Skip to content

Improve encryption definition in Reliable Channel API spec #326

Description

@Ivansete-status

We need to tackle the current Encryption flaws in Reliable Channel API spec detected by @jazzz
Particularly:

[Pebble] These functions don't provide any mechanism for developers to know how a message was encrypted, or how to decrypt it.
Assuming an best case (that developers use a single static key per channel) A developer would have to iteratively attempt decryption with each key they have. In the chat usecase we are assuming that the average user has 200 chats, resulting in 200 attempts per message.
If developers choose an encryption scheme that is much safer, they could reasonably have thousands of keys at a given time.


What is the internal state for encryption?


How are developers supposed to determine if decryption was successful?
If all that is receive is a byte array, and there are multiple encryption keys (because I have multiple reliable channels) - How do I determine I found the right key?
I as the developer have no idea what the payload structure should be because its generated internally. Each decryption will result in a seemingly random series of bytes, If I don't know what I should be expecting.

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Priority

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions