First version of Crypto Messenger is now deprecated and all old versions stopped working
Crypto Messenger (V2) introduction
New version of Crypto Messenger has white icon. No more dark blue one.
Crypto Messenger main features are possibility to create custom size RSA key where message AES key is delivered to recipient. Note that these key's are created in your device, not at any remote location server. Messages are encrypted with AES encryption. New AES key is created for every message. When message is loaded from server, command to delete message is automatically send, so messages are never stored longer at server side than needed. Phones internal database is encrypted using SQLCipher 256 bit encryption with either user provided key (not recommended) or by app created key (recommended). App created key is recommended due very hard 128 bytes of length using secure random method. If you remove your application or change phone you are not able to transfer database to other phone or retrieve messages in easy way. This application is in beta state and is not intended to replace any bigger messaging application never ever ever! I do not guarantee that your messages will be stored within coming updates.
Short tutorial
- First time launch app will ask for database key, provide a strong key or let app create key for you. It's recommended that app creates key.
- Create RSA keys (Internet connection is a must because public key is required by your recipients on the other side to be able to encrypt messages towards your private key). Select key size from top spinner menu, if your messaging secrecy is top level, choose bigger key. Bigger key disadvantage is slower speed because encrypting with very big key uses much more computational power from your device. This is always phone resource specific thing.
- Click bottom right corner + button to get all available actions like seeing your uuid, adding recipients and so on.
- Have fun chatting.
Let's go under the hood
Messages are encrypted with AES with following specifications:
- Key: 128 bit AES key.
- Key integrity: 256 bit Hmac SHA256 hash.
- Cipher: AES using CBC (Cipher Block Chaining) mode and PKCS5Padding.
AES keys for messages are encrypted with RSA public private method with user selectable variable key size from 512 to 4096 bits.
When you launch your Crypto Messenger first time you will notice that app makes a call to my server asking for uid. Since these days I am using schema-less MongoDB database it will create a insert into a collection consisting users public keys (_id field) as seen on the image.
Public key collection is the key place for you and your recipients can ask for public keys for the recipients. Public key is used to encrypt messages while the most important piece private key which only the users themselves have stored inside the phone in strongly encrypted SQLite storage can use to decrypt these sent messages back to plain text. This collection gets update call's when ever you or anybody else updates their public key's.
Why I have last activity showing field? this field is there so that server can automatically delete uid object from server if user has not been using app anymore after specific time. I don't want to store this information.
Public key collection is the key place for you and your recipients can ask for public keys for the recipients. Public key is used to encrypt messages while the most important piece private key which only the users themselves have stored inside the phone in strongly encrypted SQLite storage can use to decrypt these sent messages back to plain text. This collection gets update call's when ever you or anybody else updates their public key's.
Why I have last activity showing field? this field is there so that server can automatically delete uid object from server if user has not been using app anymore after specific time. I don't want to store this information.
|
|
This is the deal with actual message collection which will temporarily have sent messages. When message is delivered it will automatically be deleted from this collection. There also is automated script that will after specific period of time (1 week currently) to delete all messages that are not delivered.
Another image has example what collection looks like when there is message waiting to be delivered. Note that my server does not deliver anything, it't the recipients phone which asks messages directed to him/her. My server only sees loads of nonsense since this is truly using end-to-end encrypted delivery method.
Another image has example what collection looks like when there is message waiting to be delivered. Note that my server does not deliver anything, it't the recipients phone which asks messages directed to him/her. My server only sees loads of nonsense since this is truly using end-to-end encrypted delivery method.
Now you may be asking yourself; what kind of server is handling this message delivery.
- Well it's a server sized of your hand. It does not have HDD or any magnetic device to store messages. Only having SD card with very strict and clean Linux operating system.
- Well it's a server sized of your hand. It does not have HDD or any magnetic device to store messages. Only having SD card with very strict and clean Linux operating system.
Views explained
Messaging view
|
Here's example what kind of messaging view can look. You can input text at input field and send messages using send button on the right bottom corner. This view is constantly checking for new messages and messages are automatically appended to view while they are loaded and deciphered and also inserted to internal database for next time, when you visit this specific conversation.
When message is received it will send call to server API to delete that message when it is successfully delivered to recipient. This is one of the key ideas of this application. |
Key generation view
|
In this view you can specify yourself on RSA key with size of your messaging secrecy needs. Longer key makes communications slower but more secure via AES key being transmitted with much tougher encryption. AES key cannot be transferred without additional encryption, in this case RSA (asymmetric-key system) because it's symmetric-key is used to encrypt and decrypt the message. If AES key delivered without security, attacker could get both, message and key at the same time.
Choosing key size for example maximum 4096 byte key takes long time 15+ seconds to compute, depending on your device processor speed. So let it take it's time. Note that part of the key generation is also sending of public key which is always needed at your recipient side so that your recipient can encrypt messages which only you can open via your tightly secured private key. |
Conversation view
|
Here's main view where you see your conversations.
Right bottom corner button reveals or action like you can see on the image. You also have few options on right top corner three dots menu. |
