Pushjet-Server-Api icon indicating copy to clipboard operation
Pushjet-Server-Api copied to clipboard
verified publisher icon Pushjet

Encryption

Open ghost opened this issue 10 years ago • 4 comments

I'd like to suggest end-to-end encryption from the android app to the server and vice versa! I feel like this is an important feature given that the android app uses GCM.

ghost avatar Feb 04 '16 00:02 ghost

Would libsodium suffice?

Mechazawa avatar Aug 20 '16 04:08 Mechazawa

libsodium would be an excellent choice. I came here to suggest authentication, because, currently, anyone who knows my service's name (which does not seem to be guaranteed to be private) can subscribe to read my (private) notifications), but end-to-end encryption with a symmetric key would be even better.

skorokithakis avatar Aug 27 '16 10:08 skorokithakis

As a suggestion, encryption could work like this:

  • Each service accepts an encryption key upon creation (or, even better, an encrypted boolean parameter) and returns the items encrypted=true (or false for plaintext services) and encryption_key in its JSON response.
  • From then on, all notifications sent by that service will be symmetrically encrypted to that key with libsodium.
  • To subscribe to the service, the user does not need to specify the encryption key (to avoid sending it over the wire), but must know it, otherwise they won't be able to decrypt the messages.
  • When subscribing to an encrypted service, a client should specify the secret key to the app or client library.

I think that would work pretty well. How does that sound?

skorokithakis avatar Aug 27 '16 11:08 skorokithakis

I have added a PR that implements the above proposal, minus the actual encryption (since that requires client changes as well).

skorokithakis avatar Aug 27 '16 11:08 skorokithakis