Encryption
Cryptography is encryption + decryption.
Encryption is the process of converting legible text into cipher text by passing it through an encryption function which takes a ‘key’ as an input.
Two types of cryptography
Symmetric
only one key
the same key is used to encrypt and decrypt messages
Asymmetric
Two different keys
public key
belongs to the recipient of the message
sender encrypts the message with this key
private key
message recepient will decrypt the message with this key
this key is not share with anyone
In this sense,
public key is used to close the lock 🔐
private key is used to open the lock 🔓️
We are talking encryption for a note taking app thinkdeli. Data won’t be shared between different users. But between different devices belonging to the same user. But that won’t really matter. The sender needs to look up the user and the device to get the correspoding public key.
Is the key pair the same across all the devices. Or should each device get its own key pair.
I think each device should get its own key pair.
The public key should be stored in the db in the cloud against the username.
The private key should be encrypted with a password set by the user and stored locally on the device.
The client (app) generates the key pair. Public key must be stored in the cloud somewhere so that it can be shared with anyone who needs to encrypt data for this device.
But when working with multiple devices of the same user, the message will have to be encrypted using the public key of each device. this won’t work. So the keys need to be same. Maybe asymmetric cryptography is not the solution.
I read the signal protocol paper. There are three types of key pairs generated and seems like every message is encrypted using a different key. Basically, it appears that key exchange is a big problem by itself. Generating keys is trivial now using the amazing crypto libraries like sodium.
So the problem that apps need to solve is key management.
For thinkdeli the approach that makes the most sense is private key cryptography.
Ask the user for a password.
Create a key from the password.
Encrypt all updates to yjs using the key.
Decrypt all updates to yjs using the key.
On other devices too, ask the users to enter the password before they start.
I need to use the AEAD variation of the private key cryptography to
authenticate that the message was indeed sent by the sender who claims it
add additional meta data for ydoc to work
Never miss a post from
Satyajeet Jadhav
Get notified when Satyajeet Jadhav publishes a new post.
Liked by
Comments
Participate in the conversation.
Read More
AI - Local or Cloud ?
If you are integrating AI into your applications, there are three ways to do it.
OMG
Oh my garden!
Notes vs Blogs
There is a huge gap in writing and publishing.
Semantic Search, aka Magic
The related notes feature searches all your notes to find the ones that are closest in meaning to your current note.Searching notes to find text similar in meaning to your query is called semantic search. We are trying to build a semantic search engine.
Keyboard Warriors
👆Your friendly neighborhood Whatsapp group admin(poor admin) popping intermittently in during the educated ‘keyboard warriors’ group arguments.
Introducing, Chat
For the above conversation the prompt was
FAQs from friends and strangers
Who do you think is the closest to thinkdeli in terms of competition? Is it notion, notes, or medium?