|
|
|
|
|
|
by DHowitzer
4389 days ago
|
|
|
Our base case is indeed symmetric for each message (the key distribution is over Elliptic Curve Diffie Hellman Ephemeral). The number one reason why we allow for symmetric message keys is to allow you to send an encrypted message to anyone, even if they don't have public keys somewhere. Distributing and using private/public keys in a trusted AND easy to use way is a problem we're currently working to solve, and will add as soon as we get that done in a way that doesn't make our software so hard to use that people stop using it. |
|
|
Now, I'm not saying it's an easy problem; kudos to you for tackling it. It's just that
- if you have the keys to the payload
- if you don't provide open-source client code
then no one can honestly trust your service. Don't forget that what you're primarily doing with is trust.