New Feature has been launched:
Encrypt (for Private Messages)
Encrypt is a plugin that enables private, encrypted messaging between end-users. All sensitive information is stored securely on the server and is encrypted and decrypted only on the client-side.
How to use this feature? | The Complete Guide!
Three easy steps to use this plugin:
1. Enable encryption (generate new private key) and activate it (on current device)
2. Send an encrypted message (to a user who also enabled encryption)
3. Read decrypted messages
Note: user was prompted for password again because encryption was deactivated (by logging out or explicitly deactivating it from preferences screen).
The goal of this plugin is to offer integrity and confidentiality of the encrypted contents, and to protect it against information leaks and unauthorized users. The following sections describe the usual operation mode, used algorithms and threat models.
To use this system, users enroll once by generating a “user identity” consisting of two 4096-bits RSA keys, one for encryption and another for signing. Users can export their “identity” for safe keeping or store it on the server, encrypted after generating a paper key. These two methods serve as backups or are used to enroll new devices.
Paper keys (inspired by RFC 1751 and BIP-39) are human-readable keys that are used to securely store the “user identity” on the server. A paper key consists of 12 random words, picked from a list of 2048 words, offering 121-bits of entropy (the first word is used as a label). To encrypt the “user identity” with a paper key, the system will first derive the encryption key using PBKDF2 to stretch the paper key into a 256-bit AES-GCM key.
Furthermore reading, Visit Discourse
Enjoy the helpful feature, and stay secure. Cheers!