Hi there,
I am working on a messaging/chat system that allows logged in users to send each other private messages. At this point I'm researching how to protect the content of those messages.
Laravel Encryption seems straight forward: https://laravel.com/docs/9.x/encryption#main-content
But I wonder; is this sufficient for protecting private messages?
I read WhatsApp uses something like "end to end" encryption but it seems to me this is very complicated and I'm having difficulties finding clear information.
Does anyone have some pointers about this?
Thanks!
It should be sufficient. Just be aware that you you ever run php artisan key:generate you can no longer decrypt the messages.
Also be aware that you can never search the messages. Is this needed? If so, you can look into ciphersweet https://github.com/spatie/laravel-ciphersweet
end to end means that something in the client browser encrypts and decrypts the messages. Not javascript, probably a web assembly. Plus you need a way to securely pass public and private encryption keys back and forth.
Its not something I would consider building myself as it requires too much domain knowledge
You can use laravel encryption to store the messages in an encrypted form, but it will certainly not be "end to end".
Thanks for your replies.
Yeah, I assumed end to end might be a bit too difficult to do.
It's a good question about having the messages searchable. At this point I would say it's not needed but it might be a nice feature to have later on. I've noticed Whatsapp and Facebook Messenger messages are searchable.
There seem to be ways to do that. A quick Google search got me some possible solutions. https://stackoverflow.com/questions/65847235/how-can-i-search-encrypted-data-in-laravel-using-like-operator
Please or to participate in this conversation.