To possible question “Why would you want such an amount of security?”
I’d answer: “Why not?”
Basically I am thinking about creating open source solution for private encrypted messenger with “partial Off the Record” solution.
How should it work?
- Messages themselves would be encrypted on the client side and stored encrypted only on the device, they have been sent from.
- The encryption keys would be stored anonymously without any server-sided back trace to the original sender.
- Each time you open the conversation, the app would call for decryption keys on the server and show you your own decrypted messages processed only for limited amount of time by the client app.
- If you want to see messages of your conversation from your partner, you would have to ask him to allow that remotely at start of each session.
- The real encryption key to each message would be resulting hash of the key stored on server with salt coming from keyphrase pre-accepted by both sides.
- The encryption key on the server might contain some simple checksum, with almost to no-remaining information from the original unencrypted message. — This could secure the integrity of the already sent messages and prevent possible “fiddling” with already once sent messages.
- If one device is compromised (physically), the other ones messages are safe OR in the case of time advantage, the safe device would be able to flush all keys stored on server, making even the messages from both clients unreadable.
- HTTPS connection
- No record of users — Users will have to use remembered IDs of each other
- If someone tries to spoof the connection, trying to look like the actual previously connected client, the inability to provide past encrypted messages should be probably “dead-giveaway”, that something is wrong.
- Server part still has a lot of space for improvement.