vn-verdnaturachat/app/lib/encryption
Djorkaeff Alexandre 3c9017a62d
[NEW] E2E Encryption (#2394)
* Add E2EKey to Subscription Model

* Install react-native-simple-crypto

* Install bytebuffer

* Add translations

* CreateChannel Encrypted toggle

* Request E2E_Enabled setting

* Add some E2E API methods

* POC E2E Encryption

* Garbage remove

* Remove keys cleaner

* Android cast JWK -> PKCS1

* Initialize E2E when Login Success

* Add some translations

* Add e2e property to Message model

* Send Encrypted messages

* (iOS) PKCS1 -> JWK & e2e.setUserPublicAndPrivateKeys

* (Android) PKCS1 -> JWK & e2e.setUserPublicAndPrivateKeys

* Create an encrypted channel

* Fix app crashing on RoomsList

* Create room key

* Set Room E2E Key (Android)

* Edit room encrypted

* Show encrypted icon on messages

* logEvents

* Decrypt pending subscriptions & messages

* Handle user cancel e2e password entry

* E2ESavePasswordView

* Update Snapshot

* Add encrypted props to message on Send

* Thread messages encryption

* E2E -> Encryption

* Share Extension: Share encrypted text

* (POC) Search messages on Encrypted room

* Provide room key to new users

* Request roomKey on stream-notify-room-users

* Add e2eKeyId to Room Model

* (WIP) E2E Encryption Screens

* Remove encryption subscription file

* Move E2E_Enable to Server Model

* Encryption List Banner

* Move Encryption init to Sagas

* Show banner only when enabled

* Use RocketChat/react-native-simple-crypto

* Search on WM only when is an Encrypted channel

* (WIP) Encryption Banner

* Encryption banner

* Patch -> Fork

* Improve send encrypted message

* Update simple-crypto

* Not decrypt already decrypted messages

* Add comments

* Change eslint disable to inline

* Improve code

* Remove comment

* Some fixes

* (WIP) Encryption Screens

* Improve sub find

* Resend an encrypted message

* Fix comment

* Code improvements

* Hide e2e buttons on features if it is not enabled

* InApp notifications of a encrypted room

* Encryption stop logic

* Edit encrypted message

* DB batch on decryptPending

* Encryption ready client

* Comments

* Handle getRoomInstance errors

* Multiple messages decrypt

* Remove unnecessary try/catch

* Fix decrypt all messages history

* Just add a questionmark

* Fix some subscriptions missing decrypt

* Disable request key logic

* Fix unicode emojis

* Fix e2ekey request

* roomId -> subscription

* Decrypt subscription after merge

* E2ERoom -> EncryptionRoom

* Fix infinite loading

* Handle import key errors

* Handle request key errors

* Move e2eRequestRoomKey to Rocket.Chat

* WIP handshake when key should be requested

* Add search messages explanation

* Remove some TODO and update comments

* Improvements

* Dont show message hash to user

* Handle key request & prevent multiple calls

* Request E2EKey on decryptSubscription that doesn't exists on database yet

* Insert decrypted subscription

* Fix crash after login

* Decrypt sub when receive the key

* Decrypt pending messages of a room

* Encrypted as a switch

* Buffer to Base64 URI Safe

* Add a relevant comment

* Prevent import key without a privateKey

* Prevent create a new instance when client is not ready

* Update simple-crypto & remove replace trick

* More comments

* Remove useless comment

* Remove useless try/catch

* I18n all E2E screens

* E2ESavePassword -> E2ESaveYourPassword

* Prevent multiple views on message when is not encrypted

* Fix encryption toggle not working sometimes

* follow some suggestions

* dont rotate icons

* remove unnecessary condition

* remove unreachable event

* create channel comment

* disable no-bitwise rule for entire file

* loadKeys -> persistKeys

* getMasterKey -> generateMasterKey

* explicit difference between E2EKey & e2eKeyId

* roomId -> rid

* group columns

* Remove server selector

* missing log events

* remove comment

* use stored public key

* update simple-crypto & remove base64-js patch

* add some logs

* remove unreachable condition

* log errors

* handle errors on provide key directly on subscription

* Downgrade RocketChat/react-native-simple-crypto

* improve get room instance

* migration of older apps

* check encrypted status before send a message

* wait client ready

* use our own base64-js

* add more jest tests

* explain return

* remove unncessary stop

* thrown error to caller

* remove superfluous checks

* use Encryption property

* change ready state logic

* ready -> establishing

* encryption.room -> encryptionRoom

* EncryptionRoom -> Room

* add documentation

* wait establishing before provide a room key

* remove superfluous condition

* improve error handling logic

* fallback e2ekey set

* remove no longer necessary check

* remove e.g.

* improve getRoomInstance

* import from index

* use batch

* fix a comment

* decrypt tmsg

* dont show hash when message is encrypted

* Fix detox

* Apply suggestions from code review

Co-authored-by: Diego Mello <diegolmello@gmail.com>
2020-09-11 11:31:38 -03:00
..
README.md [NEW] E2E Encryption (#2394) 2020-09-11 11:31:38 -03:00
constants.js [NEW] E2E Encryption (#2394) 2020-09-11 11:31:38 -03:00
encryption.js [NEW] E2E Encryption (#2394) 2020-09-11 11:31:38 -03:00
index.js [NEW] E2E Encryption (#2394) 2020-09-11 11:31:38 -03:00
room.js [NEW] E2E Encryption (#2394) 2020-09-11 11:31:38 -03:00
utils.js [NEW] E2E Encryption (#2394) 2020-09-11 11:31:38 -03:00

README.md

Rocket.Chat Mobile

E2E Encryption

Note: This feature is currently in beta. Uploads will not be encrypted in this version. You can check this documentation for further information about the web client.

How it works

  • Each user has a public and private key (asymmetric cryptography).
  • The user private key is stored encrypted on the server and it can be decrypted on clients only using the user E2E encryption password.
  • A room key is generated using the public key of each room member (symmetric cryptography).
  • Users can decrypt the room key using their private key.
  • Each room has a unique identifier which make users able to request a room key.
  • The room unique identifier is called e2eKeyId and it's a property of the room collection.
  • The room key is called E2EKey and it's a property of the subscription collection.
  • After the room key is decrypted, the user is able to encrypt and decrypt messages of the room.

User keys

  • If the user doesn't have keys neither locally nor on the server, we create and encrypt them using a random password. These encrypted keys are sent to the server (so other clients can fetch) and saved locally.
  • If the user have keys stored on server, but doesn't have them stored locally, we fetch them from the server and request a password to decrypt the keys.

Room keys

  • If the room has a E2EKey, we decrypt it using the user key.
  • If the room doesn't have a E2EKey, but has a e2eKeyId, we emit an event on stream-notify-room-users sending the roomId and the e2eKeyId requesting the E2EKey from any online room member.
  • If the room have none of them, we create new ones and send them back to the server.