Posts: 76
Threads: 5
Joined: Jan 2024
So i had this idea, what if there was a plug-in that goes on top of any messaging app and encrypts your messages and wrights the encrypted message on the app, it decrypts the received messages automatically, it just needs a password or a key in the beginning.
For example, if you write "hi" the plug in writes an encrypted version, for example "hql!s321klsq", if anyone sees your conversations without the plug-in, he just sees some gibberish alien language.
Does anything like this exist ? Or is this even a good idea ?
Posts: 12
Threads: 0
Joined: Dec 2024
If you mean that the encryption/decryption should happen on the client side, you're reinventing the wheel. You can already do this.
Posts: 40
Threads: 3
Joined: Jul 2023
This is pretty much what PGP practically is used for. Many apps already incorporate it in their software. But yeah, you could do something like a telegram PGP client version to communicate encrypted with anyone who also has the same app.
To whom it may concern,
Please be advised that my presence and activities here are solely for entertainment purposes. I do not engage in, nor do I endorse, any form of illegal conduct.
Thank you for your attention.
Sincerely,
Coconuthead.
Posts: 76
Threads: 5
Joined: Jan 2024
(01-28-2025, 11:19 AM)coconuthead Wrote: This is pretty much what PGP practically is used for. Many apps already incorporate it in their software. But yeah, you could do something like a telegram PGP client version to communicate encrypted with anyone who also has the same app.
that's exactly what i mean but with all sorts of apps, i think that the loopwhole in the existant apps is that your keys are stored elsewhere in the hands of someone who could access them, for me i would like that only i have my keys (private key in the case of pgp), i think that maybe if there was an app based on web3 or blockchain, it would be the best choice
Posts: 28
Threads: 0
Joined: Jan 2025
(01-27-2025, 09:27 AM)amn319 Wrote: So i had this idea, what if there was a plug-in that goes on top of any messaging app and encrypts your messages and wrights the encrypted message on the app, it decrypts the received messages automatically, it just needs a password or a key in the beginning.
For example, if you write "hi" the plug in writes an encrypted version, for example "hql!s321klsq", if anyone sees your conversations without the plug-in, he just sees some gibberish alien language.
Does anything like this exist ? Or is this even a good idea ?
The struggle would be to make this "plug-in" go on top of EVERY messaging app, as some aren't even open sourced
And no, this is not a good idea, it's the same thing to simply use a messaging app that has end-to-end encryption
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.
Posts: 40
Threads: 3
Joined: Jul 2023
(01-28-2025, 02:13 PM)amn319 Wrote: (01-28-2025, 11:19 AM)coconuthead Wrote: This is pretty much what PGP practically is used for. Many apps already incorporate it in their software. But yeah, you could do something like a telegram PGP client version to communicate encrypted with anyone who also has the same app.
that's exactly what i mean but with all sorts of apps, i think that the loopwhole in the existant apps is that your keys are stored elsewhere in the hands of someone who could access them, for me i would like that only i have my keys (private key in the case of pgp), i think that maybe if there was an app based on web3 or blockchain, it would be the best choice
Something like this could be built on top of Telegram. You would need to build an unofficial client to support adding keys and they would be only stored on your client end. Public keys be automatically handed out. It is very possible and doable and wouldn't take a long time to develop since telegram desktop client is open source. I have thought about building this earlier since people are reluctant to move away from Telegram. But I unfortunately can't afford to do this right now since it wouldn't pay me. I don't think other apps would appreciate it, like Whatsapp or Signal and they will never accept add-ons being built for the app.
To whom it may concern,
Please be advised that my presence and activities here are solely for entertainment purposes. I do not engage in, nor do I endorse, any form of illegal conduct.
Thank you for your attention.
Sincerely,
Coconuthead.
Posts: 76
Threads: 5
Joined: Jan 2024
(01-28-2025, 11:20 PM)coconuthead Wrote: (01-28-2025, 02:13 PM)amn319 Wrote: (01-28-2025, 11:19 AM)coconuthead Wrote: This is pretty much what PGP practically is used for. Many apps already incorporate it in their software. But yeah, you could do something like a telegram PGP client version to communicate encrypted with anyone who also has the same app.
that's exactly what i mean but with all sorts of apps, i think that the loopwhole in the existant apps is that your keys are stored elsewhere in the hands of someone who could access them, for me i would like that only i have my keys (private key in the case of pgp), i think that maybe if there was an app based on web3 or blockchain, it would be the best choice
Something like this could be built on top of Telegram. You would need to build an unofficial client to support adding keys and they would be only stored on your client end. Public keys be automatically handed out. It is very possible and doable and wouldn't take a long time to develop since telegram desktop client is open source. I have thought about building this earlier since people are reluctant to move away from Telegram. But I unfortunately can't afford to do this right now since it wouldn't pay me. I don't think other apps would appreciate it, like Whatsapp or Signal and they will never accept add-ons being built for the app.
Well, thanks for sharing your knowledge, you bring some very interesting points which i didn't really think of, i'm not a great programmer but maybe i could just work on it in the future, even if it's just for me.
Posts: 40
Threads: 3
Joined: Jul 2023
(01-29-2025, 08:49 AM)amn319 Wrote: (01-28-2025, 11:20 PM)coconuthead Wrote: (01-28-2025, 02:13 PM)amn319 Wrote: (01-28-2025, 11:19 AM)coconuthead Wrote: This is pretty much what PGP practically is used for. Many apps already incorporate it in their software. But yeah, you could do something like a telegram PGP client version to communicate encrypted with anyone who also has the same app.
that's exactly what i mean but with all sorts of apps, i think that the loopwhole in the existant apps is that your keys are stored elsewhere in the hands of someone who could access them, for me i would like that only i have my keys (private key in the case of pgp), i think that maybe if there was an app based on web3 or blockchain, it would be the best choice
Something like this could be built on top of Telegram. You would need to build an unofficial client to support adding keys and they would be only stored on your client end. Public keys be automatically handed out. It is very possible and doable and wouldn't take a long time to develop since telegram desktop client is open source. I have thought about building this earlier since people are reluctant to move away from Telegram. But I unfortunately can't afford to do this right now since it wouldn't pay me. I don't think other apps would appreciate it, like Whatsapp or Signal and they will never accept add-ons being built for the app.
Well, thanks for sharing your knowledge, you bring some very interesting points which i didn't really think of, i'm not a great programmer but maybe i could just work on it in the future, even if it's just for me.
I found someone on github who started this project in Python 4 years ago, but never completed it. He highlighted the necessary features of such a client. This would also apply to any other app you would build this type of client for apart from Telegram.
- Uses Elliptic Curve Diffie-Hellman to get a shared key
- Messages are encrypted using AES
- Initially, ECDH public key is uploaded to a server.
- A client willing to chat will fetch this public key and derives a shared secret
- This shared secret will be used to encrypt the conversations
Your only concern will be how to keep your private key secure since it is stored on your hard drive. It would require meticulous OPSEC. For a 100% security you would need a system that you will use this telegram client and download no other software on it, and even then your security would be 99.99% and not 100% (because of vulnerabilities like EternalBlue we have seen in the past, something like this happening again is so small but never impossible). As we have seen many times in the past, normal trusted software can be tainted with malware, either by the company that created it, or by threat actors.
To whom it may concern,
Please be advised that my presence and activities here are solely for entertainment purposes. I do not engage in, nor do I endorse, any form of illegal conduct.
Thank you for your attention.
Sincerely,
Coconuthead.
Posts: 76
Threads: 5
Joined: Jan 2024
(01-29-2025, 01:07 PM)coconuthead Wrote: (01-29-2025, 08:49 AM)amn319 Wrote: (01-28-2025, 11:20 PM)coconuthead Wrote: (01-28-2025, 02:13 PM)amn319 Wrote: (01-28-2025, 11:19 AM)coconuthead Wrote: This is pretty much what PGP practically is used for. Many apps already incorporate it in their software. But yeah, you could do something like a telegram PGP client version to communicate encrypted with anyone who also has the same app.
that's exactly what i mean but with all sorts of apps, i think that the loopwhole in the existant apps is that your keys are stored elsewhere in the hands of someone who could access them, for me i would like that only i have my keys (private key in the case of pgp), i think that maybe if there was an app based on web3 or blockchain, it would be the best choice
Something like this could be built on top of Telegram. You would need to build an unofficial client to support adding keys and they would be only stored on your client end. Public keys be automatically handed out. It is very possible and doable and wouldn't take a long time to develop since telegram desktop client is open source. I have thought about building this earlier since people are reluctant to move away from Telegram. But I unfortunately can't afford to do this right now since it wouldn't pay me. I don't think other apps would appreciate it, like Whatsapp or Signal and they will never accept add-ons being built for the app.
Well, thanks for sharing your knowledge, you bring some very interesting points which i didn't really think of, i'm not a great programmer but maybe i could just work on it in the future, even if it's just for me.
I found someone on github who started this project in Python 4 years ago, but never completed it. He highlighted the necessary features of such a client. This would also apply to any other app you would build this type of client for apart from Telegram.
- Uses Elliptic Curve Diffie-Hellman to get a shared key
- Messages are encrypted using AES
- Initially, ECDH public key is uploaded to a server.
- A client willing to chat will fetch this public key and derives a shared secret
- This shared secret will be used to encrypt the conversations
Your only concern will be how to keep your private key secure since it is stored on your hard drive. It would require meticulous OPSEC. For a 100% security you would need a system that you will use this telegram client and download no other software on it, and even then your security would be 99.99% and not 100% (because of vulnerabilities like EternalBlue we have seen in the past, something like this happening again is so small but never impossible). As we have seen many times in the past, normal trusted software can be tainted with malware, either by the company that created it, or by threat actors.
Thanks again, the image is much clearer, i guess an initial solution is to create a simple python app, do all the cryptography coding on that app and then maybe send and receive the encrypted content using an API if available, similar to this https://core.telegram.org/tdlib.
I think that for OPSEC, maybe using an isolated environment or adding a password protected layer to the app, could enhance security.
Posts: 40
Threads: 3
Joined: Jul 2023
(01-29-2025, 01:45 PM)amn319 Wrote: (01-29-2025, 01:07 PM)coconuthead Wrote: (01-29-2025, 08:49 AM)amn319 Wrote: (01-28-2025, 11:20 PM)coconuthead Wrote: (01-28-2025, 02:13 PM)amn319 Wrote: that's exactly what i mean but with all sorts of apps, i think that the loopwhole in the existant apps is that your keys are stored elsewhere in the hands of someone who could access them, for me i would like that only i have my keys (private key in the case of pgp), i think that maybe if there was an app based on web3 or blockchain, it would be the best choice
Something like this could be built on top of Telegram. You would need to build an unofficial client to support adding keys and they would be only stored on your client end. Public keys be automatically handed out. It is very possible and doable and wouldn't take a long time to develop since telegram desktop client is open source. I have thought about building this earlier since people are reluctant to move away from Telegram. But I unfortunately can't afford to do this right now since it wouldn't pay me. I don't think other apps would appreciate it, like Whatsapp or Signal and they will never accept add-ons being built for the app.
Well, thanks for sharing your knowledge, you bring some very interesting points which i didn't really think of, i'm not a great programmer but maybe i could just work on it in the future, even if it's just for me.
I found someone on github who started this project in Python 4 years ago, but never completed it. He highlighted the necessary features of such a client. This would also apply to any other app you would build this type of client for apart from Telegram.
- Uses Elliptic Curve Diffie-Hellman to get a shared key
- Messages are encrypted using AES
- Initially, ECDH public key is uploaded to a server.
- A client willing to chat will fetch this public key and derives a shared secret
- This shared secret will be used to encrypt the conversations
Your only concern will be how to keep your private key secure since it is stored on your hard drive. It would require meticulous OPSEC. For a 100% security you would need a system that you will use this telegram client and download no other software on it, and even then your security would be 99.99% and not 100% (because of vulnerabilities like EternalBlue we have seen in the past, something like this happening again is so small but never impossible). As we have seen many times in the past, normal trusted software can be tainted with malware, either by the company that created it, or by threat actors.
Thanks again, the image is much clearer, i guess an initial solution is to create a simple python app, do all the cryptography coding on that app and then maybe send and receive the encrypted content using an API if available, similar to this https://core.telegram.org/tdlib.
I think that for OPSEC, maybe using an isolated environment or adding a password protected layer to the app, could enhance security.
Exactly, the picture is now very clear, and you're right about the isolated environment. The only thing keeping this from being developed are man-hours. Best of luck if you're attempting this!
To whom it may concern,
Please be advised that my presence and activities here are solely for entertainment purposes. I do not engage in, nor do I endorse, any form of illegal conduct.
Thank you for your attention.
Sincerely,
Coconuthead.
|
