1Informal spec for an encrypted chat message prototype
 2
 3This is an extension to the ChatMessage activity.
 4It could apply to other types, but has limited utility for public activities.
 5
 6The encryption used is the "nacl box" combination of Curve25519, Salsa20, and Poly1305.
 7It's widely available in user proof crypto libraries.
 8
 9A 32 byte user public key is added to the actor object in base64 format in the "chatKeyV0" property.
10
11If a ChatMessage object has an "chatKeyV0" property it should be decrypted.
12The "content" property is now a base64 encoded message consisting of nonce[24] || cipher[...].
13
14To send an encrypted ChatMessage:
151. Add "chatKeyV0" with public key (base64) to one's own actor object.
162. Look up chatKeyV0 for remote actor.
173. Generate a random nonce and call crypto_box.
184. Base64 encode nonce and cipher text, storing as "content".
195. Add "chatKeyV0" property with key.
20
21Receiving and decrypting:
221. Check for "chatKeyV0" property.
232. Look up chatKeyV0 for remote actor.
243. Base64 decode "content" property.
254. Split into nonce and cipher text, call crypto_box_open.
265. Replace message content.
27
28The public key is duplicated in the actor and the message.
29
30Notes
31
32This doesn't support shared group keys. Messages need to be encrypted per recipient.
33
34This doesn't use any advanced ratcheting techniques.
35Not sure how well they fit in with ActivityPub.
36Limited library availability.
37
38Random nonces are fine and should be used.
39ActivityPub IDs should be unique, but it's better to avoid the possiblity of duplicates.
40
41Keys should be verified at some point.
42
43It's only secure if the secret keys are kept somewhere secret.
44
45It's V0.