Mesibo End-to-End Encryption - Cryptography APIs

Estimated reading time: 2 minutes

mesibo automatically sets optimized cryptography configuration and hence you don’t need to use any of these APIs unless you have special needs.

Setting Supported and Preferred Ciphers

mesibo supports using multiple ciphers simultaneously to make interception difficult. By default, all the ciphers are enabled. mesibo prefers to use CTR-based and AEAD (authenticated encryption with associated data) ciphers and the AES-GCM is the default preferred cipher. You can change the supported and preferred ciphers by calling setCiphers method of MesiboEndToEndEncryption.

Note that, we do not recommend using CBC and non-AEAD ciphers though it is used by some implementations like Signal. However, we do not restrict if you like to use them.

  • AES-GCM (MESIBO_E2ECIPHER_AESGCM) - Recommended
  • Chacha20-Poly1305 (MESIBO_E2ECIPHER_CHACHAPOLY1305) - Recommended
  • AES-CBC+HMAC-SHA256 (MESIBO_E2ECIPHER_AESCBC)
  • Chacha20+HMAC-SHA256 (MESIBO_E2ECIPHER_CHACHA20)
void setCiphers(long supported, long preferred);

setCiphers takes the following parameters:

Parameter Description
supported Logical OR combination of all the ciphers to be supported
preferred Logical OR combination of all the preferred ciphers

Example,

e2ee.setCiphers(MESIBO_E2ECIPHER_AESGCM|MESIBO_E2ECIPHER_CHACHAPOLY1305, MESIBO_E2ECIPHER_AESGCM);

Setting Authentication Tag Length

mesibo generates an authentication tag which will be sent along with the message. The length of the tag is determined by the size of the message and it is optimized based on research papers and also NIST recommendations. However, you can change the tag length if requires. The valid tag lengths are 4, 6, 8, 10, 12, 14, and 16 bytes.

int setAuthenticationTaglen(int len);

setAuthenticationTaglen takes the following parameters:

Parameter Description
len Tag length. Valid lengths are 4, 6, 8, 10, 12, 14, and 16 bytes. Set 0 for auto length.

Example,

e2ee.setAuthenticationTaglen(0);

Setting Additional Authenticated Data (AAD)

Additional authenticated data (AAD) is any additional data that you pass to authentication algorithms. It could be anything random depending on your application. It has no contribution towards encryption and AAD is only used as an integrity check. The AAD data must be no larger than 64 KBytes. mesibo already adds AAD data and hence use of this API is OPTIONAL unless you have special needs to use it.

boolean setAuthenticationData(String aad, int len);

setAuthenticationData takes the following parameters:

Parameter Description
address The remote user address
aad Additional authenticated data

Example,

e2ee.setAuthenticationData("user-1", "some aad data");
encryption, end-to-end encryption, AES-GCM, Chacha20-Poly1305, Signal, AES-CBC