[IMPROVEMENT] End to End Encryption

[c0fe]

I would like to suggest adding support for end to end encryption and overall improving the security of Rocket.Chat including storing all message logs in encrypted format. I am a bit surprised that this isn't done already by the project but security is important. I would also like to recommend adding a guide to secure MongoDB as well since there have already been a few articles published about compromised MongoDB's that weren't secured properly.

The protocol I suggest for End to End Encryption would be the Signal protocol. It would appear to have been tested in the wild for its security.

Chat messages/logs should be stored in an encrypted format and managed by the server, thus in the event of a compromise decrypting the messages would require more time and allow admins to catch the intrusion.

[mrinaldhar]

Hi @c0fe , we took up End to End encryption as a Google Summer of Code project last year, and the work is currently in the process of being tested and reviewed to be merged. We're also working on adding support for E2E in our mobile apps. PR #10094 should resolve this.

[cremfert]

Hi @mrinaldhar ,

thanks a lot for your work! When do you expect the package to be available in Rocket.Chat?
Is your package using the Signal Protocol? I saw some comments like "for future signal integration".

And one further question: you are storing private keys in the E2E storage, if I read your code correctly. Are private keys stored on the server?

Best regards,
Chris

[snowyu]

The encrypted private key is stored on the server always. @mrinaldhar The encrypted private key should be stored on the local only.

[mrinaldhar]

Hi @cremfert and @snowyu ,

The package is scheduled to be integrated into Rocket.Chat very soon. It's under review and testing.

I started development with the Signal protocol but that had to change because of certain requirements of the project that aren't possible with Signal on the browser. Ability to view previously encrypted messages (Signal uses a new key to encrypt every message, and there's no way to retrieve a previous key from the current key, so no way to decrypt previous messages later on), as well as group messaging (Signal relies on a "Sender Keys" algorithm for group messaging, which has not been implemented for the javascript version of Signal) are a few examples.

Since Signal was originally integrated in the package, I've left comments so that we can move to Signal in the future in case such a need arises and we're able to achieve those requirements with a future version of Signal.

Private keys are encrypted on the client and then stored in the server. This has been done to ensure that users can use any device (and more importantly, any new browser tab) to access their previous E2E encrypted message history. Otherwise, each device or browser tab would create a new set of keys and if you cleared your cache, for example, you'd lose all the messages you sent/received using that browser (as the keys would be lost).

In order to make this system secure against offline attacks including bruteforcing by a malicious server admin or attacker who gains access to the server, certain measures will be incorporated such as strong E2E password requirements, using a intensive key derivation function like bcrypt, etc.

[snowyu]

This has been done to ensure that users can use any device.

This is a good UX, but down the security.

Ok, I think It should has a user security setting in preference: whether store the private key(encrypted) on the server. let the user choose more security or more convenient.

(and more importantly, any new browser tab) to access their previous E2E encrypted message history.

The user could store the private key into the localStorage to make the browse happy.

[Edgy1337]

Any progress made here?
Already implemented?

[geekgonecrazy]

e2e has landed. Going to close this. Please try and open or comment on other issues for feature requests or bugs