Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QSS: everything sent to QSS should be encrypted with a secret in the invite link #2466

Open
holmesworcester opened this issue Apr 19, 2024 · 0 comments
Open

QSS: everything sent to QSS should be encrypted with a secret in the invite link #2466

holmesworcester opened this issue Apr 19, 2024 · 0 comments
Labels
discussion

Comments

@holmesworcester
Copy link
Contributor

holmesworcester commented Apr 19, 2024
edited

Our goal is to be able to demo QSS with interested users at a conference, and for people to be able to try Quiet with QSS, but we decided we can't use QSS publicly if QSS data is shared with our server in plaintext.

We can encrypt it using symmetric encryption (AES-256), which adds 32 (more?) characters to the invite link. This secret is never shared with the server, and should be used for encrypting and decrypting data whenever sending to or receiving from the server.

@siepra are there any nuances to how we are using Node's crypto module on Android and iOS?
@holmesworcester holmesworcester changed the title QSS: encrypt everything sent to QSS with a secret in the invite link QSS: everything sent to QSS should be encrypted with a secret in the invite link Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
Quiet
Status: Next Sprint
Milestone
No milestone
Development

No branches or pull requests
1 participant
@holmesworcester