We send encrypted SMS messages from Virgil

Hi, Habr!
Despite the growing popularity of mobile messengers such as WhatsApp and Telegram, the good old SMS still does not lose its relevance. SMS can be used to send various kinds of notifications, for two-factor authentication, or when resetting a password. However, the latest successful attacks on mobile networks make us think about an additional level of protection of SMS data.
In this article we will talk about how using Virgil and Twilio services to make the process of sending SMS on an Android device secure.

Before proceeding to programming, let us recall once again a number of preliminary actions.
To send SMS, we will use the Twilio API , for access to which you need to create a Twilio account here . After registration, you will receive special identifiers required for working with the API - TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN.

To encrypt SMS messages, we need the help of the Virgil Crypto Library and the Virgil Keys Service, to access which you need to create a Virgil account and generate a special token VIRGIL_ACCESS_TOKEN.

After completing the above steps, you can proceed to the implementation of SMS notifications.
Virgil services have a large set of SDKs that allow you to work with them in almost any popular programming language. In previous articles, we showed how to work with services using JavaScript. Today, as a variety, we will code on C #.
')
We will write down the process of sending and receiving encrypted SMS in stages.

1. Install Virgil and Twilio SDK using the NuGet package manager:
   
   PM> Install-Package Virgil.SDK
   PM> Install-Package Twilio
   
   
2. We initialize clients to work with Virgil and Twilio API:
   
   

   //   Twilio  string accountSid = "%TWILIO_ACCOUNT_SID%"; string authToken = "%TWILIO_AUTH_TOKEN%"; //  Twilio API  var twilio = new TwilioRestClient(accountSid, authToken); //  Virgil ,    var virgil = ServiceHub.Create("%VIRGIL_ACCESS_TOKEN%"); 

   
   Notice the accountSid and authToken variables. In them we indicate the identifiers of our Twilio account, which can be found here .
   
   
3. Implement sending encrypted messages using the usual POST request to the Twilio service (send invitations with passwords to enter the party):
   
   

    //    SMS  var people = new Dictionary<string,string>() { {"+14XXXXXXXX1","Darth Vader"}, {"+14XXXXXXXX2","Luke Skywalker"}, {"+14XXXXXXXX3","Princess Leia"} }; //      Virgil Keys Service var peopleCards = await Task.WhenAll(people .Select(it => virgil.Cards.Search(number))); foreach (var personCards in peopleCards) { //   ,   var personCard = personCards.OrderBy(it => it.CreatedAt).Last(); var personName = people[personCard.Identity.Value]; //  ,        //       ( ). using (var tinyCipher = new VirgilTinyCipher(120)) { var message = $"Hey {personName}, your security word is STAR. We are waiting for you!"; var messageData = Encoding.UTF8.GetBytes(message); tinyCipher.Encrypt(messageData, personCard.PublicKey.Value); //   ,   ,    SMS  //  160-  (120   base64 ). for(int index = 0; index < tinyCipher.GetPackageCount(); index++) { var encryptedMessage = Convert.ToBase64String(tinyCipher.GetPackage(index)); //      Twilio API twilio.SendMessage( SMS.Constants.TwilioPhoneNumber, //  ,  Twilio   SMS personCard.Identity.Value, //    encryptedMessage); } } } 

   
   
4. We decrypt the message on the side of the recipient. To receive SMS we will use Android SMS API. To decrypt the message, we also need the .NET Virgil SDK:
   
   

    //  ,        120 . var tinyCipher = new VirgilTinyCipher(120); //  message    private void OnSmsReceived(string from, string message) { //     ,       //  ,      . this.tinyCipher.AddPackage(Convert.FromBase64String(message)); if (this.tinyCipher.IsPackagesAccumulated()) { var decryptedData = this.tinyCipher.Decrypt(this.myPrivateKey); var decryptedMessage = Encoding.UTF8.GetString(decryptedData, 0, decryptedData.Length); this.tinyCipher.Reset(); Application.Current.MainPage.DisplayAlert($"From: {from}", decryptedMessage, "Got It"); } } 

As you can see with Twilio and Virgil API, sending and receiving encrypted SMS becomes a simple task that does not require in-depth knowledge of cryptography.

PS

You can download the source code for sending encrypted SMS messages on GitHub .