0

I'm building an app that I want to have E2EE. My struggle is with the private keys. Most of what I read they say you don't store it in AWS servers because it will not be an E2EE anymore and it's a backdoor. I don't want to create a backdoor, I want the user ONLY to hold the key. However, at the same time if the user logged in from another device, they cannot retrieve their data coz the private key on the original device.

So what are some ways to let the user be able to login from another device without having a trouble retrieving the data and not putting their private key on risk!

Please consider that I'm new to this subject and I'm using cryptoKit from Apple :) Thanks!

Nawaf
  • 333
  • 4
  • 10
  • 1
    E2EE means "end-to-end encrypted"? If yes, then you won't be storing keys anywhere. Read about "key extension," which has to happen inside your app. – Parsifal May 20 '22 at 12:59
  • 1
    You're presumably talking about a mobile app, running on iOS? Your requirements are not exactly clear but perhaps you are talking about [device certificates](https://stackoverflow.com/questions/9763092/how-safe-are-client-ssl-certificates-in-a-mobile-app). – jarmod May 20 '22 at 13:19
  • 1
    Can you decide which Elliptic Curve to use? Or has someone else already decided which curve? You can use eg Curve25519 and store the PrivateKey in Keychain. If user wants to migrate to a new phone the app can display the PrivateKey as a QR code which she can scan on the new phone to be able to decrypt her old data. – Sajjon May 20 '22 at 16:51
  • @Sajjon I'm using P256 elliptic curve Diffie Hellman. That sounds like a good idea for the QR code. thanks! Incase someone lost their device, how to retrieve the private key? Maybe I recommend inside the app that have it written in piece of paper? – Nawaf May 22 '22 at 08:10
  • 1
    What is the purpose of the app? Instant messaging or is the encrypted data being sent less often, more like emails? Or very seldomly? For seldom use you might want to consider ECIES – Sajjon May 22 '22 at 09:47
  • @Sajjon It's an MVP health care app, I want to encrypt the client's data, and only the clinic can view it! So it's gonna be two apps, Client App and Clinic/Doctor App – Nawaf May 23 '22 at 19:54

1 Answers1

-1

You can use the user’s id and password hash (for example) to encrypt the private key and store the encrypted version of it on the server.

  1. Encrypt the private key locally using the user's id and password (or a hash of it)
  2. Send this encrypted key to the server to store it there

Now when the user logs in from another device, the encrypted key can be retrieved and decrypted locally using the user's id and password.

Thus, it won’t be possible to decrypt and use the encrypted key without the user’s credentials. However, this also means that if the user changes their password, the encrypted key also needs to be decrypted with the old and re-encrypted with the new password.

That’s the usual approach for your requirement.

not2savvy
  • 2,902
  • 3
  • 22
  • 37
  • I think End-To-End encrypted entails that no central entity (server, company, middleman) should have any knowledge about any encryption key what so ever, neither directly or indirectly (such as encrypted encryption key). Only the user should have access to the encryption keys, stored on her devices. And she is responsible for securely backing them up, e.g. 1Password. – Sajjon May 22 '22 at 07:18
  • @Sajjon Yes. However, if the key is encrypted in a way that only the user can decrypt it, that’s about the nearest you can get to the perfect world in the real world considering the given requirement to be able to access it from different devices. – not2savvy May 22 '22 at 07:22
  • no because you left out a lot of important details, and The Devil is in the details when it comes to cryptography… the password should never ever be sent to the server. That is the insecure part of your proposal. If the server is compromised then an attacker will gain access to the unencrypted encryption key!! So this is a bad proposal. Yes we can save a safely encrypted encryption key in a server, sure, but better to just let user secure backup using eg 1Password or Keychain. Which will encrypt the encrypted encryption key. Also you leave out KDF details. Scrypt or PBKDF2 – Sajjon May 22 '22 at 07:32
  • @Sajjon I suggest to send the _encrypted_ key to the server. Nowhere do I suggest to send the password to the server. Please re-read my answer. And yes, I did not explain every detail, but just provided a general approach. Implementation details go beyond the question, as I understand it. – not2savvy May 22 '22 at 08:20
  • @Sajjon I'm not sure why my answer has been downvoted, but I think I did not express myself clearly enough, so I updated it with more details. Please review. – not2savvy Nov 16 '22 at 08:11