The idea is to provide a secured buffer in order to share textual information across the internet. The user interface is a web page backed by a REST API.
A symmetrical encryption is implemented on the client side in order to provide :
- Confidentiality
- Authenticity
- Integrity
Here are the encryption parameters:
- AES GCM
- Key-size: 128 bits
- Initial vector: 12 bits (regenerated for each call)
- Key export format: JWK format (see RFC 7517)
The app uses the SubtleCrypto APIs; it will only work in secured context (more details here) so TLS is mandatory.
Server-side:
- Spring Boot 2.2.6
- Thymeleaf
- Lombok
Client-side:
Maven is required to build and package the app:
mvn clean package
The minimum version of the Java Runtime Environment is 1.8:
java -jar app.jar
Or even better, create a service (depending on the OS)
Navigate to :
https://host:port/channels/<random uuid>
The random uuid allows to enter in a private channel (exchanged messages are indexed by channelUUID)
By default, the app generates an encryption key but the app supports the import of a custom key.
So in order to share the channel, you need to share:
- The channel UUID
- The encryption key
- Implement an automated clean-up of the messages