For Phase One of the Clubcoms platform, true end-to-end encryption for messages will be implemented, providing data signatures for one or multiple users in a group.
This method is called “Group Encryption” and follows four key steps when sending a message:
Obtain the recipient's public key to encrypt data
Sender signs data with their own key, encrypts and sends it to the server
Obtain the sender's public key to verify the signature against the data
The recipient decrypts the data with their own key and verifies the signature
Cloud Key Store Encryption
To allow users to access the platform via multiple devices in a future phase, including a web version of the platform, a migration to a cloud key store - known as a “Keyknox Service” is required. This is not considered for the initial phase as it is much more complex and would push out timelines considerably.
To achieve multi-device support, the first step is to use the existing private key, or for new users generate the private key on their original/main device and regenerate it in any new device they authenticate with. This can be achieved through the following steps:
Securely back up the user's private key
Check whether the private key already exists on the current device
Restore the user's private key from the backup
In summary, existing users of the platform and their data will not be affected when the migration takes place as they will already possess a private key, which will be backed up to the key store. A full risk assessment is recommended before implementation, along with the amendment or addition of flows and features within the app.