This app allows to do authenticated end to end encryption. Being open source and storing nothing on the phone except our private signature key (not used for encryption) in the secure enclave and the public signature keys of people we are conversing with, forward secrecy and man in the middle protection is available.
The cryptograpic algorithms used are:
- cipher: AES(256)+GCM
- key negociation: ECHD(P384)+HKDF(SHA512)
- signature: ECDSA(P256)
The app can be download at this link and can be either unzipped or opened and executed in Swift Playground on an iPad. It will soon be submitted to the App store
Privacy notice
This app collects no information about the user. No connection is made to this Internet as everything is done using the clipboard and the iOS’s share system.
Usage
The app use the same control to share the publics keys and the key negotiation messages. It is made of three icons. The first one copy the element in the clipboard to be pasted in another app. The second one use iOS’s share system to send it via registered app (email, instant messages…). The last one allows to share it as a QR-code (mainly for sharing a public key directly which is the best way to be sure the public key correspond to the person). For this last option, to get the text on the iOS device, just open the camera app and point to the QR-code. Then tap on the small QR-code icon and select « copy » to place it in the clipboard and paste it in the app.
To communicate with someone, you must exchange your public keys. The private key is kept in the secure enclave and never leaves it. Note that this key is only used for authentication and gives no hint about the key used in encryption. To exchange these keys, first one taps « Manage Identity » to share it while the other taps « Edit Directory », then « Add… » and finally gives a name to it and paste the shared value. Then people do this the opposite direction.
Once the public keys exchanged, you can start a conversation one with anyone known in the directory. First click « New… » in the main window. Then both press « Generate message 1 » and exchange these first negotiation messages. Once done, both press « OK » and proceed the same way with message 2. The second messages implies authentication and requires the use to make a Touch ID ou Face ID identification. The a new page opens which can be used to cipher (touch the lock), copy or share the text below (beware not to share clear text if you do not want to), decipher (touch the open lock) or paste text from the clipboard. The last icons with a cross closes the conversion and dispose the cipher key which means no one (even you) can deciphered the encrypted text.