Encrypted Channels
ART's encrypted channels provide end-to-end encryption for confidential communications. Built on industry-standard cryptography, encrypted channels ensure that only intended recipients can read your messages, with automatic key management and seamless integration into the standard messaging connection.
Unlike regular channels where messages are transmitted in plaintext, secure channels encrypt every message on the sender's device and decrypt it only on the recipient's device. ART uses ECDH(Elliptic Curve Diffie-Hellman) and authenticated encryption to provide:
- End-to-End Encryption: Messages are encrypted before leaving your device
- Perfect Forward Secrecy: Each message uses a unique cryptographic nonce
- Authentication: Built-in message integrity verification prevents tampering
- Zero-Knowledge: ART servers cannot read your encrypted messages
Subscribing to secure channel
Subscribing to an encrypted channel requires key pair setup before subscription, but otherwise follows the same process as regular channels.
1. Generate Key Pair
The generate_key_pair() method creates a new Curve25519 key pair which is used for encryption and decryption.
# Synchronous
key_pair = adk.generate_key_pair()
adk.set_key_pair(key_pair)
# Asynchronous
key_pair = await adk.generate_key_pair()
await adk.set_key_pair(key_pair)
This automatically:
- Validates key format and length
- Saves your public key to ART servers
- Stores private key locally for encryption/decryption
2. Subscribe to Encrypted Channel
# Synchronous
subscription = adk.subscribe('YOUR_ENCRYPTED_CHANNEL')
# Asynchronous
subscription = await adk.subscribe('YOUR_ENCRYPTED_CHANNEL')
Message Passing Through Encrypted Channel
Encrypted message passing involves automatic key exchange, encryption, transmission, and decryption.
1. Pushing messages
When a message is pushed into encrypted channel, it is encrypted automatically.
payload = {"content": "Hello from ART ADK!"}
# Synchronous
subscription.push('message', payload, {
"to": ['recipient-username'] # Exactly one recipient required
})
# Asynchronous
await subscription.push('message', payload, {
"to": ['recipient-username'] # Exactly one recipient required
})
What happens behind the scenes:
- Recipient Key Lookup: ART automatically requests recipient's public key from server
- Key Exchange: Secure exchange of public keys via encrypted channel
- Message Encryption: Your message is encrypted using recipient's public key + your private key
# Synchronous
encrypted = adk.encrypt(secret_message, recipient_public_key, your_private_key)
# Asynchronous
encrypted = await adk.encrypt(secret_message, recipient_public_key, your_private_key)
- Secure Transmission: Encrypted message is sent through regular channel infrastructure
- Delivery Confirmation: Acknowledgment confirms encrypted message delivery
2. Receiving Encrypted Messages
When recipient receives the message, it will be automatically decrypted and is available for the event listener almost instantaneously.
# Listen for encrypted messages
def message_handler(decrypted_message):
# Message is already decrypted when it reaches your callback
print('Content:', decrypted_message['content'])
# Handle the decrypted data
process_confidential_data(decrypted_message)
subscription.bind('message', message_handler)
What happens behind the scenes:
- Encrypted Message Received: ART receives encrypted message from sender
- Sender Key Lookup: System automatically requests sender's public key
- Message Decryption: Message is decrypted using sender's public key + your private key
# Synchronous
decrypted = adk.decrypt(encrypted_data_received, sender_public_key, your_private_key)
# Asynchronous
decrypted = await adk.decrypt(encrypted_data_received, sender_public_key, your_private_key)
- Authentication Verification: Poly1305 MAC verifies message integrity
- Content Delivery: Decrypted message is delivered to your event handler
The entire encryption/decryption process is transparent to your application - you work with plain objects while ART handles all cryptographic operations automatically.