End-to-End Encryption Infrastructure
Component Detail
Infrastructure
high complexity
Shared Component
mobile
0
Dependencies
3
Dependents
1
Entities
0
Integrations
Description
Implements the asymmetric key exchange and symmetric encryption layer used for assignment payloads. Generates and stores per-user X25519 key pairs in secure device storage (Flutter Secure Storage), performs ECDH key agreement, and derives symmetric AES-GCM keys for payload encryption and decryption on-device.
e2e-encryption-infrastructure
Responsibilities
- Generate X25519 key pairs per user on first setup
- Store private keys in secure device storage
- Register and retrieve public keys via backend key registry
- Perform ECDH key agreement and AES-GCM encryption/decryption
- Ensure private keys never leave the device
Interfaces
generateKeyPair(userId)
getPublicKey(userId)
storePrivateKey(userId, privateKey)
retrievePrivateKey(userId)
encryptPayload(plaintext, recipientPublicKey)
decryptPayload(ciphertext, senderPublicKey)
registerPublicKeyWithBackend(userId, publicKey)
fetchPublicKeyFromBackend(userId)
rotateKeyPair(userId)
Relationships
Dependents (3)
Components that depend on this component