#StackBounty: #encryption #aes #rsa #decryption #instant-messaging Required a simple guide for secure messaging application

Bounty: 50

For my personal research, I have to create a messaging app, but security is only important part of application, security from MITM (man in the middle attack), at device end, and at server level. (note: this will not end to end encryption, as I want to backup messages on server for cross-device access like telegram).

I created the following model:

  1. Server creates RSA key pair first time at installation and keeps private key in a file on server, and broadcast public key with its clients, (A, B)
  2. A&B also create RSA key pair at first-time login, and stores private key at device level and sends public key to server.
  3. A sending message to B:
    1. create a random salt_key
    2. encrypt message with this salt_key (AES)
    3. encrypt salt_key with server’s public key (RSA)
    4. send RSA encrypted key, and AES encrypted message to server
    5. server can decrypt salt_key with RSA private key and then message
    6. server will do same as A did, but with B’s public key
      and B will decrypt salt_key with private key then decrypt message.

Is this a secure way, or any another way to secure my messaging app?

Get this bounty!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.