Building an end-to-end encryption framework in Swift

Image for post
Image for post
2016 @ https://tinyurl.com/y28qzkz8
Image for post
Image for post

Intro

A couple of days ago I read this article that inspired me to do a Swift library with utilities around Apple CryptoKit. When the time came to test it against using a real server, I end up adapting the library to an end-to-end (client-server-client) encryption tool.

The article is about my path doing that library, and also how I built client app and web server to test the concept.Before we start, I want to give you a quick intro about how 2 entities can “safely” agree on a (secret) key exchange that will latter be used to encrypt all messages, the Diffie-Helman key exchange algorithm.

Image for post
Image for post

I — Diffie-Helman key exchange algorithm.

Before we start, just quick intro about how 2 entities can “safely” agree on a (secret) key exchange that will latter be used to encrypt all messages, the Diffie-Helman key exchange algorithm.

Image for post
Image for post
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

There are 3 concepts to keep in mind:

  • Salt : (common paint) is the same and is know only by Alice and Bob, and can be seen as starting “password” between Alice and Bob.
  • Public Key : Both Alice and Bob have one and there is no problem if more entities know then.
  • Private key : (Secret colours) Both Alice and Bob have one, and only Alice know his Private key and only Bob know his Private key either.
Image for post
Image for post
AliceSecret = Salt + Alice.PrivateKey + Bob.PublicKey
BobSecret = Salt + Bob.PrivateKey + Alice.PublicKey

AliceSecret and BobSecret should share the same Symmetric key value that will be used to encrypt the messages. used to encrypt the messages.

Image for post
Image for post

II — Building

Building the basic operations

Image for post
Image for post
Image for post
Image for post

First tests

  • Alice (our sender entity) and Bob (receiver entity), both with Public and Private keys.
  • A Salt (common paint).
  • A secret message “my secret”.

We can define all (using Swift) and RJSP_Security as follow:

And we can simulate the:

  • Symmetric key exchange (line 4 and 8).
  • Encryption latter (line 5) by Alice using the common Salt, her Private Key a Bob Public Key.
  • Decryption by Bob (line 9) using the common Salt, his Private Key a Alice Public Key.
Image for post
Image for post

III — Testing on real App-Server-App use case

Image for post
Image for post
GIF at : https://github.com/ricardopsantos/RJSP_Security/blob/master/_Documents/preview.1.gif
Image for post
Image for post

Step 1: The app (client) sends its Public key to the server (in the request body). It also sends its userID (in the request header).

The request definition is below:

The request execution is below: (btw, how are your Combine skills?)

Image for post
Image for post

Step 2: The server stores the USER_ID and the user’s Public key (for future secure communication) and returns the server Public key to the client app.

Image for post
Image for post

Step 3: The client app receives the server Public key, and then with its (client) Private key executes a secure/encrypted request to the server.

The request definition is below:

Image for post
Image for post

Step 4: The server receives the encrypted request, and decrypts it using the client Public key (stored on step 1) and its (server) Private key. After decrypting the message, the server just returns it as a “proof” of success.

Image for post
Image for post

IV — Materials

  • All the code used on this articles, as for the sample client app and server app, can be found at RJSP_Security
  • If you are not familiar with Vapor (server app) and you want to learn more, this article will help you for sure.
Image for post
Image for post

V — Final notes

Image for post
Image for post

VI — Article review by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store