Encrypted Application Architecture: Best Practices
Having a high-level understanding of the components that make up your encrypted application and how they work together will help you get started quickly and avoid common pitfalls. First, let's go through the primary operations for which your backend and frontend are responsible.
Before proceeding, make sure you've read the previous article in this section to get a better understanding of the building blocks of end-to-end encryption.
Backend
Operations it performs
1. Authenticate users
Your backend has the responsibility of identifying and authenticatin between users accessing your application before providing them with an appropriate Virgil JWT token. The method of authentication is up to you, so make sure it's a secure one.
2. Generate Virgil JWT for users
Virgil JWTs are a user's ticket to and proof of identity for Virgil Cloud. Your Virgil Application private App Key and App ID are needed for this procedure. Since they should never leave the backend, this operation can only be performed server-side.
3. Receive and store sensitive user data encrypted, if it requires storage
Files, conversations, and any sensitive or protected health information should never leave the client device unencrypted. This means it must be encrypted with an asymmetric public key before being sent to and stored in your servers.
Operations it should not perform
1. Store user asymmetric encryption keys (public or private)
User private keys must be stored in the user device only, and should never be exposed to the backend. This way, if your backend is compromised, the encrypted data will be not accessible. Public keys should be stored only in Virgil Cloud for consultation and client-side if cache or offline use is required.
2. Encrypt or decrypt sensitive user data or conversations
In end-to-end encrypted applications, sensitive data should only be produced and accessed by client devices. Thus, encryption and decryption operations on sensitive user data should be done client-side.
3. Register users in Virgil Cloud
To register a user in Virgil Cloud, an asymmetric key pair needs to be generated. The public key is stored in the Virgil Cloud, while the secret private key must never be seen outside the client device. Thus, this registration operation should only be performed by client devices, as to not compromise the private key.
Frontend
Operations it performs
1. Generate public and private key
Your frontend has the responsibility of generating asymmetric key pairs (public and private keys). They are the key and safe that will allow sensitive information to be traded and stored securely.
2. Store and protect user private key
A private key is a secret that should be known only to its individual owner, in this case the end user. It's important to store it securely on the client device and to not send it to anyone, except using E3Kit's included backup service (Brainkey). Virgil E3Kit has built-in methods of storing private keys securely.
3. Encrypt user data
Files, conversations, and any sensitive or protected health information should never leave the client device unencrypted. This means it must be encrypted with an asymmetric public key before being sent to and stored in your servers.
Operations it does not perform
1. Expose private key
A user's private key must be kept safely stored in the device. It should never leave the device, unless via Virgil's password-secured backup service (Brainkey).
2. Generate JWT
JWTs are credentials used by devices to communicate with Virgil Cloud and should be generated by the backend following user authentication.
3. Send sensitive information unencrypted
Make sure that before sending messages, the proper encryption method is called using the correct recipient's public keys.