Implementation

jklardie edited this page Sep 13, 2010 · 6 revisions

General description
Parandroid Messaging uses ‘Diffie-Hellman key exchange’ to establish a ‘secret key’ which we use to encrypt the SMS message. The actual encryption used is 192 bit AES. The image below sums it all up.

Keypair
When a user first launches Parandroid Messaging, he is guided through some information about how Parandroid Messaging works, and is then prompted to enter a password. When a user succesfully enters a password, Parandroid Messaging generates a 1024 bit Diffie-Hellman public and private key, storing the public key plain, and the private key 256 bit AES encrypted using the password just provided, on the phone’s internal memory. A user can always generate a new keypair from the menu.

Public keys
Parandroid Messaging users will have to send their public key to the users they want to securely communicate with. When both users have each other’s public key, they can both generate a shared ‘secret key’ used to encrypt and decrypt the messages. This secret key is generated using the ‘other’ user’s public key and your own private key. The secret key is created on-the-fly when needed, so it’s never stored locally.

Private key
Since the private key is stored encrypted on the phone’s internal memory, a password needs to be provided before accessing the private key. The encryption we use on the private key is 256 bit AES (bouncycastle’s ‘PBEWithSHA256And256BitAES-CBC-BC’ provider, to be precise). In the preferences menu, a user can specify if the password needs to be ‘forgotten’ when the phone enters sleep-mode. In other words, when the screen goes black, you’ll have to re-enter your password when you do an action that needs the private key, like reading encrypted messages or composing a new one. Alternatively, users can choose to keep the password in memory during the lifetime of the Parandroid Messaging instance, which can be up to many hours. As this can be a security risk, the default setting is ‘forget on sleep’.

Password
The password used to encrypt the private key is sometimes also used in some other places, like ‘manage public keys’ and ‘generate new keypair’ for obvious reasons.

Helpful resources