Encrypted Chat Application Design and Workflow

System Architecture

  1. Client
    • Generates and manages RSA key pairs for encryption and decryption.
    • Handles user authentication and session tokens.
    • Encrypts messages using the recipient’s public key before sending them.
  2. Server
    • Acts as a relay for encrypted messages.
    • Stores and retrieves public/private keys and encrypted messages from the database.
    • Facilitates secure key exchange between users.
  3. Database
    • Stores encrypted private keys for retrieval, allowing multi-device access.
    • Stores encrypted messages to ensure privacy.
    • Uses encryption at rest and access control mechanisms.
System Architecture Diagram
System Architecture Design

Workflows

User Registration

  1. The user generates an RSA key pair locally.
  2. The public key is sent to the server.
  3. The private key is encrypted with the master password and uploaded to the server for recovery.
User Registration Workflow (placeholder)

Sending a Message

  1. The sender requests the recipient’s public key from the server.
  2. The server retrieves the recipient's public key from MongoDB.
  3. The server returns the recipient's public key to the sender.
  4. The sender encrypts the message using the recipient’s public key.
  5. The encrypted message is sent to the server via a Socket connection.
  6. The server stores the encrypted message in MongoDB.
Sending a Message Workflow (placeholder)

Receiving a Message

  1. The recipient requests the encrypted message from the server.
  2. The server fetches the encrypted message from MongoDB.
  3. The server sends the encrypted message to the recipient.
  4. The recipient decrypts the message locally using their private key.
Receiving a Message Workflow (placeholder)

Multi-Device Support

  1. The user logs in with their master password.
  2. The client forwards the payload to the server for verification.
  3. The server verifies the user’s login.
  4. The server retrieves the encrypted private key from MongoDB.
  5. The user decrypts their private key locally using the derived key.
Multi-Device Support Workflow (placeholder)

Vulnerabilities & Security Considerations

Potential Vulnerabilities

  • Replay Attacks without session expiration.
  • Password Recovery risk if the master password is compromised.

Potential Improvements

  1. Perfect Forward Secrecy (PFS) via the Signal Protocol to protect past messages even if keys are compromised.
  2. Zero-Knowledge Proof Authentication to ensure passwords are never revealed to the server.

Conclusion

This project provides a secure and privacy-focused messaging solution with end-to-end encryption. Future improvements will focus on enhancing security, usability, adding a TOR relay for IP anonymity, and robust password recovery.