Create a secure IP messenger with Virgil and Twilio in 30 minutes

Hello!

We have already shown you a code with which you can easily and easily implement end-to-end encryption. Let's go ahead and, using the services of Virgil Security, we will develop a secure IP messenger. Implementing a secure IP messenger with a built-in encryption function is far from trivial. In this article we want to tell how, using the Virgil API and wilio IP Messaging API , to make this process much easier.

Part 1: Preparatory

Before embarking on the implementation of our messenger, you need to perform a couple of preliminary actions:

1. Create an account Twilio . Twilio is a company that provides communications as a service. With Twilio, the task of developing an IP messenger is greatly simplified. However, in this article, our goal is much more ambitious. We remind you that we need a secure (do not confuse with anonymous) IP messenger with the end-to-end encryption function. Therefore, we will need ...
   
   
   
   
2. Create an account Virgil Security . The account allows you to register the application and get VIRGIL_ACCESS_TOKEN - the secret key that allows you to use the services of Virgil Security.

Part 2: the main

Sending and receiving messages in Twilio IP messenger occurs via channels. Each channel is a separate chat, which can simultaneously be an unlimited number of interlocutors. Taking Twilio IP messenger as a basis, we will show the key points of the implementation of the message encryption function.

')

First of all, we note that the use of Virgil Security services is possible from virtually any platform and in any programming language. A wide range of SDKs are available for developers ( C # , C / C ++ , Objective-C , Python , Java ), which make it easier to work with Virgil Services. However, their use is impossible without VIRGIL_ACCESS_TOKEN. Since we have already received VIRGIL_ACCESS_TOKEN at the preliminary stage, we proceed directly to the development.

Our messenger will have a client server structure. But all the most interesting (encryption, sending and decrypting messages) will occur on the client side, and we will concentrate most of our attention on it.

1. We connect JavaScript SDK for Twilio and Virgil API:
   
   
   
   

   <script src="https://cdn.virgilsecurity.com/packages/javascript/sdk/1.4.6/virgil-sdk.min.js" integrity="sha256-6gsCF73jFoEAcdAmVE8n+LCtUgzQ7j6svoCQxVxvmZ8=" crossorigin="anonymous"></script> <script src="https://media.twiliocdn.com/sdk/js/common/v0.1/twilio-common.min.js"></script> <script src="https://media.twiliocdn.com/sdk/rtc/js/ip-messaging/v0.10/twilio-ip-messaging.min.js"></script> 

   
   
   
2. Initializing work with services (we get tokens for working with API from the server):
   
   
   
   

    //  Twilio var accessManager = new Twilio.AccessManager('%TWILIO_TOKEN%'); var messagingClient = new Twilio.IPMessaging.Client(accessManager); //  Virgil var virgil = new VirgilSDK("%VIRGIL_ACCESS_TOKEN%"); 

   
   
   
3. Using the Virgil SDK, we will create a pair of keys for the new user Alice:
   
   
   
   

    var keyPair = virgil.crypto.generateKeyPair(); 

   
   
   
   And we get the following:

    -----BEGIN PUBLIC KEY----- MFswFQYHKoZIzj0CAQYKKwYBBAGXVQEFAQNCAAQO8ohmBRyclmcfQ38Lwmvv4Cau jyX6vWn8kJrR0RRfFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END PUBLIC KEY-----​ -----BEGIN EC PRIVATE KEY----- MHkCAQEEIFB+lOUvbb4WX+e3zLkAcYpvZR3qpQI8Ru/tcnciCMkIoAwGCisGAQQB l1UBBQGhRANCAAQO8ohmBRyclmcfQ38Lwmvv4CaujyX6vWn8kJrR0RRfFQAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END EC PRIVATE KEY----- 

   
   
   
4. In order for other members of the correspondence to send encrypted messages to Alice, her public key must be placed in the keystore of the Virgil Keys Service . The key publishing process requires a special validation token that prevents the creation of unconfirmed keys. You can get validation token using our identity service Identity Service , or by generating it yourself (on the server side) using VIRGIL_APP_PRIVATE_KEY:
   
   
   
   

    VirgilSDK.utils.generateValidationToken( 'Alice', //   'username', //   ( ) VIRGIL_APP_PRIVATE_KEY ); 

   
   
   After receiving the validation token, we will load the user's public key into the repository:
   
   
   
   

    var options = { public_key: keyPair.publicKey, private_key: keyPair.privateKey, identity: { type: 'username', value: 'Alice', validation_token: '%VALIDATION_TOKEN%' } }; virgil.cards.create(options).then(function (card){ myCard = card; console.log(card); }); 

   
   
   After performing the above steps, a special data structure will be created in the Virgil Keys Service key store, accessible to any user of your application, called the Virgil Card and includes the following fields:
   
   
   
   
   An example of a created data structure of the Virgil Card:

    { "id":"3e5a5d8b-e0b9-4be6-aa6b-66e3374c05b3", "authorized_by":"com.virgilsecurity.twilio-ip-messaging-demo", "hash":"QiWtZjZyIQhqZK7+3nZmIEWFBU+qI64EzSuqBcY+E7ZtKPwd4ZyU6gdfU/VzbTn6dHtfahCzHasN...", "created_at":"2016-05-03T14:34:08+0000", "public_key":{ "id":"359abe31-3344-453a-a292-fd98a83e500a", "public_key":"-----BEGIN PUBLIC KEY-----\nMFswFQYHKoZIzj0CAQYKKwYBBAGXVQEFAQNCAAQ...", "created_at":"2016-05-03T14:34:08+0000" }, "identity":{ "id":"965ea277-ab78-442c-93fe-6bf1d70aeb4b", "type":"username", "value":"Alice", "created_at":"2016-05-03T14:34:08+0000" } } 

   
   
   
5. Now user Alice is ready for secure communication. Create a 'general' channel for this:
   
   
   
   

    //    twilioClient.createChannel({ friendlyName: 'general' }).then(function(channel) { generalChannel = channel; }); 

   
   
   
6. Anyone can enter the 'general' channel and send an encrypted message to Alice. To do this, we find Alice’s public key in the Virgil Keys Service repository and encrypt a secret message with it:
   
   
   
   

    //     Promise.all(generalChannel.getMembers().map(function(member) { //  Virgil Card    return virgil.cards.search({ value: member.identity, type: 'username' }) .then(function(cards){ return { recipientId: cards[0].id, publicKey: cards[0].public_key.public_key }; }); }).then(function(recipients) { var message = $('#chat-input').val(); var encryptedMessage = virgil.crypto.encryptStringToBase64(message, recipients); generalChannel.sendMessage(encryptedMessage); console.log(encryptedMessage); }); 

   
   
   
   The encrypted message is as follows:

   MIIDBQIBADCCAv4GCSqGSIb3DQEHA6CCAu8wggLrAgECMYICvDCCAVoCAQKgJgQkMDg3YjgwYmMtMzNjYi00MTI1LWI4YTgtYTE
   
   3OTEwM2Y3ZjRkMBUGByqGSM49AgEGCisGAQQBl1UBBQEEggEUMIIBEAIBADBbMBUGByqGSM49AgEGCisGAQQBl1UBBQEDQgAEcd
   
   8fhKqYlZxvcmmodg7Z3PNhE1LXLJqobouEcRfZaRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYBgcogYxxAgUCM
   
   A0GCWCGSAFlAwQCAgUAMEEwDQYJYIZIAWUDBAICBQAEMEaJMAvX7S + 52BpI5hYyFOc0noIc + qdFFrQanNAtNGBAX / Pxeg5yJ2iA
   
   JijyZ8ut9zBRMB0GCWCGSAFlAwQBKgQQ81bklcNOyU / QTatCigSzoAQwHnAcbXk0daExIIS + sr6aIvVuF / o6j + 1Rs5bvq2WVN41
   
   k / Oir5x7KZTSR7v3nx + fTMIIBWgIBAqAmBCRmNzM4YTUwNi1hMDYwLTQ1MDgtYTJkYS04NjY1NjZlYzg0ODMwFQYHKoZIzj0CAQ
   
   YKKwYBBAGXVQEFAQSCARQwggEQAgEAMFswFQYHKoZIzj0CAQYKKwYBBAGXVQEFAQNCAARJ5C3hsYuI2Sf14k60Dz5Mv5yD / AsVA
   
   zPfsmlreGTC2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBgGByiBjHECBQIwDQYJYIZIAWUDBAICBQAwQTANBglg
   
   hkgBZQMEAgIFAAQwhu7WM1rff9RYsQ + dmfX9Os3Irwm4cm5bIvUlcGXlCfmEsrjTyTg5MGjYLtxbYtL9MFEwHQYJYIZWUDBAE
   
   qBBCfKdP / gZnkVwJvv4Hdf2eWBDC3czBjV / yPGeGTqBIilHSsrqwK7lVMTBuKR + mR3eNdh + yBIAcOk4rveSUbDuWagDIwJgYJKo
   
   ZIhvcNAQcBMBkGCWCGSAFlAwQBLgQMfjkCvK3UgXdorcYUmtCHHuSm4yfBacMsniMADAeos7qN7OmNsFU1
   
   
   
   
   At the same time, we should not forget that despite the fact that this article is about text messages, in the same way you can encrypt any binary data: image, audio or video.
   
   
   
   
7. To decrypt the message addressed to her, Alice must use the private key, which is stored only with her:
   
   
   
   

    //       generalChannel.on('messageAdded', function(message) { //  ,  Card Id    var decryptedMessage = virgil.crypto.decryptStringFromBase64( message.body, myCard.id, keyPair.privateKey ); console.log(message.author + ': ' + decryptedMessage); }); 

   
   
   
   And get the message text

   Bob: Hi Alice!
   
   
   
   
   

Part 3: Final

As you can see, creating an IP messenger with the built-in end-to-end encryption function is quite simple. Of course, your messenger can be written in any programming language and for any platform, while the implementation of encryption will always remain the same simple.



You can view a demo version of the messenger with the ability to create new channels and encrypt messages using the link .



The source code for the demo version of the Virgil + Twilio IP Messenger can be found on GitHub .



All our tutorials on working with Virgil Security under various programming languages ​​are available here .



UPD

At the request of workers we list several options for using the described messenger:

1. Embed an instant message system in your own application. This will allow users to communicate without the involvement of a third-party application.
   
   
   
   
2. Adding messenger to the website for direct communication with the sales service or those. support.
   
   
   
   
3. Adding an instant messenger to any tool used by an organization (for example, a document management system). This will avoid the need to use additional tools for communication within the company.