Ad

Encrypt Chat Messages Stored In Firebase Database

I am making an application in which chatting is also a feature for which I am using firebase realtime database. Though all the data stored in firebase is via SSL but I want that even the administration is not able to see that messages. I thought of implementing the end-to-end encryption by using the public and private key architecture, but storing the private key on device won't be good as a new private key will be created when the phone is uninstalled or even when the app is used in another device and also previous messages won't be decrypted.

I also thought of, if the new messages could be encrypted with the new private key, when generated, and storing the previous chat history in google drive or iCloud as backup, but since this not entirely a chat application I think this won't be feasible.

http://www.geero.net/2017/05/how-to-encrypt-a-google-firebase-realtime-database/

I also went through this article but again the keys will be with the administration.

How should I proceed ?

Ad

Answer

I recomend you to encrypt your messages with AES. And you should not store the secret key on devices. Otherwise, users can make key agreement to generate shared secret key, using Diffie-Hellman key exchange algorithm: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Ad
source: stackoverflow.com
Ad