Cypher, is an end-to-end encrypted secured instant messaging application that would encrypt the user’s chats and media with the use of various secured methods that would prevent any kind of data breach.
- Every message is encrypted from sender to recipient. There is no way to send a plain text message in them and Cypher's servers cannot decrypt them.
The Cypher Encryption Scheme has a couple key requirements that secure your data.
- The server must never know your password.
- The server must never know your private key.
For successful end to end encryption, private-public key pair is used. It is important to store these in such a way that server doesn't have full information required to decrypt messages stored in server. The method used to securely store these keys is as follows.
When a user registers, the client must:
- Hash the password that the user entered, using a cryptographically secure, one way hashing algorithm.
- Derive an encryption key and a remainder from the hash. Neither the key nor the password should be practically derivable from just the remainder. The method Cypher uses:
- Remove some portion from the hash as the key. The remaining portion becomes the remainder. Cypher removes the first 24 bytes as user's password and the next 16 bytes as encryption key.
- Send the first 24 bytes from step 2 i.e the password to the server as the user's password.
- Generate a public/private key pair.
- Encrypt the private key with the encryption key it derived from the password hash using a symmetric encryption algorithm.
- Send the encrypted private key and clear text public key to the server.
When a user logs in, the client must:
- Complete steps 1-3 of the registration process in order to authenticate the user.
- Retrieve the user's encrypted private key and clear text public key from the server.
- Use the key taken from the password hash to decrypt the private key.
- End to end encrypted chatting
- Schedule message for any user from your contact bbook who has registered into our application
- Agora video call
- Media and location sharing
- Self profile update or visit other user's profile
- Forgot password/reset password
- Delete chats with a particular user
- Delete account
- Logout from current device or from all devices user has logged into
Login, sign up and all users from contact book of logged in user who have registered into our app listed
Clone the repository and navigate to chatapp_client folder and run the flutter application after giving backend localhost/ngrok url in urls.dart
Clone the repository, navigate to chatapp_backend folder and run the following command-
npm run dev
Backend
: Nodejs, sockets
Database
: Mongodb
Frontend
: Flutter