I would like to create a messaging app that will be available both on website and mobile ie users can access there messages with their account both on the website and the app.
Now, the issue is that in order to keep the history of the messages I must save them somehow in the database. I do not want to save them in plain text to avoid any data stealing (the app might go in production someday). But, I do not see any way to save the messages encrypted in the database and decrypt them for both the sender and receiver.
What I thought about doing is to create two instances of each message sent in the db. One being encrypted with the sender's public key and the other one being encrypted with the receiver's public key. This way both sender and receiver will be able to decrypt every single message saved in the discussion with their private key.
However, I do not if this is the best way of doing it, what do you think about? Also, I guess the private key will be stored on the user's device but what would happen if the user deletes the app or changes device. Furthemore what about the website? How will it access the private key if it is on the user's mobile device?
Fyi I am using NodeJS, MongoDB, React, React Native and Socket.io
question from:
https://stackoverflow.com/questions/65602235/secure-messaging-system-with-chat-history 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…