SecureChat is an Android chat app that sends messages that are encrypted with PGP encryption.
The app uses Firebase's realtime database as a server, and SQLite as a local database.
User A sends a message to user B
- a copy of the plaintext message (before encryption) is saved into user A's local database
- the message gets encrypted with user B's public key
- the encrypted message is sent to the server (firebase realtime database)
- user B gets the encrypted message and decrypts it with his private key
- user B saves the decrypted message into his local database
That way no one is able to read the message except for user B even the sender cannot decrypt his own messages (that's why a copy of the plaintext message is saved before the encryption).
For the first time a user is logged in using a device the app generates his public & private keys and saves them into the user's local DB and upload the public key to the server (Firebase) so other users can send encrypted messages to him using his public key.
When a user is logged-in in the future, the app checks his local DB for his public & private keys
- If found then the app compares the public key from the local DB with the one in the server (Firebase)
- if both are the same then everything is good
- if not then the app uploads/update the one on the server with the one found locally
- If not found then the app generates new ones and upload the public key to the server (Firebase)
