Mesibo End-to-End Encryption - Man-in-the-middle Protection APIs
It is generally not necessary to configure these options for casual chat. The default end-to-end encryption provides best-in-class security. However, if you are worried about eavesdropping, you can use a secret password, or install the public certificate of the peer. They are included in the per-message encryption process, and these out-of-the-band methods make it nearly impossible for anyone to intercept your communication.
Setting a Password
You can set a password that is included in the encryption process (KDF). The peer needs to use the same password to decrypt the messages. Setting a password can be very effective against a man-in-the-middle attack. Refer to the article link above for the description.
void setPassword(String address, String password);setPassword takes the following parameters:
| Parameter | Description |
|---|---|
| address | The remote user address |
| password | Password |
| {:.proto-table} |
Example,
e2ee.setPassword("user1", "some password");Creating a Private Certificate
mesibo automatically generates a private certificate for you which safely remains on your device only. However, if you prefer to use your custom certificate, you can load it here.
To load a custom private certificate, you need to supply PKCS#12 file with Curve25519 private and public keys. Your certificate MUST contain UID='your mesibo address' and CN='mesibo' for validation. You must also specify O='your app name'.
You can use any tools for generating a private certificate. Below is an OpenSSL example,
$ openssl req -nodes -new -x509 -newkey ed25519 -keyout my.key -out my.pub -days 3652 -subj '/CN=mesibo/O=myapp/UID=MyAddress'
$ openssl pkcs12 -export -in my.pub -inkey my.key -out my.p12Do not set password when exporting.
BOOL setPrivateCertificate(String filename);setPrivateCertificate takes the following parameters:
| Parameter | Description |
|---|---|
| filename | The PKCS#12 filename with .p12 or .pfx extension |
| {:.proto-table} |
Example,
e2ee.setPrivateCertificate("my.p12");Exporting Public Certificate
Your public certificate gets safely transmitted by mesibo to your peers without any manual interventions. However, if you suspect any man-in-the-middle attack (which is highly unlikely), you can export and share your public certificate with your peers by other means.
String getPublicCertificate();getPublicCertificate does not take any parameters. It returns the file path of the exported certificate.
Example,
String filePath = e2ee.getPublicCertificate();Loading Public Certificate of a Peer
As mentioned in the previous section, public certificates are exchanged automatically without any manual interventions. However, if you suspect any man-in-the-middle attack, you can load the exported certificate by your peer.
BOOL setPeerCertificate(String address, String filename);setPeerCertificate takes the following parameters:
| Parameter | Description |
|---|---|
| address | The remote user address |
| filename | Exported certificate with .pub or .pem extension |
| {:.proto-table} |
Example,
e2ee.setPeerCertificate("peer.pub");