The Apple v FBI clash left a bitter taste in my mouth. Not just because the FBI wants to punch holes in Apple’s security for their own benefit; at some level this is just a natural reaction of an investigative agency whose goal is to build cases against terrorists and to stop terrorism before it happens.
What left the bitter taste in my mouth were the pundits who claimed Apple was committing treason. What left the bitter taste were the politicians and political candidates who kept saying “let’s open the hole, and deal with the consequences later”–meaning they were simply not willing to look at the issue.
But what really left the bitter taste in my mouth was the presumption that somehow encryption is the property of large corporations and large governments–and even those on the far right sounded a lot like socialists when they demanded the two cooperate to make our world a safer place.
That really bothered me–because cryptography is not the exclusive domain of large corporations and large governments.
Which is why I put together SecureChat, an open source Java server/iOS client which provides end-to-end RSA encryption of messages.
This perhaps isn’t the best way to provide end-to-end encryption; certainly there are undoubtedly holes that in the next few months those who look at this code may find.
But my point was to demonstrate a couple of things:
Encryption is not the exclusive domain of a handful of large corporations and government agencies. Working from first principles I built an RSA encryption engine from scratch–even going so far as to bypass Apple’s built-in security classes (except for their SecureRandom function–but that could also be replaced), on the presumption that a future administration forces Apple to open back doors in their built-in encryption classes.
Please note I do not believe this will come to pass, and I believe Apple has security as a primary goal. This is more of a what if? exercise.
This is a demonstration of what one motivated developer can do in the span of a couple of months part-time work. If I can do it, undoubtedly there are others who have also done this.
The design provides complete end-to-end encryption of messages from device to device; only encrypted messages exist on the back-end server. Further, old messages are deleted as they are delivered; this prevents a record of messages from accumulating on the server. The design also keeps messages encrypted on the device; while messages are stored in SQLite (and could be easily scraped), messages can only be decrypted using the RSA key kept in an encrypted keystore that requires a correct passcode to be entered in the app. And the checksum used to determine if the keystore was correctly decrypted uses a CRC-8 checksum–a deliberate design which (for a 4 digit passcode) means someone randomly picking passcodes is 37 times more likely to destructively decode the keystore (and lose the private RSA key).
SecureChat is now hosted on GitHub, and is open sourced using the GNU GPL.