Originally published at: http://explorer.testnet.mesg.com/services/cTPFWWc4WULrqdwgXMN8461mGTbowQ1vFiMRGjy2X5V?utm_source=devto&utm_medium=blog&utm_campaign=encryption_service
Encrypt & Decrypt (ID: encrypt)
Contents
Installation
MESG SDK
This service requires MESG SDK to be installed first.
You can install MESG SDK by running the following command or follow the installation guide.
npm install -g @mesg/cli
Deploy the Service
To deploy this service, go to this service page on the MESG Explorer.
Definitions
Tasks
encrypt
Task key: encrypt
Inputs
Name | Key | Type | Description |
---|---|---|---|
publicKey | publicKey |
String |
|
data | data |
String |
Outputs
Name | Key | Type | Description |
---|---|---|---|
encryptedData | encryptedData |
String |
decrypt
Task key: decrypt
Inputs
Name | Key | Type | Description |
---|---|---|---|
privateKey | privateKey |
String |
|
passphrase | passphrase |
String |
|
encryptedData | encryptedData |
String |
Outputs
Name | Key | Type | Description |
---|---|---|---|
data | data |
String |
generate
Task key: generate
Inputs
Name | Key | Type | Description |
---|---|---|---|
passphrase | passphrase |
String |
Outputs
Name | Key | Type | Description |
---|---|---|---|
publicKey | publicKey |
String |
|
privateKey | privateKey |
String |
Top comments (6)
What are the benefits over p2p chats which are implemented in Telegram?
This is a discrete service that handles encryption and decryption only. It can be used with any chat service like Telegram.
There is an encrypted 'secret chat' feature on Telegram, but since Telegram handles the encryption keys (even if it doesn't officially run through their server), it could theoretically be decrypted via your device by Telegram as well.
This service gives full control of encryption and keys to the user rather than trusting any companies in the middle. Telegram's proprietary protocol MTProto isn't open to developer scrutiny, whereas this service is fully open-source, and can be used locally or even in a decentralized manner.
So, GPG?
Could you elaborate on that statement? Do you mean Telegram can send some service message to me which will tell the app to decrypt my secret chats and send them back to Telegram? I'd doubt that. Their apps are open-source so if that would be the case, I'm sure there would be news about that. I haven't heard of anything like this, though.
Server-side chat MTProto specification.
E2E MTProto specification.
Not sure how secure it is, though it does satisfy the conditions for IND-CCA, so I guess it's good?
Right now, this service just generates a couple of private/public keys, but could definitely use GPG.
Telegram won't allow you to do that with your own encryption, but this could be done with a Telegram bot which could encrypt/decrypt your messages and connect your chat on Telegram with this service.
In this case, you control your own encryption, so you're your own middle man, not Telegram. This would be the user-friendly solution, but the better way would be to do this outside of Telegram, with manual encryption/decryption of the messages.
Telegram security does seem quite open and safe, but it's a proprietary protocol, and many would prefer open-source protocols and encryptions because they have full control over it. Here's an example of that sentiment: abacusnews.com/digital-life/why-te...
That didn't answer my question about secret chats being decrypted somehow just because Telegram does the initial key exchange, which you stated there (if I misunderstood your sentence, please forgive me for that. English is not my native language):
Yes, you have to let Telegram do the exchange for you, but that's just trading user experience over security, I'm sure most people would accept this "trade" and those who don't - I doubt they use Telegram at all (they probably use GPG + E-mail or something like that).
DiffieβHellman key exchange have been used for years, as long as Telegram clients use that algorithm, I'm fine with that.
As for the diagram provided, I guess it shows integration of your service with Telegram? I'd not trust any bot (except created by myself) to do the decryption of my messages. It must be done on the client side. Otherwise you're not controlling it at all. You can send/receive encrypted messages over Telegram, but that's not user friendly at all. At that point, I'd simply use GPG over e-mail with a plugin for Thunderbird that would encrypt/decrypt messages automatically.
The article you linked do not provide any valuable arguments either. I can take screenshot of any decrypted data and there's no protocol that wouldn't let me do that. As for MTProto, how is that proprietary? No one stops you from implementing it as a library so anyone could use it. The specification is open.
Just what I was looking for!