OpenSkillIndex← back to search
claude-code

Awesome-omni-skill implementing-end-to-end-encryption-for-messaging

End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version

install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/testing-security/implementing-end-to-end-encryption-for-messaging" ~/.claude/skills/diegosouzapw-awesome-omni-skill-implementing-end-to-end-encryption-for-messaging && rm -rf "$T"
manifest: skills/testing-security/implementing-end-to-end-encryption-for-messaging/SKILL.md
tags
#cryptography#encryption#e2e#messaging#signal-protocol
source content

Implementing End-to-End Encryption for Messaging

Overview

End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version of the Signal Protocol's Double Ratchet algorithm, using X25519 for key exchange, HKDF for key derivation, and AES-256-GCM for message encryption.

Objectives

  • Implement X25519 Diffie-Hellman key exchange for session establishment
  • Build the Double Ratchet key management algorithm
  • Encrypt and decrypt messages with per-message keys
  • Implement forward secrecy (compromise of current key does not reveal past messages)
  • Handle out-of-order message delivery
  • Implement key agreement using X3DH (Extended Triple Diffie-Hellman)

Key Concepts

Signal Protocol Components

ComponentPurposeAlgorithm
X3DHInitial key agreementX25519
Double RatchetOngoing key managementX25519 + HKDF + AES-GCM
Sending ChainPer-message encryption keysHMAC-SHA256 chain
Receiving ChainPer-message decryption keysHMAC-SHA256 chain
Root ChainDerives new chain keys on DH ratchetHKDF

Forward Secrecy

Each message uses a unique encryption key derived from a ratcheting chain. After a key is used, it is deleted, ensuring that compromise of the current state does not reveal previously sent/received messages.

Security Considerations

  • Delete message keys immediately after decryption
  • Implement message ordering and replay protection
  • Use authenticated encryption (AES-GCM) for all messages
  • Protect identity keys with device-level security
  • Verify identity keys out-of-band (safety numbers)

Validation Criteria

  • X25519 key exchange produces shared secret
  • Messages encrypt and decrypt correctly between two parties
  • Different messages produce different ciphertexts
  • Forward secrecy: old keys cannot decrypt new messages
  • Out-of-order messages can be decrypted
  • Tampered messages are rejected by authentication