I am currently working on an instant React Native messaging app and I want to implement E2EE (End to End Encryption between the sender and the receiver) for better security. The libraries/frameworks I use are NodeJS for the backend, Socket.io for real-time communication, MongoDB for data management and obviously React Native for the frontend.
At this point, I am able to send messages back and forth from sender to the server and back to the receiver but the server can actually read the messages which are quite annoying because I want to save the messages (encrypted) in my database and retrieve them for the user to see his history.
Recently I found that the Diffie-Hellman key-exchange was a good solution to generate a shared secret key on each endpoint device but I don't know how to implement it in my app.
I also found that big messaging app (like WhatsApp, Facebook Messenger, Signal,... ) uses the Signal Protocol which is based on an X3DH (Extended Triple Diffie-Hellman) and I was wondering if it is possible to implement such a good thing in my RN app. But the problem is that even after reading the Signal Protocol's documentation I could not figure out how to implement it.
In conclusion, my question is how can I implement the Signal Protocol in my RN app and uses Socket.io to send and receive encrypted messages? And if for some reason this is not possible, how can I implement the Diffie-Hellman key-exchange on my own?
Thanks to anyone who can help me!
I believe you have already solved your problem by now. I would love to know how you did it.
I haven't implemented any apps with E2E security but here are some of the things I would have done
I would try messaging protocols that support E2EE like Signal Protocol, OTR protocol, and PGP. Based on the protocol I chose, I would encrypt and decrypt the data
Other than that, I would also take care of the authentication, storage security, and other required security measures.