Mesibo End-to-End Encryption - Cryptography APIs
mesibo automatically sets optimized cryptography configuration and hence you don’t need to use any of these APIs unless you have special needs.
Setting Supported and Preferred Ciphers
mesibo uses 256-bit encryption and supports using multiple ciphers simultaneously to make interception difficult. By default, all the ciphers are enabled. mesibo prefers to use CTR-based and AEAD (authenticated encryption with associated data) ciphers and the AES-GCM is the default preferred cipher. You can change the supported and preferred ciphers by calling setCiphers
method of MesiboEndToEndEncryption
.
Note that, we do not recommend using CBC and non-AEAD ciphers though it is used by some implementations like Signal. However, we do not restrict if you like to use them.
- AES-GCM-256 (MESIBO_E2ECIPHER_AESGCM) - Recommended
- Chacha20-Poly1305 (MESIBO_E2ECIPHER_CHACHAPOLY1305) - Recommended
- AES-CBC+HMAC-SHA256 (MESIBO_E2ECIPHER_AESCBC)
- Chacha20+HMAC-SHA256 (MESIBO_E2ECIPHER_CHACHA20)
void setCiphers(long supported, long preferred);
setCiphers
takes the following parameters:
Parameter | Description |
---|---|
supported | Logical OR combination of all the ciphers to be supported |
preferred | Logical OR combination of all the preferred ciphers |
{:.proto-table} |
Example,
e2ee.setCiphers(MESIBO_E2ECIPHER_AESGCM|MESIBO_E2ECIPHER_CHACHAPOLY1305, MESIBO_E2ECIPHER_AESGCM);
Setting Authentication Tag Length
mesibo generates an authentication tag which will be sent along with the message. The length of the tag is determined by the size of the message and it is optimized based on research papers and also NIST recommendations. However, you can change the tag length if requires. The valid tag lengths are 4, 6, 8, 10, 12, 14, and 16 bytes.
int setAuthenticationTaglen(int len);
setAuthenticationTaglen
takes the following parameters:
Parameter | Description |
---|---|
len | Tag length. Valid lengths are 4, 6, 8, 10, 12, 14, and 16 bytes. Set 0 for auto length. |
{:.proto-table} |
Example,
e2ee.setAuthenticationTaglen(0);
Setting Additional Authenticated Data (AAD)
Additional authenticated data (AAD) is any additional data that you pass to authentication algorithms. It could be anything random depending on your application. It has no contribution towards encryption and AAD is only used as an integrity check. The AAD data must be no larger than 64 KBytes. mesibo already adds AAD data and hence use of this API is OPTIONAL unless you have special needs to use it.
boolean setAuthenticationData(String aad, int len);
setAuthenticationData
takes the following parameters:
Parameter | Description |
---|---|
address | The remote user address |
aad | Additional authenticated data |
{:.proto-table} |
Example,
e2ee.setAuthenticationData("user-1", "some aad data");