Skip to content

Latest commit

 

History

History
241 lines (177 loc) · 6.85 KB

README.md

File metadata and controls

241 lines (177 loc) · 6.85 KB

LINKEDIN

BASE E2EE

Communication between Client and Server using End-to-End Encryption (E2EE).

See content
  1. About The Project
  2. Getting Started
  3. License
  4. Contact

About the project

This application demonstrates the implementation of an End-to-End Encryption (E2EE) system using modern and robust cryptography. It is almost entirely written in TypeScript and serves as a practical example or for starting point for developing secure applications that require the protection of privacy and data integrity through encryption.

  • Elliptic Curve Diffie-Hellman Algorithm (ECDH) as key exchanging for establish a shared secret between both parts.
  • Advanced Encryption Standard (AES) is used to encrypt and decrypt the data, using the Shared Secret as key.

Process

Server initialization
  1. Starts creating its own ECHD key exchange object (KEO).
  2. Serve on HTTPS endpoints.
Client initialization
  1. Client generates ECDH object or Key Exchange Object.
  2. Client generates RSA Key pair.
Handshake
  1. Send a POST request including RSA PubKey and ECDH PubKey.
  2. Server store the keys, then return its ECDH PubKey and a new UUID for Authenticate the client.
  3. Client store server PubKey and the UUID.
Communication
  1. Client compute the shared secret.
  2. Client encrypt (ECDH) the message.
  3. Client signs (RSA) the encrypted message.
  4. Client set headers 'UUID' and 'SIGNATURE' in Base64.
  5. Client send the encrypted message to the server.
  6. Server middleware checks the signature.
  7. Server middleware decrypt the message.
  8. Server reads the message and set a new one.
  9. Server encrypt the message and returns it.
  10. Client decrypt the message and display it.

Built With

NODE TS EXPRESS SVELTE

Development

If your intention is to use this code for development, you could easily extract the necessary modules, making sure to apply other security technologies, such as HTTPS, User Authentication such as JTW, not storing NON-PUBLIC keys, a key refresh logic to the server, among others.

Demo

This project includes additional files as a demo: backend with a simple cli validation system based on RSA signatures, endpoints to handshake and chat, and a frontend, as a demonstration of the End-to-End Encryption (E2EE).

Warning

Those files may not provide a very good security by skipping some important steps, as it is not it's purpose.

Getting Started

Once you are sure that you have the desired Prerequisites you can opt to Install the project and test it by yourself or Implement it as a dev.

Prerequisites

  • NPM

    npm install npm@latest -g
  • HTTPS CERTIFICATE AND KEY.

    You can generate your key and sign your own certificate by using

    openssl req -nodes -new -x509 -keyout private.key -out certificate.crt -days 365

[DEMO] Installation

In this case you just want to test the application encryption and not use the modules for your project:

  1. Clone the repo

    git clone https://github.com/guidoow/base-e2ee.git
    # OR
    git clone [email protected]:guidoow/base-e2ee.git
  2. Install NPM packages on /backend and /frontend

    cd backend && npm install && npm audit fix
    cd ..
    cd frontend && npm install && npm audit fix
  3. Build NPM packages on /backend and /frontend

    cd backend && npm run build
    cd ..
    cd frontend && npm run build
  4. Set the route for Certificate and Key on both .env files to implement HTTPS. (HTTPS is required for use cryptography)

Start

  1. Start the application

    cd backend && sudo npm run start

    and

    cd frontend && sudo npm run start

    Now you can access to your https://localhost and test the demo using the base-e2ee!

[DEV] Implementation

In this case you want to use only the modules to perform e2ee in your project whitout the demonstration data:

  1. Include the modules manually from /modules into your project services.

  2. Import the modules:

    // backend_or_frontend_project_file_or_module.ts
    import { E2EEncryptor } from 'services';

    Initialize it

    E2EEncryptor.createECDH();

    Extract the Public Key

    E2EEncryptor.getPubKey64();

    Use it

    E2EEncryptor.decrypt(message, Client_UUID)

License

Distributed under the MIT License.

Contact