Default Encryption

The Virgil E3Kit's default encryption provides true end-to-end encryption and data signature for one or multiple users.

Before you begin

Be sure to implement the following:

Sign and encrypt data

We encrypt data to hide the message's real content from other parties. But a recipient also needs to be sure that a third party has not modified the message's content and that the message actually came from the expected, authorized sender. So, in addition to encrypting message data for data security, E3Kit uses digital signatures to verify data integrity.

Sign then encrypt data

eThree.encrypt(data, publicKeys) signs the data with the sender's private key and encrypts the message for recipients' public keys.

The publicKeys parameter is an array of the recipients' public keys. In order to retrieve the public keys of users using their identities and generate this array, you'll need to use the eThree.lookupPublicKeys(identities) method.

// Listener for keys lookup OnResultListener<FindUsersResult> lookupKeysListener = new OnResultListener<FindUsersResult>() { @Override public void onSuccess(FindUsersResult result) { String text = "I was text but became byte array"; Data data = new Data(text.getBytes()); // Encrypt data using user public keys Data encryptedData = eThree.authEncrypt(data, result); // Encrypt message using user public keys String encryptedText = eThree.authEncrypt(text, result); } @Override public void onError(@NotNull Throwable throwable) { } }; // Lookup destination user public keys List<String> identities = new ArrayList<>(3); identities.add("userUID1"); identities.add("userUID2"); identities.add("userUID3"); ethree.findUsers(identities).addCallback(lookupKeysListener);

If you want to fully end-to-end encrypt data only for themselves for secure storing on Clouds, use the empty list of public keys.

Encrypted for sender by default. The encrypt method already uses the sender's public key for encryption. Including it again will cause an exception.

Multiple recipients: one ciphertext. Even if a message is sent to multiple recipients, the resulting ciphertext (or encrypted data) will be a single blob/string that all users in the recipient list can decrypt.

Decrypt and verify data

Now let's decrypt the data, then verify that they came from the correct, expected sender.

eThree.decrypt(data, publicKey) decrypts the data using the recipient's private key (remember that the sender looked up the recipient's public key and encrypted the message so that only the recipient's corresponding private key could decrypt the message).

Decrypt then verify

It also verifies the authenticity of the decrypted data with the publicKey parameter, by confirming that the public key on the message signature is the public key of the expected sender.

Note that the decryption method from E3Kit version earlier than 0.8.0 is not compatible with the version 0.8.0+ encryption method. Switching from newer version to the older one may cause encrypted data loss.

// Listener for keys lookup OnResultListener<Card> lookupKeysListener = new OnResultListener<Card>() { @Override public void onSuccess(Card result) { // Decrypt data and verify if it was really written by Bob Data decryptedData = eThree.authDecrypt(encryptedData, result); // Decrypt text and verify if it was really written by Bob String decryptedText = eThree.authDecrypt(encryptedText, result); } @Override public void onError(@NotNull Throwable throwable) { // Error handling } }; // Lookup destination user public keys ethree.findUser("bobUID").addCallback(lookupKeysListener);

Limitations

No automatic access to history from new users

While Basic Encryption accepts multiple public keys to encrypt data for multiple users, all the data will need to be re-encrypted should a new user join and wish to have access to the previously encrypted data. For a method that allows new users to join and instantly have access to previously encrypted data (eg. message history), see our Group Encryption method.

No Perfect Forward Secrecy

E3Kit provides a more secure method that implements the Double Ratchet algorithm to accomplish Perfect Forward Secrecy and post-compromise security for one-to-one communication only. See our Double Ratchet Encryption method.