librelist archives

« back to archive

Encryption

Encryption

From:
Dave Chason
Date:
2014-05-26 @ 09:41
Hello JC, I wanted to start off by saying I love the software. However I
have a few questions. My current solution I send an encrypted message from
my phone to converse. I see my acknowledgement and the message however
message is garbled because its encrypted. It can easily be decrypted with a
rsa key. What do you recommend to accomplish this?
>
> Thank You for your time.
>
> -Dave

Re: [conversejs] Encryption

From:
Jc Brand
Date:
2014-05-26 @ 16:47
On Mon, May 26, 2014 at 05:41:20AM -0400, Dave Chason wrote:
>    Hello JC, I wanted to start off by saying I love the software. However I
>    have a few questions. My current solution I send an encrypted message from
>    my phone to converse. I see my acknowledgement and the message however
>    message is garbled because its encrypted. It can easily be decrypted with
>    a rsa key. What do you recommend to accomplish this?

Thanks Dave.

First off, I'm not a crypto expert and the reason I was able to add OTR support
for converse.js was because of the excellent OTR.js library by Arlo Breault.

About RSA, this library provides methods for key generation as well as 
encrypting and
decrypting RSA messages:
http://www-cs-students.stanford.edu/~tjw/jsbn/

The Forge library also provides utilities for dealing with RSA:
https://github.com/digitalbazaar/forge#rsa

To go into the specifics of how to modify converse.js in a detailed manner
would be very time-consuming as I'd have to basically figure it out myself as
well and therefore isn't something I can do right now.

Basically, one would have to determine whether a received message is RSA
encrypted and hand it off to a decryption subroutine if it is.

The message handler is called onMessage and that's a good place to step through
the code to see what happens when a message is received:
https://github.com/jcbrand/converse.js/blob/master/converse.js#L2427

onMessage calls receiveMessage where a check is done to see if the message is
OTR encrypted:
https://github.com/jcbrand/converse.js/blob/master/converse.js#L833

You could do a similar check to see if a message is RSA encrypted.

Lastly, you need to give converse.js a private key to decrypt the message 
that was encrypted
with the corresponding public key?

How do you intend to do that?

Regards
JC

Re: [conversejs] Encryption

From:
Dave Chason
Date:
2014-05-28 @ 17:39
Encryption answer is exactly what I was looking for. Thank You! I will
implement this and let you know how it goes. I can always do a pull request
if that would interest you.


On Mon, May 26, 2014 at 12:47 PM, JC Brand <lists@opkode.com> wrote:

> On Mon, May 26, 2014 at 05:41:20AM -0400, Dave Chason wrote:
> >    Hello JC, I wanted to start off by saying I love the software.
> However I
> >    have a few questions. My current solution I send an encrypted message
> from
> >    my phone to converse. I see my acknowledgement and the message however
> >    message is garbled because its encrypted. It can easily be decrypted
> with
> >    a rsa key. What do you recommend to accomplish this?
>
> Thanks Dave.
>
> First off, I'm not a crypto expert and the reason I was able to add OTR
> support
> for converse.js was because of the excellent OTR.js library by Arlo
> Breault.
>
> About RSA, this library provides methods for key generation as well as
> encrypting and
> decrypting RSA messages:
> http://www-cs-students.stanford.edu/~tjw/jsbn/
>
> The Forge library also provides utilities for dealing with RSA:
> https://github.com/digitalbazaar/forge#rsa
>
> To go into the specifics of how to modify converse.js in a detailed manner
> would be very time-consuming as I'd have to basically figure it out myself
> as
> well and therefore isn't something I can do right now.
>
> Basically, one would have to determine whether a received message is RSA
> encrypted and hand it off to a decryption subroutine if it is.
>
> The message handler is called onMessage and that's a good place to step
> through
> the code to see what happens when a message is received:
> https://github.com/jcbrand/converse.js/blob/master/converse.js#L2427
>
> onMessage calls receiveMessage where a check is done to see if the message
> is
> OTR encrypted:
> https://github.com/jcbrand/converse.js/blob/master/converse.js#L833
>
> You could do a similar check to see if a message is RSA encrypted.
>
> Lastly, you need to give converse.js a private key to decrypt the message
> that was encrypted
> with the corresponding public key?
>
> How do you intend to do that?
>
> Regards
> JC
>



-- 
*Dave Chason*
Chief Technical Officer
Intraclinics, LLC.
250 West Huron Rd Suite 203
Cleveland, Ohio 44113
Tel: (814) 720-1703
Email: davechason@intraclinics.com
Web: http://www.intraclinics.com

Intraclinics is a portfolio company of Bizdom.
Bizdom is a non-profit startup accelerator founded by serial entrepreneur
Dan Gilbert,
Founder and Chairman of Quicken Loans, Majority owner of the Cleveland
Cavaliers, and
General Partner at Detroit Venture Partners.

Re: [conversejs] Encryption

From:
Jc Brand
Date:
2014-05-28 @ 21:20
On Wed, May 28, 2014 at 01:39:27PM -0400, Dave Chason wrote:
>    Encryption answer is exactly what I was looking for. Thank You! I will
>    implement this and let you know how it goes. I can always do a pull
>    request if that would interest you.

Pull requests are always appreciated, thanks!
  
-JC

>    On Mon, May 26, 2014 at 12:47 PM, JC Brand <[1]lists@opkode.com> wrote:
> 
>      On Mon, May 26, 2014 at 05:41:20AM -0400, Dave Chason wrote:
>      >    Hello JC, I wanted to start off by saying I love the software.
>      However I
>      >    have a few questions. My current solution I send an encrypted
>      message from
>      >    my phone to converse. I see my acknowledgement and the message
>      however
>      >    message is garbled because its encrypted. It can easily be
>      decrypted with
>      >    a rsa key. What do you recommend to accomplish this?
> 
>      Thanks Dave.
> 
>      First off, I'm not a crypto expert and the reason I was able to add OTR
>      support
>      for converse.js was because of the excellent OTR.js library by Arlo
>      Breault.
> 
>      About RSA, this library provides methods for key generation as well as
>      encrypting and
>      decrypting RSA messages:
>      [2]http://www-cs-students.stanford.edu/~tjw/jsbn/
> 
>      The Forge library also provides utilities for dealing with RSA:
>      [3]https://github.com/digitalbazaar/forge#rsa
> 
>      To go into the specifics of how to modify converse.js in a detailed
>      manner
>      would be very time-consuming as I'd have to basically figure it out
>      myself as
>      well and therefore isn't something I can do right now.
> 
>      Basically, one would have to determine whether a received message is RSA
>      encrypted and hand it off to a decryption subroutine if it is.
> 
>      The message handler is called onMessage and that's a good place to step
>      through
>      the code to see what happens when a message is received:
>      [4]https://github.com/jcbrand/converse.js/blob/master/converse.js#L2427
> 
>      onMessage calls receiveMessage where a check is done to see if the
>      message is
>      OTR encrypted:
>      [5]https://github.com/jcbrand/converse.js/blob/master/converse.js#L833
> 
>      You could do a similar check to see if a message is RSA encrypted.
> 
>      Lastly, you need to give converse.js a private key to decrypt the
>      message that was encrypted
>      with the corresponding public key?
> 
>      How do you intend to do that?
> 
>      Regards
>      JC
> 
>    --
>    Dave Chason
>    Chief Technical Officer
>    Intraclinics, LLC.
>    250 West Huron Rd Suite 203
>    Cleveland, Ohio 44113
>    Tel: (814) 720-1703
>    Email: [6]davechason@intraclinics.com
>    Web: [7]http://www.intraclinics.com
>    Intraclinics is a portfolio company of Bizdom.
>    Bizdom is a non-profit startup accelerator founded by serial entrepreneur
>    Dan Gilbert,
>    Founder and Chairman of Quicken Loans, Majority owner of the Cleveland
>    Cavaliers, and 
>    General Partner at Detroit Venture Partners. 
> 
> References
> 
>    Visible links
>    1. mailto:lists@opkode.com
>    2. http://www-cs-students.stanford.edu/~tjw/jsbn/
>    3. https://github.com/digitalbazaar/forge#rsa
>    4. https://github.com/jcbrand/converse.js/blob/master/converse.js#L2427
>    5. https://github.com/jcbrand/converse.js/blob/master/converse.js#L833
>    6. mailto:davechason@intraclinics.com
>    7. http://www.intraclinics.com/