Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for end-to-end encryption using Insertable Streams and Web Crypto API #142

Merged
merged 9 commits into from
Aug 15, 2020
Merged

Add support for end-to-end encryption using Insertable Streams and Web Crypto API #142

merged 9 commits into from
Aug 15, 2020

Conversation

jeremija
Copy link
Member

@jeremija jeremija commented Aug 2, 2020
edited
Loading

  • Add support for encryption and decryption
  • Add support for using custom passphrase
  • Add password input dialog
  • Add a warning when using unsupported browsers (currently only Chrome supports insertable streams 😞 )
  • Use WebCrypto to derive PBKDF2 and AES-GCM encryption keys
  • Fix an issue when a remote stream cannot be decrypted on remote user reconnect.

Closes #141

How does it work?

Currently only Chrome is supported, and the flag Experimental Web Platform Features needs to be enabledenabled in chrome://flags.

The passphrase is used to derive a PBKDF2 key, which is then used to create a 256-bit AES-GCM key. The salt is constructed from the full call URL and the userID (UUID) received from the server. This is to avoid sending the key information via SFU to other participants.

Each participant generates their own key for encrypting their own streams, as well as keys for decrypting remote streams from all other participants.

To enable encryption, users can use the new toolbar button with a lock icon:

image

This can be set up before joining the call.

A warning will be shown for unsupported browsers:

image

An example with two peers using different passwords:

image

@jeremija jeremija force-pushed the insertable-streams-issue-141 branch 2 times, most recently from 7a8f82a to 9723fa9 Compare August 2, 2020 19:39
@jeremija jeremija force-pushed the insertable-streams-issue-141 branch from 9723fa9 to f353977 Compare August 2, 2020 19:43
@jeremija jeremija force-pushed the insertable-streams-issue-141 branch from f36dee8 to f090919 Compare August 8, 2020 13:13
@jeremija
Fix a bug when a track decrypt failed after reconnect
395610f
@jeremija
Remove hash from toolbar links
71a1395 
The URL changes on click but we should not be doing that since URL is
now being used as part of the salt.
@jeremija jeremija force-pushed the insertable-streams-issue-141 branch from 29be8a1 to 71a1395 Compare August 8, 2020 18:08
@jeremija jeremija changed the title WIP: Add basic support for end-to-end encryption using Insertable Streams Add support for end-to-end encryption using Insertable Streams and Web Crypto API Aug 15, 2020
@jeremija jeremija mentioned this pull request Aug 15, 2020
Open
@jeremija jeremija merged commit d254fd9 into master Aug 15, 2020
@vpanichkin vpanichkin mentioned this pull request Sep 14, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add encryption support using a shared password (Insertable Streams)
1 participant
@jeremija