Hello!
We have already shown you a code with which you can easily and easily implement end-to-end encryption. Let's go ahead and, using the services of Virgil Security, we will develop a secure IP messenger. Implementing a secure IP messenger with a built-in encryption function is far from trivial. In this article we want to tell how, using the
Virgil API and
wilio IP Messaging API , to make this process much easier.
Part 1: Preparatory
Before embarking on the implementation of our messenger, you need to perform a couple of preliminary actions:
- Create an account Twilio . Twilio is a company that provides communications as a service. With Twilio, the task of developing an IP messenger is greatly simplified. However, in this article, our goal is much more ambitious. We remind you that we need a secure (do not confuse with anonymous) IP messenger with the end-to-end encryption function. Therefore, we will need ...
- Create an account Virgil Security . The account allows you to register the application and get VIRGIL_ACCESS_TOKEN - the secret key that allows you to use the services of Virgil Security.
After completing the above steps, you will become the happy owner of the following set of parameters:- TWILIO_ACCOUNT_SID - your Twilio account ID (available in your account ).
- TWILIO_API_KEY is the secret key used for authentication (you can generate it here ).
- TWILIO_API_SECRET - additional secret information required for authentication (created here ).
- TWILIO_IPM_SERVICE_SID is an instance of the Twilio service, which stores all the data about your application (you can create it by reference ).
- VIRGIL_ACCESS_TOKEN is a unique marker that allows access to the Virgil Security API. Each API request must contain VIRGIL_ACCESS_TOKEN. You can get it after creating the Virgil application here .
- VIRGIL_APP_PRIVATE_KEY is the secret key of your Virgil application. Used to create a validation token to authenticate your users' public keys in case the use of the Identity Service is undesirable. The secret key is generated on your computer on the page of your application after entering the Virgil website.
- VIRGIL_APP_PRIVATE_KEY_PASSWORD - all secret keys are stored in encrypted form, a password for encryption is required each time the key is used.
Part 2: the main
Sending and receiving messages in Twilio IP messenger occurs via channels. Each channel is a separate chat, which can simultaneously be an unlimited number of interlocutors. Taking Twilio IP messenger as a basis, we will show the key points of the implementation of the message encryption function.
')
First of all, we note that the use of Virgil Security services is possible from virtually any platform and in any programming language. A wide
range of SDKs are available for developers (
C # ,
C / C ++ ,
Objective-C ,
Python ,
Java ), which make it easier to work with Virgil Services. However, their use is impossible without VIRGIL_ACCESS_TOKEN. Since we have already received VIRGIL_ACCESS_TOKEN at the preliminary stage, we proceed directly to the development.
Our messenger will have a client server structure. But all the most interesting (encryption, sending and decrypting messages) will occur on the client side, and we will concentrate most of our attention on it.
- We connect JavaScript SDK for Twilio and Virgil API:
<script src="https://cdn.virgilsecurity.com/packages/javascript/sdk/1.4.6/virgil-sdk.min.js" integrity="sha256-6gsCF73jFoEAcdAmVE8n+LCtUgzQ7j6svoCQxVxvmZ8=" crossorigin="anonymous"></script> <script src="https://media.twiliocdn.com/sdk/js/common/v0.1/twilio-common.min.js"></script> <script src="https://media.twiliocdn.com/sdk/rtc/js/ip-messaging/v0.10/twilio-ip-messaging.min.js"></script>
- Initializing work with services (we get tokens for working with API from the server):
- Using the Virgil SDK, we will create a pair of keys for the new user Alice:
var keyPair = virgil.crypto.generateKeyPair();
And we get the following: -----BEGIN PUBLIC KEY----- MFswFQYHKoZIzj0CAQYKKwYBBAGXVQEFAQNCAAQO8ohmBRyclmcfQ38Lwmvv4Cau jyX6vWn8kJrR0RRfFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END PUBLIC KEY----- -----BEGIN EC PRIVATE KEY----- MHkCAQEEIFB+lOUvbb4WX+e3zLkAcYpvZR3qpQI8Ru/tcnciCMkIoAwGCisGAQQB l1UBBQGhRANCAAQO8ohmBRyclmcfQ38Lwmvv4CaujyX6vWn8kJrR0RRfFQAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END EC PRIVATE KEY-----
- In order for other members of the correspondence to send encrypted messages to Alice, her public key must be placed in the keystore of the Virgil Keys Service . The key publishing process requires a special validation token that prevents the creation of unconfirmed keys. You can get validation token using our identity service Identity Service , or by generating it yourself (on the server side) using VIRGIL_APP_PRIVATE_KEY:
VirgilSDK.utils.generateValidationToken( 'Alice',
After receiving the validation token, we will load the user's public key into the repository:
var options = { public_key: keyPair.publicKey, private_key: keyPair.privateKey, identity: { type: 'username', value: 'Alice', validation_token: '%VALIDATION_TOKEN%' } }; virgil.cards.create(options).then(function (card){ myCard = card; console.log(card); });
After performing the above steps, a special data structure will be created in the Virgil Keys Service key store, accessible to any user of your application, called the Virgil Card and includes the following fields:
An example of a created data structure of the Virgil Card: { "id":"3e5a5d8b-e0b9-4be6-aa6b-66e3374c05b3", "authorized_by":"com.virgilsecurity.twilio-ip-messaging-demo", "hash":"QiWtZjZyIQhqZK7+3nZmIEWFBU+qI64EzSuqBcY+E7ZtKPwd4ZyU6gdfU/VzbTn6dHtfahCzHasN...", "created_at":"2016-05-03T14:34:08+0000", "public_key":{ "id":"359abe31-3344-453a-a292-fd98a83e500a", "public_key":"-----BEGIN PUBLIC KEY-----\nMFswFQYHKoZIzj0CAQYKKwYBBAGXVQEFAQNCAAQ...", "created_at":"2016-05-03T14:34:08+0000" }, "identity":{ "id":"965ea277-ab78-442c-93fe-6bf1d70aeb4b", "type":"username", "value":"Alice", "created_at":"2016-05-03T14:34:08+0000" } }
- Now user Alice is ready for secure communication. Create a 'general' channel for this:
- Anyone can enter the 'general' channel and send an encrypted message to Alice. To do this, we find Alice’s public key in the Virgil Keys Service repository and encrypt a secret message with it:
The encrypted message is as follows:MIIDBQIBADCCAv4GCSqGSIb3DQEHA6CCAu8wggLrAgECMYICvDCCAVoCAQKgJgQkMDg3YjgwYmMtMzNjYi00MTI1LWI4YTgtYTE
3OTEwM2Y3ZjRkMBUGByqGSM49AgEGCisGAQQBl1UBBQEEggEUMIIBEAIBADBbMBUGByqGSM49AgEGCisGAQQBl1UBBQEDQgAEcd
8fhKqYlZxvcmmodg7Z3PNhE1LXLJqobouEcRfZaRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYBgcogYxxAgUCM
A0GCWCGSAFlAwQCAgUAMEEwDQYJYIZIAWUDBAICBQAEMEaJMAvX7S + 52BpI5hYyFOc0noIc + qdFFrQanNAtNGBAX / Pxeg5yJ2iA
JijyZ8ut9zBRMB0GCWCGSAFlAwQBKgQQ81bklcNOyU / QTatCigSzoAQwHnAcbXk0daExIIS + sr6aIvVuF / o6j + 1Rs5bvq2WVN41
k / Oir5x7KZTSR7v3nx + fTMIIBWgIBAqAmBCRmNzM4YTUwNi1hMDYwLTQ1MDgtYTJkYS04NjY1NjZlYzg0ODMwFQYHKoZIzj0CAQ
YKKwYBBAGXVQEFAQSCARQwggEQAgEAMFswFQYHKoZIzj0CAQYKKwYBBAGXVQEFAQNCAARJ5C3hsYuI2Sf14k60Dz5Mv5yD / AsVA
zPfsmlreGTC2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBgGByiBjHECBQIwDQYJYIZIAWUDBAICBQAwQTANBglg
hkgBZQMEAgIFAAQwhu7WM1rff9RYsQ + dmfX9Os3Irwm4cm5bIvUlcGXlCfmEsrjTyTg5MGjYLtxbYtL9MFEwHQYJYIZWUDBAE
qBBCfKdP / gZnkVwJvv4Hdf2eWBDC3czBjV / yPGeGTqBIilHSsrqwK7lVMTBuKR + mR3eNdh + yBIAcOk4rveSUbDuWagDIwJgYJKo
ZIhvcNAQcBMBkGCWCGSAFlAwQBLgQMfjkCvK3UgXdorcYUmtCHHuSm4yfBacMsniMADAeos7qN7OmNsFU1
At the same time, we should not forget that despite the fact that this article is about text messages, in the same way you can encrypt any binary data: image, audio or video.
- To decrypt the message addressed to her, Alice must use the private key, which is stored only with her:
And get the message textBob: Hi Alice!
Part 3: Final
As you can see, creating an IP messenger with the built-in end-to-end encryption function is quite simple. Of course, your messenger can be written in any programming language and for any platform, while the implementation of encryption will always remain the same simple.
You can view a demo version of the messenger with the ability to create new channels and encrypt messages using the
link .
The source code for the demo version of the Virgil + Twilio IP Messenger can be found on
GitHub .
All our tutorials on working with Virgil Security under various programming languages are available
here .
UPD
At the request of workers we list several options for using the described messenger:
- Embed an instant message system in your own application. This will allow users to communicate without the involvement of a third-party application.
- Adding messenger to the website for direct communication with the sales service or those. support.
- Adding an instant messenger to any tool used by an organization (for example, a document management system). This will avoid the need to use additional tools for communication within the company.