Home Forums BP Better Messages Proposal for Implementing PGP Encryption in “Better Messages”

Viewing 1 post (of 1 total)
  • Author
  • #19744

    Proposal for Implementing PGP Encryption in “Better Messages”

    Enhance the privacy and security of “Better Messages” using multi-key end-to-end encryption via the PGP (Pretty Good Privacy) protocol.

    In the era of heightened awareness about data privacy and potential data breach risks, implementing multi-key encryption at the conversation level provides added security and peace of mind to our users.

    Existing Database Structure:

    • id: A unique identifier for each message.
    • thread_id: A reference to the message thread.
    • sender_id: The ID of the sender.
    • subject: The subject of the message.
    • message: The content of the message.
    • date_sent: Timestamp of when the message was sent.

    Proposed Architecture:

    1. PGP Key Pair for Users:
    When a user logs in, derive the PGP private key based on deterministic factors like their password and other static user-specific details. If the user doesn’t have an associated public key stored in the system (e.g., first-time login after feature implementation), generate a public-private PGP key pair. Store the public key in the user profile table.

    2. Message Encryption Process:
    When sending a message within a conversation, retrieve the public keys of all participants in that conversation and use them for multi-key encryption of the message. If admin oversight is enabled, incorporate the admin’s public key in the encryption process.

    3. Private Key in Session Storage:
    <p>During the user’s active session, the derived private key resides in session storage.

    4. Message Decryption Process:
    To read a message within a conversation, use the session-stored private key for decryption and message display.

    5. Database Changes:
    Update or extend the existing user profile table to accommodate user PGP public keys. Retain the message structure, as multi-key encryption allows for a singular message version accessible by multiple participants..


    • Efficient Storage: A unified encrypted message version conserves storage.
    • Enhanced Security: Multi-key encryption fosters message security during transit and storage.
    • User Privacy: Only the intended recipients (and potentially the admin) can decrypt messages.


    • Performance: Multi-key operations may slightly influence performance due to encryption and decryption.
    • Session Management: Proper session handling is crucial to ward off unauthorized access.
    • Password Changes: Alterations or resets to user passwords necessitate special consideration for key derivation effects.
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.