Skip to content

Message History

Jump to bottom
Gordon Chiang edited this page Nov 15, 2021 · 4 revisions

Client-side message history security:

We could do:

  1. client authenticates as alice on client
  2. alice says I want to save history
  3. client prompts alice for a password/passphrase to save the chat history
  4. the client uses the password/passphrase + nonce? to generate a private key and public key pair?
  5. the public key is saved in the config.json file for alice that @Alex made
  6. we tell the user to write down the private key?

then when alice wants to view history:

  1. alice gets authenticated
  2. alice selects to view chat history on the client
  3. client prompts alice for the private key
  4. alice enters the private key that they wrote down
  5. history is displayed

Then whenever alice is messaging and sees a plaintext, the client encrypts it using the public key and adds it to the db or .txt or whatever, but no one can read it without the private key

Server-side message history security:

Here's what I'm thinking to get the server-side history:

  1. bob is messaging alice
  2. bob sends a message encrypted with a shared message key to alice through the server
  3. alice decrypts the message with the shared message key and can see the plaintext message
  4. alice re-encrypts the message with an alice-only private key
  5. alice makes an API call to the server to save this encrypted message on the server
  6. if alice ever wants to view history, they will make an API request for the server to send the history to alice
  7. alice decrypts it with an alice-only private key to view it

I think a db like you did could work: query for chat history by using the sender and recipient fields. So if alice wants only history with bob, the query would be like SELECT * FROM chat_history WHERE (sender = 'alice' and recipient = 'bob') OR (sender = 'bob AND recipient = 'alice). For group chats, we could just delimit recipient fields? Like bob, charlie, etc. in the same field or something?Not sure about that

Or a text file would work, but each individual chat would need its own text file I think. Could also do individual dbs but sounds crazier

Clone this wiki locally