See content
This application demonstrates the implementation of an End-to-End Encryption (E2EE) system using modern and robust cryptography. It is almost entirely written in TypeScript and serves as a practical example or for starting point for developing secure applications that require the protection of privacy and data integrity through encryption.
- Elliptic Curve Diffie-Hellman Algorithm (ECDH) as key exchanging for establish a shared secret between both parts.
- Advanced Encryption Standard (AES) is used to encrypt and decrypt the data, using the Shared Secret as key.
Server initialization
- Starts creating its own ECHD key exchange object (KEO).
- Serve on HTTPS endpoints.
Client initialization
- Client generates ECDH object or Key Exchange Object.
- Client generates RSA Key pair.
Handshake
- Send a POST request including RSA PubKey and ECDH PubKey.
- Server store the keys, then return its ECDH PubKey and a new UUID for Authenticate the client.
- Client store server PubKey and the UUID.
Communication
- Client compute the shared secret.
- Client encrypt (ECDH) the message.
- Client signs (RSA) the encrypted message.
- Client set headers 'UUID' and 'SIGNATURE' in Base64.
- Client send the encrypted message to the server.
- Server middleware checks the signature.
- Server middleware decrypt the message.
- Server reads the message and set a new one.
- Server encrypt the message and returns it.
- Client decrypt the message and display it.
If your intention is to use this code for development, you could easily extract the necessary modules, making sure to apply other security technologies, such as HTTPS, User Authentication such as JTW, not storing NON-PUBLIC keys, a key refresh logic to the server, among others.
This project includes additional files as a demo: backend with a simple cli validation system based on RSA signatures, endpoints to handshake and chat, and a frontend, as a demonstration of the End-to-End Encryption (E2EE).
Those files may not provide a very good security by skipping some important steps, as it is not it's purpose.
Once you are sure that you have the desired Prerequisites you can opt to Install the project and test it by yourself or Implement it as a dev.
-
NPM
npm install npm@latest -g
-
HTTPS CERTIFICATE AND KEY.
You can generate your key and sign your own certificate by using
openssl req -nodes -new -x509 -keyout private.key -out certificate.crt -days 365
In this case you just want to test the application encryption and not use the modules for your project:
-
Clone the repo
git clone https://github.com/guidoow/base-e2ee.git # OR git clone [email protected]:guidoow/base-e2ee.git
-
Install NPM packages on /backend and /frontend
cd backend && npm install && npm audit fix cd .. cd frontend && npm install && npm audit fix
-
Build NPM packages on /backend and /frontend
cd backend && npm run build cd .. cd frontend && npm run build
-
Set the route for Certificate and Key on both
.env
files to implement HTTPS. (HTTPS is required for use cryptography)
-
Start the application
cd backend && sudo npm run start
and
cd frontend && sudo npm run start
Now you can access to your https://localhost and test the demo using the base-e2ee!
In this case you want to use only the modules to perform e2ee in your project whitout the demonstration data:
-
Include the modules manually from
/modules
into your project services. -
Import the modules:
// backend_or_frontend_project_file_or_module.ts import { E2EEncryptor } from 'services';
Initialize it
E2EEncryptor.createECDH();
Extract the Public Key
E2EEncryptor.getPubKey64();
Use it
E2EEncryptor.decrypt(message, Client_UUID)
Distributed under the MIT License.