End-to-End Encryption: E2EE foundation with crypto core, message cache, and session management#313
Open
G-ELM wants to merge 4 commits into
Open
End-to-End Encryption: E2EE foundation with crypto core, message cache, and session management#313G-ELM wants to merge 4 commits into
G-ELM wants to merge 4 commits into
Conversation
|
@G-ELM Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implement the foundational E2EE infrastructure for the web client, including device keypair management, local encrypted message caching, prekey generation and management, and session establishment. These changes enable offline message history, secure local storage, and encrypted communication channels.
Changes
Task 2: Web Crypto Core - Device keypair generation and IndexedDB key store
Task 1: Local Encrypted Message Cache - Offline read with encrypted storage
Task 3: Prekey Generation and Replenishment - Key management for session establishment
/crypto/prekeysendpoint after registrationprekeys_lowhandler to trigger replenishmentTask 4: Session Establishment - First-contact key exchange and session caching
/crypto/bundlesendpointSessionProtocolinterface for protocol swappingSealedBoxProtocol(AES-GCM) as default transportTechnical Details
Acceptance Criteria Met
✅ Private key non-exportable, never leaves the browser
✅ Public key + deviceId available for registration
✅ Key store survives reloads; cleared on logout
✅ History available offline after first sync
✅ Local cache encrypted at rest
✅ Cache cleared on logout/revocation
✅ Signed + one-time prekeys uploaded after registration
✅ prekeys_low triggers replenishment
✅ Private prekeys stored locally, consumed once
✅ Signed prekey signature verified before use
✅ Session cached per recipient device
✅ Interface abstracts underlying protocol (sealed-box now, Signal later)
Closes #292
Closes #293
Closes #294
Closes #299