问题
After reading about encryption, I want to apply the technique to my app (nodes + react). I have a messenger which allows people to chat person to person and create groups. I believe that there should be 2 different techniques to do that
Use private and public keys to encrypt messages person to person
Create a shared "private key" for chat groups, which only joined people have access to
I am a bit confused how 1 works, because if a message is encrypted using the public key, only the recipient can decrypt it. But how does the sender do it? That means only the receiver can see the message I sent, unless I have his/her private key... In this case what's the point of public key?
So is 2 the right technique to use for encrypting messages, since it's "symmetric", which allows both the sender and recipient decrypt the message... Or should I use 1 for 1to1 messages and 2 for chats?
回答1:
See this article: Public-key cryptography.
Alice sends a message to Bob.
To encrypt it, Alice gets Bob's public key. The message is encrypted with Bob's public key.
Only Bob can decrypt the message because only Bob has the private key.
This is known as asymmetric cryptography because the key to encrypt is different than the key to decrypt.
The problem with using a symmetric approach for group chats is that you would also need a way of letting everyone know the key securely. Also, if anyone ever leaves the group, they will still have the ability to decrypt the chats.
You could use asymmetric encryption for this, in combination with symmetric.
Message M gets encrypted with symmetric key K. M is sent encrypted to all recipients of the group, along with K encrypted by Kn.
Kn is an asymmetric public key and differs by recipient.
e.g. K1 is Bob's public key. K2 is Alice's public key.
K is a symmetric key and completely random per message, and because this is encrypted for each recipient and sent with the message, only current group members can decrypt.
From comment:
so K is a key generated by many other public keys, which is used to encrypt the message. And to decrypt it I need a private key which links to K. This allows people to chat. For 1to1 messages, the message should be encrypted using the public key (from recipient) and private key (from sender). This will allow both the sender and the recipient decrypt the message. Is this correct?
No.
K is a key generated by a CSPRNG.
K is used to encrypt the message M, giving m. i.e. K(M) = m, where the value in brackets shows what was encrypted, the value outside shows which key was used.
The following is sent over the wire: mK1(K)K2(K)
K1 is used to encrypt K, so Bob can decrypt K using his private key k1.
K2 is used to encrypt K, so Alice can decrypt K using her private key k2.
Alice and Bob can then see K and use it to decrypt m back to M.
Public keys are always used to encrypt, private keys to decrypt. The sender does not need to decrypt the message because they will already know the message's plaintext.
来源:https://stackoverflow.com/questions/38013916/encrypting-chat-normal-messages