1) Generate random numbers: The client and server each generate random numbers for subsequent key generation.
2) Distribute random numbers: The server sends its own random numbers to the client.
3) RSA Encryption Client Random Number: The client uses the server's public key to encrypt its random number using RSA and sends it to the server.
4) RSA decryption: The server uses its own private key to decrypt the encrypted random number sent by the client.
5) Generate temporary key and offset: Both parties use their own random numbers to generate temporary key TempKey and offset TempIV.
6) Generate ECDHE public-private key pairs: The client and server use the ECDHE algorithm to generate their own public-private key pairs.
7) Exchange ECDHE public key: The client and server exchange encrypted ECDHE public keys.
8) Generate shared key: Both parties use ECDHE algorithm to combine each other's public key and their own private key to generate the shared key ShareKey.
9) Initialization parameters and verification: The server initializes communication parameters and sends them to the client, while conducting data integrity verification.
10) Message Encryption: Each subsequent message is encrypted using parameters such as MgID, SessionID, Salt, SeqNo, etc. combined with ShareKey to generate a unique key and offset, and the message content is AES256_CBC encrypted.
11) Key expiration: To ensure security, ShareKey will expire periodically, and after expiration, key negotiation needs to be conducted again.
1) Generate ECDHE public and private keys: Users generate ECDHE public and private keys, send the public key to the server, and store the private key locally.
2) Get friend public key: After logging in, the user obtains the public keys of all friends from the server.
3) Generate shared key: When sending a message, use your own private key and the other party's public key to generate the shared key ShareKey.
4) Encrypt and Decrypt Messages: Use ShareKey to generate AES256 keys for encrypting and decrypting messages.
1) Signature field: Each record in the database contains a signature field used to verify the integrity of the data.
2) ECDSA Public Private Key: The server uses the ECDSA algorithm to generate a public private key pair, with the private key used for signature and the public key used for signature verification.
3) Signature and verification: When adding, deleting, or modifying sensitive fields in the database, the server uses ECDSA private keys to generate signatures and update them to the signature fields; When reading data, the server uses ECDSA public key to verify the signature.
1) SRP algorithm: Sensitive information such as user login passwords and secondary passwords are protected using the SRP algorithm, and the server does not store plaintext passwords.
2) Private key storage: The user's encrypted private key is only stored on the user's device and not sent to the server.
3) Manual key update: Users can manually update the encryption key for content on the client to enhance security. Overall, the security of communication and data is ensured through multiple layers of encryption and verification mechanisms.
