Add Ecryption

[achhayapathak]

Encrypt the messages the enhance security.

[yashkathe]

I’ll take this one @achhayapathak

[achhayapathak]

Sure @yashkathe

[achhayapathak]

Did you work on this @yashkathe or shall I pick this up?

[yashkathe]

Did you work on this @yashkathe or shall I pick this up?

I'll take this one

[yashkathe]

The problem with adding encryption is that most algorithms require a special key, so how can we handle that? Or is there any encryption algorithm library that you can recommend?

[achhayapathak]

This one will be a challenging problem to work on. One way to resolve this is to:

1. Generate keys in real-time using some password generator like https://www.npmjs.com/package/strongest-password-generator while starting the server.
2. Then along with the URL, pass the encryption key to the host and prompt them to send it securely to the users along with the URL(our only hope is to rely on them to send it securely).
3. Write two functions that encrypt and decrypt on both the client and server side. Use the key to encrypt the text before sending and decrypt the text after receiving it on both the client and server side.

You can use libraries like crypto or bcrypt and any encryption algorithm like AES, RSA or blowfish to achieve this. My suggestion will be to go with AES-256 encryption with CBC mode. I have the code for encrypt and decrypt functions also for this one so if you want I can share that with you but you will get to learn a lot about encryption if you figure that out yourself.

[yashkathe]

I will try to research a bit but nevertheless, still share the code you wrote so I can have a look

[achhayapathak]

const crypto = require('crypto');

// Generate a secure random key and initialization vector (IV)
const key = crypto.randomBytes(32); // 32 bytes for AES-256 encryption
const iv = crypto.randomBytes(16); // 16 bytes for AES initialization vector

// Function to encrypt a message
function encrypt(text) {
let cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(key), iv);
let encrypted = cipher.update(text);
encrypted = Buffer.concat([encrypted, cipher.final()]);
return encrypted.toString('hex');
}

// Function to decrypt a message
function decrypt(encryptedText) {
let decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(key), iv);
let decrypted = decipher.update(Buffer.from(encryptedText, 'hex'));
decrypted = Buffer.concat([decrypted, decipher.final()]);
return decrypted.toString();
}

[achhayapathak]

This one is for the server side. For the client side, the functions will remain the same just the key and iv won't be generated but accepted by the user through a prompt.

[yashkathe]

Thank you for sharing the code, I'll have a look

[achhayapathak]

are you working on this @yashkathe ?

[yashkathe]

I'm a bit busy currently. I will take a look when I am free. If its a bit urgent you can start with the development.