30 lines
1.3 KiB
Markdown
30 lines
1.3 KiB
Markdown
|
# The Protocol
|
||
|
|
|
||
|
|
All encryptions are made using RSA (key size to be determined), no symmetric encryptions
|
||
|
|
are used due to messages being short.
|
||
|
|
|
||
|
|
## Registration:
|
||
|
|
|
||
|
|
- User sends a register request to server `(phone number, RSA public key)`,
|
||
|
|
giving them a public key and encrypting using the server's public key
|
||
|
|
- Server sends the user a `Confirm` message & a 6-digit code
|
||
|
|
- User sends the server the 6-digit code, signed using the key provided at stage 1
|
||
|
|
(this message is very short and funny, because its a 6-digit code, signed using the
|
||
|
|
user's private key, and encrypted using the server's public key)
|
||
|
|
- Server sends a last `Confirm` and the registration process is done
|
||
|
|
|
||
|
|
## "Login"
|
||
|
|
|
||
|
|
The users dont need to login, as they dont really need to hold a conenction
|
||
|
|
to the server, only thing that matters is that every message to the server should
|
||
|
|
be signed with the user's private key, thus the key acts as a form of credentials
|
||
|
|
|
||
|
|
## Passing messages
|
||
|
|
|
||
|
|
In order to send a message from A to B, A will ask the server for B's key,
|
||
|
|
A will then encrypt the message using B's key, signed with A, wrapped in a `SendMessage`
|
||
|
|
request and ultimately signed by A and encrypted using the server's key.
|
||
|
|
|
||
|
|
The server will hold on to the message until B will send a `GetMessages` request
|
||
|
|
to the server.
|