Decrypt a received Threema callback/message
MarcoDias7 opened this issue · 3 comments
I'm able to send crypted E2E Threemas, and I specified an URL to retrieve the answers. I received the nonce, the box and something called mac :
"nonce":"4dd437220d71e8ef49c16b5ae87e75574582aa650e361b01"
"box":"f1d905cb35be3c24244acba54f21e724b6ea0ce5bbda3f3f97675434d48472544f46d3422a063b86cbcb467a1806"
"mac":"9d083d8ea0d32cbca9f7833fa1a41b2222de673b1e84cafac77c37aa80511bf6"
I'm using the PHP library. How could I decrypt that ? Is there something in the library I could use ?
I couldn't find something in the doc in the Threema website, so I'm asking here.
Thanks !
Yes, it is possible as all things are implemented in this library. However it is not so easy and you have to call all the things by yourself.
As a full working example implementation I can point you to my callback handler (called from this callback PHP) in another project.
As you can see you should first verify the integrity and other stuff. It is important to read through the API doc and e.g. verify the HMAC of the message. You can then decrypt the message using the E2EHelper and the result is an object Threema\MsgApi\Helpers\ReceiveMessageResult. Always verify all things as - as usual - everything in the request needs to be treated as potentially unsafe data.
Depending on your use case you may also need to verify that the message has not already been received to prevent replay attacks.
Thanks a lot, I could make it work. Is their something in the library I could use to check the delivery receipts, if the user received or read the message ?
Yes, the result you'll get after decryption is one for a "delivery message".