This app allows to do authenticated end to end encryption. Being open source and storing nothing on the phone except our private signature key (not used for encryption) in the secure enclave and the public signature keys of people we are conversing with, forward secrecy and man in the middle protection is available.
Establishing a connexion with someone requires exchanging two messages. After that, end to end encryption is set up. Once the discussion closed or the app is reset by the system, nothing remains of the secret key used in the exchange. This means nobody can decipher the exchange even with access to the whole discussion. Discussion can be taken on public places like framapad, discord, in-game chat, irc, possible speaking in one medium and answering to another one.
For this first version, only text messages exchange is possible (a workaround is to use base64 to encode binary files) but using attachments is an envisioned feature.
This app is compatible with a web app version: https://upec.ovh/e2ee.html. Because of some incompatibilities between libressl 2.8.3 used in iOS and the last version of openssl and libressl used in web browsers (included safari), one has to generate a key pair using a swift script and protect the private key with a password using page https://upec.ovh/e2ee_import.html.
The cryptograpic algorithms used are:
- cipher: AES(256)+GCM
- key negociation: ECDH(P384)+HKDF(SHA512)
- signature: ECDSA(P256)