0

I am creating a messaging service for an app I'm developing and right now the data flow is as follows:

Send:

message sent to server => message encrypted based on user's public key and signed using secret key => encrypted message saved to database

Receive:

server receives message from database => server verifies signature using public key and decrypts message using secret key => decrypted message sent to client

All the encryption/decryption on the server is dependent upon the user's JWT token being authenticated.

I have two main questions:

  1. Is it okay to encrypt on the server since the communication between it and the client is using TLS?

  2. Should the keys be stored on the server or in the database?

  • 1
    General remarks: there is no right or wrong, it depends on what you want to offer. But in general you want to minimize exposure of plaintext and - of course - keys. Does your server need to know the plaintext? Could the plaintext be leaked in the server? Oh, and I prefer to talk about *private keys* in the asymmetric setting, because they should not just be secret, but also *never shared*. – Maarten Bodewes Oct 16 '18 at 12:44
  • 1
    "necessary" is determined by comparing against goals. What's your goal? – schroeder Oct 17 '18 at 08:23

2 Answers2

2

Not sure I undertand exactly how the set up is supposed to work, but the key part here is that all encryption keys seem to reside at the server. That means:

  • HTTPS (if done right) is enough to protect the messages in transit. If that is your only goal, your setup is fine.

  • If you want to protect messages at rest on the server, having the key somewhere on the server is a problem. There are different ways of dealing with that. Just storing encryption keys in the database next to the data they are supposed to protect is generally not a good idea. See this answer for alternatives.

  • This set up doesn't protect users against you. As the operator of the service, you could easily read messages since you sit on all the encryption keys. If that is a problem, you need to implement end-to-end encryption.

Anders
  • 65,052
  • 24
  • 180
  • 218
1

To 1: To encrypt on the server side sounds fine, but don't you think your customers would prefer if the message is encrypted before it leaves the private network or the cell phone? I'd do and therefore recommend to use client side encryption.

To 2: For me data and especially keys belong in a database and not on a higher level construct like a web server