1.3 KiB
1.3 KiB
The Protocol
All encryptions are made using RSA (key size to be determined), no symmetric encryptions are used due to messages being short.
Registration:
- User sends a register request to server
(phone number, RSA public key), giving them a public key and encrypting using the server's public key - Server sends the user a
Confirmmessage & a 6-digit code - User sends the server the 6-digit code, signed using the key provided at stage 1 (this message is very short and funny, because its a 6-digit code, signed using the user's private key, and encrypted using the server's public key)
- Server sends a last
Confirmand the registration process is done
"Login"
The users dont need to login, as they dont really need to hold a conenction to the server, only thing that matters is that every message to the server should be signed with the user's private key, thus the key acts as a form of credentials
Passing messages
In order to send a message from A to B, A will ask the server for B's key,
A will then encrypt the message using B's key, signed with A, wrapped in a SendMessage
request and ultimately signed by A and encrypted using the server's key.
The server will hold on to the message until B will send a GetMessages request
to the server.