Encryption

[ghost]

I'd like to suggest end-to-end encryption from the android app to the server and vice versa! I feel like this is an important feature given that the android app uses GCM.

[Mechazawa]

Would libsodium suffice?

[skorokithakis]

libsodium would be an excellent choice. I came here to suggest authentication, because, currently, anyone who knows my service's name (which does not seem to be guaranteed to be private) can subscribe to read my (private) notifications), but end-to-end encryption with a symmetric key would be even better.

[skorokithakis]

As a suggestion, encryption could work like this:

• Each service accepts an encryption key upon creation (or, even better, an encrypted boolean parameter) and returns the items encrypted=true (or false for plaintext services) and encryption_key in its JSON response.
• From then on, all notifications sent by that service will be symmetrically encrypted to that key with libsodium.
• To subscribe to the service, the user does not need to specify the encryption key (to avoid sending it over the wire), but must know it, otherwise they won't be able to decrypt the messages.
• When subscribing to an encrypted service, a client should specify the secret key to the app or client library.

I think that would work pretty well. How does that sound?

[skorokithakis]

I have added a PR that implements the above proposal, minus the actual encryption (since that requires client changes as well).