End-to-end encryption is a critical technique used in modern communication systems to ensure the privacy and security of data during transmission. In this age of interconnected devices and online services, there is an increasing need to protect sensitive information from unauthorized access and potential cyber threats. End-to-end encryption works by encrypting data at the sender's end and keeping it encrypted until it reaches the intended recipient. Only the recipient possesses the decryption key required to unlock the encrypted data, ensuring that even if the data is intercepted during transit, it remains unintelligible to malicious actors. This level of security is crucial for safeguarding sensitive data such as personal information, financial transactions, and confidential communications. Organizations, businesses, and individuals alike rely on end-to-end encryption to build trust, protect user privacy, and mitigate the risk of data breaches.
The given code below is an example of how to implement the end-to-end encryption to secure the data before sending it to our servers. The code uses two different encryption methods: asymmetric RSA-OAEP and symmetric AES-CBC. It is a so called hybryd solution to enable the encoding of large texts if necessary.
In the code, the body object contains the data that needs to be sent securely to the server. In this case we are using the query all chatbots API. The encrypt function takes this body object and performs the encryption process. To do this, it requires a backend public key (backendpublicKeyPem) for the RSA-OAEP encryption. The backend public key was send to you when you created your account.
First, a random 16-byte AES key (aesKey) is generated for symmetric encryption. Then, this AES key is encrypted using the RSA-OAEP algorithm with the backend public key, resulting in encryptedaesKey. The encryptedaesKey is then base64 encoded for easy transmission.
Next, the originalMessageString is created by converting the body object into a JSON string. The originalMessageString is then encrypted using AES-CBC with the previously generated AES key (aesKey). The result is the encryptedMessage, which is also base64 encoded.
Finally, the function returns an object (myreturnbody) containing the ekey (the base64 encoded encrypted AES key) and the message (the base64 encoded encrypted data). These encrypted values can now be sent securely to the server, and only the server, possessing the private RSA key corresponding to the public key used for encryption, can decrypt the data back to its original form. This process ensures that sensitive data remains protected during transmission and can only be accessed by authorized parties.
const crypto = require('crypto-js');
const forge = require('node-forge');
const body = {
clientNr: "111111",
chatbotMaster: "chatbot1"
}
const encryptedBody = encrypt(token, body);
// query all the bots
const res = await axios.post("https://apis.gwocu.com/api/chatbots/queryall/", encryptedBody);
function encrypt(body) {
var backendpublicKeyPem = process.env.REACT_APP_BACKEND_PUBLIC_KEY;
var backendpublicKey = forge.pki.publicKeyFromPem(backendpublicKeyPem);
/**** START Encrypt AES with asymmetric RSA-OAEP key and set body ekey variable ****/
var aesKey = forge.random.getBytesSync(16); // generate random 16 bits key
var encryptedaesKey = backendpublicKey.encrypt(aesKey, 'RSA-OAEP');
var encoded64encryptedaesKey = forge.util.encode64(encryptedaesKey);
/**** END OF Encrypt AES key ****/
/**** START Encrypt message with symmetric AES key ****/
var originalMessageString = JSON.stringify(body);
var cipher = forge.cipher.createCipher('AES-CBC', aesKey);
cipher.start({ iv: aesKey }); // use the same key as iv for simplicity
cipher.update(forge.util.createBuffer(originalMessageString));
cipher.finish();
var encryptedMessage = cipher.output.getBytes(); // get encrypted message
var ecoded64encryptedMessage = forge.util.encode64(encryptedMessage); // encode to 64 so it can be sent
/**** END OF Encrypt message with symmetric AES key ****/
const myreturnbody = {
ekey: encoded64encryptedaesKey,
message: ecoded64encryptedMessage
};
console.log(myreturnbody);
return myreturnbody;
}