Implementing End to End Encryption in your Cross Platform App

This is a two part tutorial series for implementing End to End Encryption. If you haven't read the first part you are suggested read it before continuing. The second part will be focusing on encrypting any message between two users using the shared key generated in the first part.

Quick Recap

Name: Implementing End to End Encryption in your Cross Platform App
Rating: 2.2 (7303 reviews)
Author: ruppysuppy

In the last blog we got a server up and running to generate the shared key using Diffie Hellman algorithm.

Generating the shared key

We would be using the requests module to fetch the keys. Let's generate the shared keys.

import requests

BASE_URL = "http://127.0.0.1:5000"  # assuming the server is running locally

alice = requests.get(f"{BASE_URL}/generate-keys").json()
alice_private, alice_public = alice["private_key"], alice["public_key"]

bob = requests.get(f"{BASE_URL}/generate-keys").json()
bob_private, bob_public = bob["private_key"], bob["public_key"]

alice_params = {"local_private_key": alice_private, "remote_public_key": bob_public}
bob_params = {"local_private_key": bob_private, "remote_public_key": alice_public}

alice_shared_key = requests.get(
    f"{BASE_URL}/generate-shared-key", params=alice_params
).json()["shared_key"]
bob_shared_key = requests.get(
    f"{BASE_URL}/generate-shared-key", params=bob_params
).json()["shared_key"]

# alice and bob have access to the same shared key
assert alice_shared_key == bob_shared_key
print(alice_shared_key)

Adding the Cipher

Now that we have the shared keys, need a cipher to encode messages using the key. Let's use XOR Cipher for this purpose as it's easy to implement and secure as well.

def xor_encrypt_decrypt(message: str, key_string: str):
    key = list(key_string)
    output = []
    for i in range(len(message)):
        char_code = ord(message[i]) ^ ord(key[i % len(key)][0])
        output.append(chr(char_code))
    return "".join(output)


def encrypt(message: str, key: str):
    return xor_encrypt_decrypt(message, key)


def decrypt(encrypted_message: str, key: str):
    return xor_encrypt_decrypt(encrypted_message, key)

Testing out the End to End Encryption

It always a good practice to test out your code. We can test it out using the following snippet

message = "Random message"
encrypted_message = encrypt(message, alice_shared_key)

print(encrypted_message)

decrypted_message = decrypt(encrypted_message, bob_shared_key)

print(decrypted_message)

Project using this Implementation

Smartsapp

Web-app: https://smartsapp-ba40f.firebaseapp.com

ruppysuppy / SmartsApp

💬📱 An End to End Encrypted Cross Platform messenger app.

Smartsapp

A fully cross-platform messenger app with End to End Encryption (E2EE).

Demo

NOTE: The features shown in the demo is not exhaustive. Only the core features are showcased in the demo.

Platforms Supported

Desktop: Windows, Linux, MacOS
Mobile: Android, iOS
Website: Any device with a browser

Back-end Setup

The back-end of the app is handled by Firebase.

Basic Setup

Go to firebase console and create a new project with the name Smartsapp
Enable Google Analylitics

App Setup

Create an App for the project from the overview page
Copy and paste the configurations in the required location (given in the readme of the respective apps)