2

I'm working on an iOS chat project using Firebase RealTime Database.

I want to use asymmetric cryptography for the management of messages between two users ..

Browsing the net I found an excellent library Themis and for security reasons, in the documentation, advised not to save the public keys in the database but instead recommended to save public keys using a mediation service such as keybase.io.

This is very difficult for me to understand ... has anyone had experience with keybase.io or with other services?

can you suggest me some understandable ways to save the public keys with PKI avoiding the database?

Matthew
  • 27,233
  • 7
  • 87
  • 101
CTL
  • 21
  • 1

1 Answers1

2

The recommendation is based on the fact that it's harder to stealthy compromise a public mediation service than a single service. If they compromise keybase, with a lot of users, someone will very soon detect something wrong and warn the administrators.

On the other hand, if someone hacks your service and changes public keys, it can take a while until someone sees it. It's easier to compromise data when there are few clients, and your service will surely have way less clients than keybase.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • So what can you suggest to process a chat in total tranquility? if there are examples you can make me understand what are the right steps to do? or which services are used? if I can use Firebase Real Time Database to structure your database in security? honestly I never used mediators (if they really are useful ..) keybase currently seems a simple chat and it is not easy to understand ... any suggestion with or without mediators is really accepted .. for me it is important to create a service in total security – CTL Nov 12 '18 at 23:21