SMSWithoutBorders Logo
SMSWithoutBorders | Blog

New Alpha Release: Vault 0.1.0

2 min read

Source Code

NOTE:This writeup doesn't contain information about all the components involved in the operations; it focuses solely on the Vault and the client devices.

The Vault is a technology developed by the SMSWithoutBorders team to secure users' access tokens and facilitate the secure usage of these tokens for publishing users' messages. It leverages the Double Ratchet Algorithm to ensure secure communication between the sending device and the publishing server. The Vault has undergone significant evolution to reach its current state.

Key Features

  • End-to-End Encryption: Devices exchange keys using X25519(Curve25519) for secure communication with the Vault.
  • Device Identification: Each device is uniquely identified using a device_id generated from the key exchange.
  • Double Ratchet Algorithm: Ensures message confidentiality and forward secrecy.

How it Works

The Vault utilizes the smswithoutborders_libsig Python library for cryptographic operations.

X25519 for Key Exchange

To be identified and communicate securely, a device must perform two X25519 key exchanges with the Vault:

generating-an-identity

1. For Generating an Identity (Device ID): Refer to the specification.

2. For Communication: Encrypting and decrypting messages using the Double Ratchet Algorithm.

Communication Using The Double Ratchet Algorithm

Messages sent from an authenticated device are encrypted using the Double Ratchet Algorithm and can be decrypted by the Vault using the same algorithm.

double-ratchet-algorithm

Considerations

  • Transmission via SMS: End-to-end encryption between the device and the Vault ensures that no unauthorized party can read the content in transit.
  • Security: The use of the Double Ratchet Algorithm provides forward secrecy and ensures that even if one session is compromised, it does not compromise future sessions.
  • Authentication: Devices are authenticated using their unique device_id, computed from the initial key exchange, ensuring that only authorized devices can communicate with the Vault.

Changelog

Added

  • gRPC service communications.
  • Device Identification (device_id).
  • End-to-End Encryption.

Contributors

A big thank you to the following contributors for their valuable contributions to this release:

Feedback

Your feedback is crucial to us! If you encounter any bugs or have suggestions on how we can improve this release, please let us know.

Promise Fru
Promise Fru