You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our goal is to be able to demo QSS with interested users at a conference, and for people to be able to try Quiet with QSS, but we decided we can't use QSS publicly if QSS data is shared with our server in plaintext.
We can encrypt it using symmetric encryption (AES-256), which adds 32 (more?) characters to the invite link. This secret is never shared with the server, and should be used for encrypting and decrypting data whenever sending to or receiving from the server.
@siepra are there any nuances to how we are using Node's crypto module on Android and iOS?
The text was updated successfully, but these errors were encountered:
holmesworcester
changed the title
QSS: encrypt everything sent to QSS with a secret in the invite link
QSS: everything sent to QSS should be encrypted with a secret in the invite link
Apr 19, 2024
Our goal is to be able to demo QSS with interested users at a conference, and for people to be able to try Quiet with QSS, but we decided we can't use QSS publicly if QSS data is shared with our server in plaintext.
We can encrypt it using symmetric encryption (AES-256), which adds 32 (more?) characters to the invite link. This secret is never shared with the server, and should be used for encrypting and decrypting data whenever sending to or receiving from the server.
@siepra are there any nuances to how we are using Node's
crypto
module on Android and iOS?The text was updated successfully, but these errors were encountered: