Dear mailing list,
A friend and me are working on a plugin that enables encryption on top of
Facebook messaging. The idea is to encrypt messages before they leave the chat
client, sending only the cipher to Facebook and decrypt the message on the
receiver client, before it is displayed. The plugin automatically realizes
which users have it installed and only encrypts these chats.
Since the reliability of the cryptographic system is a crucial part of the
design, I would to discuss the protocol here:
First, we use PBKDF2 to derive a 256 bit data block from a passphrase the user
chooses and a salt (the username). We advise the user to use a long and
hard-to-guess passphrase. We use Parvez Anandam’s JavaScript implementation [1].
This data block serves as the private key for a secp256r1 elliptic curve. We
cannot use a random private key, as we have to be able to generate the same
private key on different devices of the user. Given this private key, and
another user’s public key (exchange through a public key server), we calculate
the shared key as defined in the Elliptic curve Diffie–Hellman (ECDH) key
agreement protocol:
Given Alice’s private key ‘a’ and the elliptic curve ‘G’ (defined by the
secp256r1 parameters), Alice’s public key ‘A’ is defined as:
A = a*G
(Analogously for Bob: B = b*G)
If Alice has her private key ‘a’ and Bob’s public key B, she can calculate the
shared key S
S = a*B = a*b*G
Bob has his private key ‘b’ and Alice’s public key ‘A’ to derive the same
secret:
S’ = b*A = b*a*G = a*b*G = S
Tom Wu’s library [2] is used to implement all ECDH related stuff.
The shared secret together with a random salt is used as a starting block to
generate a 256bit AES key, which eventually encrypts the message. The cipher
and the random salt are sent to the other person, so that he can reproduce the
symmetric key. We use the Gibberish library for that purpose [3].
Our process is also depicted here: http://goo.gl/ghzWSl
Do you see a problem with that approach? I am looking forward to comments and
concerns.
Thanks!
Felix
[1] http://anandam.com/pbkdf2/
[2] http://www-cs-students.stanford.edu/~tjw/jsbn/
[3] https://github.com/mdp/gibberish-aes
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
