I've been following this tread for a bit, it reminded me of a project I saw a while ago that aimed to make a secure chat system where the message content was always under the senders control. I've been trying to dig up relevant details, but unfortunately all I could find was an abstract. If interested I could pass it along. Basically the idea was to have separate storage for each user and then provide access control details on the messages, PGP was used to sign the messages. It's not exactly what you were looking to do, but it seemed relevant so I thought I might bring it up.
On 2015-09-25 12:58 AM, David Beckwith wrote: > Do you mean that we would store the chat history in the database in > plain text? That's what I'm trying to avoid. > > On Thu, Sep 24, 2015 at 4:31 AM, Josepher Raks <josep...@mail.ru> wrote: >> If we are not critical of the delay in communication, it is possible to >> implement this in the form of a central server that stores the values of the >> public keys of all respondents, and send chat history from database on >> request. The central server is certainly not cope with the thousands of >> requests at once, but if there will be few and small (jabber-like) - it can >> work. >> >> >> Среда, 23 сентября 2015, 2:07 -07:00 от David Beckwith >> <thirdreplica...@gmail.com>: >> >> >> Going back to your original idea, you could just use public keys and >> distribute the work of encrypting and decrypting to others, so that >> almost every message you sent or received you would help spread the >> message by encrypting it again and sending it to 2 others who didn't >> receive it yet, then you would be able to spread the message with a >> small O(log(n)) delay and an O(1) extra CPU cost per message per user >> for a group with n members. >> >> But with your latter idea (the asymmetrically encrypted shared secret >> with the symmetric encryption for subsequent messages), the (powerful) >> central server could help distribute the message without having to >> trust it and without inducing the O(log(n)) delay or the extra >> send-to-a-friend encryption costs. >> >> On Wed, Sep 23, 2015 at 1:45 AM, David Beckwith >> <thirdreplica...@gmail.com> wrote: >>> Oh I get it! That's a great idea. Thank you. >>> >>> On Wed, Sep 23, 2015 at 1:22 AM, Rogier Mulders >>> <rogier.muld...@xs4all.nl> wrote: >>>> Several hundred people in a chat room does not sound like much privacy :) >>>> >>>> Just asymmetric encrypt some randomness with the pub key of every >>>> member and symmetric encrypt decrypt their messages. >>>> >>>> On 22-09-15 0:22, David Beckwith wrote: >>>>> Hi Roger, >>>>> >>>>> If there are several hundred people in the chat room it's gong to >>>>> take a few minutes to send a single message, plus eat up a lot of >>>>> CPU/battery. >>>>> >>>>> On Mon, Sep 21, 2015 at 10:37 AM, Rogier Mulders >>>>> <rogier.muld...@xs4all.nl> wrote: >>>>>> Just use all puplic keys of people in the chat to encrypt a message. >>>>>> Then all that have the corrospondig private key can read it >>>>>> >>>>>> On 17-09-15 9:26, David Beckwith wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I'm just a lay user of the library and just joined the list, so >>>>>>> please forgive me if I say something stupid. But, I was just >>>>>>> wondering if there was a way to generate a shared secret with a >>>>>>> corresponding public key generated from the public keys of 3 or more >>>>>>> users. I think something to this effect: >>>>>>> >>>>>>> >>>>>>> http://crypto.stackexchange.com/questions/1025/can-one-generalize-the-diffie-hellman-key-exchange-to-three-or-more-parties >>>>>>> >>>>>>> I would like to implement encrypted group chat without having to >>>>>>> trust a central server. I thought maybe a group public key + group >>>>>>> shared secret could be generated from N public keys, so that users >>>>>>> could encrypt their message just once with the group public key to >>>>>>> post to the group instead of having to encrypt N times for a group >>>>>>> with N members. Does OpenPGP.js support this use case? >>>>>>> >>>>>>> Thanks a lot! >>>>>>> _______________________________________________ >>>>>>> >>>>>>> http://openpgpjs.org >>>>>>> Subscribe/unsubscribe: http://list.openpgpjs.org >>>>>> _______________________________________________ >>>>>> >>>>>> http://openpgpjs.org >>>>>> Subscribe/unsubscribe: http://list.openpgpjs.org >>>>> _______________________________________________ >>>>> >>>>> http://openpgpjs.org >>>>> Subscribe/unsubscribe: http://list.openpgpjs.org >>>> _______________________________________________ >>>> >>>> http://openpgpjs.org >>>> Subscribe/unsubscribe: http://list.openpgpjs.org >> _______________________________________________ >> >> http://openpgpjs.org >> Subscribe/unsubscribe: http://list.openpgpjs.org >> >> >> >> _______________________________________________ >> >> http://openpgpjs.org >> Subscribe/unsubscribe: http://list.openpgpjs.org > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org > -- o) Derek Wueppelmann (o (D . mon...@monkeynet.ca D). ((` http://www.monkeynet.ca ( ) ` _______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
