that can simplify things as we need it on each and every app for the security of end users. The purpose of writing this encryption standard is because I want to simplify the way encryption/decryption is done and make it more secure by moving the keys on a separate server.

This specification will support :

• Multi-device
• Group chat
• Mam support
• Search MAM message support
• Offline message support
• File transfer support
• Per Message Overhead - Low

Explanation

We can use Any encryption and decryption technique and keep that logic on a class on keys server. (I will suggest AES 256).

Keys are used for encrypting and decrypting messages. keys can be stored on a separate server / safe storage like Amazon S3 from where they can be called to decrypt the messages.

Authenticate to Key SRV (if not yet)
Client 1	Client 2	Key SRV
Authenticate to Key SRV (if not yet)
POST to Key SRV
		Create conversation row
		Create Key
		Return Key object (ID and real Key)
Gets Key object
Encrypt message and sends via XMPP with Key ID
	Receives Encrypted message from XMPP
	If key is not present locally GET key object from Key SRV
		Check if receiver has permissions for this conversation
		Returns key object
	Decrypt the message with the key

Example message packet:

<message to='juliet@test.com’ from='romeo@test.com’ id='send1'> <encrypted xmlns = ‘jabber:encrypted’ objectid = ‘5YGC0FF90k’> 5MFUu9BmMxjkAhHs5OSqjQ== </encrypted> </message>

Now it's own us how soon we need to change object id may be every time user go to chat screen :)

Files will be stored on s3 bucket with KMS encryption. So client app will upload files through api server and api server will upload them to the s3 bucket with KMS encryption. Same way files will be downloaded.

In the case of files, the file URL should be encrypted with encryption key against object id sitting in a separate server.

Find more top mobile app developers worldwide on AppFutura.