Proposal for Implementing PGP Encryption in “Better Messages”

[Perschistence]

Proposal for Implementing PGP Encryption in “Better Messages”

Objective
Enhance the privacy and security of “Better Messages” using multi-key end-to-end encryption via the PGP (Pretty Good Privacy) protocol.

Background:
In the era of heightened awareness about data privacy and potential data breach risks, implementing multi-key encryption at the conversation level provides added security and peace of mind to our users.

Existing Database Structure:

• id: A unique identifier for each message.
• thread_id: A reference to the message thread.
• sender_id: The ID of the sender.
• subject: The subject of the message.
• message: The content of the message.
• date_sent: Timestamp of when the message was sent.

Proposed Architecture:

1. PGP Key Pair for Users:
When a user logs in, derive the PGP private key based on deterministic factors like their password and other static user-specific details. If the user doesn’t have an associated public key stored in the system (e.g., first-time login after feature implementation), generate a public-private PGP key pair. Store the public key in the user profile table.

2. Message Encryption Process:
When sending a message within a conversation, retrieve the public keys of all participants in that conversation and use them for multi-key encryption of the message. If admin oversight is enabled, incorporate the admin’s public key in the encryption process.

3. Private Key in Session Storage:
<p>During the user’s active session, the derived private key resides in session storage.

4. Message Decryption Process:
To read a message within a conversation, use the session-stored private key for decryption and message display.

5. Database Changes:
Update or extend the existing user profile table to accommodate user PGP public keys. Retain the message structure, as multi-key encryption allows for a singular message version accessible by multiple participants..

Advantages:

• Efficient Storage: A unified encrypted message version conserves storage.
• Enhanced Security: Multi-key encryption fosters message security during transit and storage.
• User Privacy: Only the intended recipients (and potentially the admin) can decrypt messages.

Considerations:

• Performance: Multi-key operations may slightly influence performance due to encryption and decryption.
• Session Management: Proper session handling is crucial to ward off unauthorized access.
• Password Changes: Alterations or resets to user passwords necessitate special consideration for key derivation effects.

• This topic was modified 7 months, 3 weeks ago by Perschistence.
• This topic was modified 7 months, 3 weeks ago by Perschistence.
• This topic was modified 7 months, 3 weeks ago by Perschistence.
• This topic was modified 7 months, 3 weeks ago by Perschistence.

[Author]

Posts