Mesibo End-to-End Encryption APIs
Estimated reading time: 3 minutesThere are only two classes to configure mesibo E2EE:
MesiboEndToEndEncryption
MesiboEndToEndEncryption is a global class to manage global and per-user E2EE configurations. Mesibo creates an instance of the class which you can access by calling Mesibo.e2ee() function as shown above.
MesiboEndToEndEncryption
MesiboProfileEndToEndEncryption is a class to manage a user-specific E2EE configurations. MesiboProfile creates an instance of the class which you can access by calling MesiboProfile.e2ee() function.
In addition, there are two mesibo e2ee listeners that you can implement to get updates on various E2EE events, for example, E2EE activated or deactivated by the peer, peer identity changed, peer identity verification failed, or any suspicious attempts.
- Mesibo_onEndToEndEncryption, a global listener which will be called for all E2EE events.
- MesiboProfile_onEndToEndEncryption, a profile-specific listener which will be called only for E2EE events for a user.
In the following sections, we will describe MesiboEndToEndEncryption APIs. The MesiboProfileEndToEndEncryption APIs are a subset of MesiboEndToEndEncryption and have the same API signature except that you do not have to pass the user address.
Common APIs
Setting E2EE Level
You can set e2ee level from 1 to 10 and the secure-only mode by calling setLevel method of MesiboEndToEndEncryption.
void setLevel(int level);
setLevel takes the following parameters:
| Parameter | Description |
|---|---|
| level | Encryption level (1-10), 1 is the higest |
Example,
e2ee.setLevel(5);
E2EE-Only mode
By default, users without e2ee can communicate with e2ee-enabled users. This is recommended since some of your users might be using older APIs that do not support E2EE. However, you can override and enable the E2EE-only mode to disable communication with all non-e2ee users.
void secureOnly(boolean enable);
setLevel takes the following parameters:
| Parameter | Description |
|---|---|
| enable | Enable or Disable E2EE mode |
Example,
e2ee.secureOnly(false);
Get Status
You can get the E2EE status for any user by calling one of these APIs
int getStatus(address);
boolean isActive(address);
The status can be one of the following. You can also implement E2EE listeners to get notified of status change instantly:
| Status | Description |
|---|---|
| MESIBO_E2ESTATUS_ACTIVE | E2EE is Active |
| MESIBO_E2ESTATUS_IACTIVE | E2EE is NOT Active |
| MESIBO_E2ESTATUS_IDENTITYCHANGED | E2EE is Active but user identify has changed |
| MESIBO_E2ESTATUS_FAILED | E2EE key negotiation failed |
| MESIBO_E2ESTATUS_IDENTITYFAILED | E2EE identity verification failed |
| MESIBO_E2ESTATUS_SUSPICIOUS | E2EE is not active. Suspicious attempts detected |
Both APIs take the following parameters:
| Parameter | Description |
|---|---|
| address | The remote user address |
Example,
boolean e2ee.isActive("user-1");
Getting Fingerprints
A fingerprint allows you to verify that you are indeed communicating with the intended person and no one is watching your conversations. There are two types of fingerprints
-
Communication Fingerprint - it’s a unique and identical fingerprint between you and the peer. By comparing this one fingerprint, both of you can be certain about untampered communication.
-
User Fingerprint - it’s a unique fingerprint of the user. It is not the public key.
We recommend using Communication Fingerprint.
String getFingerprint(String address);
String getUserFingerprint(String address);
Both functions take the following parameters:
| Parameter | Description |
|---|---|
| address | The remote user address |
Example,
String fingerprint = e2ee.getFingerprint("user1");
You should check active status before calling fingerprint APIs.
encryption, end-to-end encryption, AES-GCM, Chacha20-Poly1305, Signal, AES-CBC