Encrypted channels
ART's encrypted channels provide end-to-end encryption for confidential communications. Built on industry-standard cryptography, encrypted channels ensure that only intended recipients can read your messages, with automatic key management and seamless integration into the standard messaging connection.
Unlike regular channels where messages are transmitted in plaintext, secure channels encrypt every message on the sender's device and decrypt it only on the recipient's device. ART uses ECDH(Elliptic Curve Diffie-Hellman) and authenticated encryption to provide:
-
End-to-End Encryption: Messages are encrypted before leaving your device
-
Perfect Forward Secrecy: Each message uses a unique cryptographic nonce
-
Authentication: Built-in message integrity verification prevents tampering
-
Zero-Knowledge: ART servers cannot read your encrypted messages
Subscribing to secure channel
Subscribing to an encrypted channel requires key pair setup before subscription, but otherwise follows the same process as regular channels.
1. Generate Key Pair
The generateKeyPair() method creates a new Curve25519 key pair which is used for encryption and decryption.
- JavaScript
// Generate a new key pair
const keyPair = await adk.generateKeyPair();
// Set the key pair for encryption/decryption
await adk.setKeyPair(keyPair);
This automatically:
- Validates key format and length
- Saves your public key to ART servers
- Stores private key locally for encryption/decryption
2. Subscribe to Encrypted Channel
- JavaScript
// Subscribe to encrypted channel
const subscription = await adk.subscribe('YOUR_ENCRYPTED_CHANNEL');
Message Passing Through Encrypted Channel
Encrypted message passing involves automatic key exchange, encryption, transmission, and decryption.
1. Pushing messages
When a message is pushed into encrypted channel, it is encrypted automatically.
- JavaScript
const payload = { content: "Hello from ART ADK!" };
// Send encrypted message
await subscription.push('message', payload, {
to: ['recipient-username'] // Exactly one recipient required
});
What happens behind the scenes:
- Recipient Key Lookup: ART automatically requests recipient's public key from server
- Key Exchange: Secure exchange of public keys via encrypted channel
- Message Encryption: Your message is encrypted using recipient's public key + your private key
- JavaScript
//Encrypt the message
const encrypted = await adk.encrypt(secretMessage, recipientPublicKey, yourPrivateKey);
- Secure Transmission: Encrypted message is sent through regular channel infrastructure
- Delivery Confirmation: Acknowledgment confirms encrypted message delivery
2. Receiving Encrypted Messages
When recipient recieves the message, it will be automatically decrypted and is available for the event listener almost instantaneously.
- JavaScript
// Listen for encrypted messages
subscription.bind('message', (decryptedMessage) => {
// Message is already decrypted when it reaches your callback
console.log('Content:', decryptedMessage.content);
// Handle the decrypted data
processConfidentialData(decryptedMessage);
});
What happens behind the scenes:
- Encrypted Message Received: ART receives encrypted message from sender
- Sender Key Lookup: System automatically requests sender's public key
- Message Decryption: Message is decrypted using sender's public key + your private key
- JavaScript
//Decrypt the message
const decrypted = await adk.decrypt(encryptedDataReceived, senderPublicKey, yourPrivateKey);
- Authentication Verification: Poly1305 MAC verifies message integrity
- Content Delivery: Decrypted message is delivered to your event handler
The entire encryption/decryption process is transparent to your application - you work with plain objects while ART handles all cryptographic operations automatically.