-
Notifications
You must be signed in to change notification settings - Fork 7
Basic concepts of application
The application has been designed for providing real privacy to it's users. There are many security layers, which may make leakage of sended messages during transmission between users impossible.
Server and user has it's own p12 certificate. Server and user can use their own certificates, but by default there are generated certificates with RSA 4096 key.
After registration and first connection, client's and server's are verified during each handshake. (inicialization part of connection)
A server primary function is backuping and distribution of
- User list and their public certificates
- Encrypted AES keys and their signs
- Trust relationships
- Encrypted messages
Server also provides tcp tunnel service for on live communication with low latency.
For purely technical reasons server keeps database of clients and which messages have they already downloaded.
Client gets and save almost all information to server in form of encrypted blob messages. Server never know, what they are about.
When client connects, all blob messages are chronologically downloaded and parsed. Lets call ordered blob messages chain. Almost all changes generates new blob message, which is self-sended and sended to receiver (if there is some).
Blob messages has 2 ids. One private and one public (on the server). Most of them can be deleted, but some of them are "chaining", and can't be deleted without risking data consistency.
The blob message can be send to anyone, who is trusted by your client, but it will be received only if the receiver trusts you and you have nessasary permissions for the type of message.
There are 2 types of AES keys for each user. For sending and for receiving. Generated keys are encrypted and signed by RSA and sended to server. After that, they are downloaded by receiver.
Application provides 2 security layers. The first one is provided by server-client autentication, authorization and connection encryption. But even if the first one fails (for example by secret server misuse), the architecture of application guarantee security and privacy. See Encryption for details.