Skip to content
/ e2ee-api-model Public

End-to-end encryption (E2EE) API model where users have ownership of their data, and only authorized parties can access it.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

galin-chung-nguyen/e2ee-api-model

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
assets
assets
 
 
src
src
 
 
.barrelsby.json
.barrelsby.json
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bun.lockb
bun.lockb
 
 
index.ts
index.ts
 
 
jest.config.ts
jest.config.ts
 
 
jest.setup.ts
jest.setup.ts
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

End-to-End Encryption (E2EE) API Model

GitHub Contributors Issues GitHub pull requests

This repository presents an end-to-end encryption (E2EE) API model where users have ownership of their data, and only authorized parties can access it. In this model, each user possesses their own key pair in a public-key system, which is utilized for encrypting, decrypting data, generating and verifying signatures, as well as data transmission/communication. The key can be managed either by the user themselves or by a no-trust/semi-trust distributed/multi-party key service provider. The project is written in Express framework for simple and fast demonstration.

Disclaimer:

Please note that this repository is intended for demonstration purposes only and is not yet suitable for production use. Use of this code in live environments may result in unintended consequences or vulnerabilities.

Explain the model:

  • Data is field-encrypted by the user before being sent to the backend and decrypted when fetched back on the frontend.
  • There are 4 different levels of privacy for each data:

  • Developer can customize encryption strategies using flexible transformation pipeline in the FE side
  • This is a sample schema where we can set different privacy levels for different fields

How to Run:

  • If you haven't installed the bun package manager, run npx install-bun.
  • Run bun install to install Node packages.
  • Create an .env file (clone from .env.example) and fill your JWT & MONGO secrets
  • Run bun run teste2ee for a full CRUD demo of user profile APIs with E2EE

Roadmap:

  1. Full Demo for E2EE APIs & Privacy-Access-Control Models
  2. Analyze & Enhance Cryptography Protocols/Methods Used in the Model
  3. Multi-Party Key Infrastructure Integration Framework
  4. Guidelines on Combining Various Latest Industry-Applicable Strategies for Protecting Privacy
  5. Lightweight Proof of Integrity for Encrypted Message
  6. Privacy AI
  7. Full Privacy Framework

Collaboration:

If you're a cryptographer, researcher, engineer, or anyone interested, feel free to reach out to me for collaboration at [email protected] or create a PR into this repository. All contributions are welcome!

Let's work towards "Privacy by Default", as it's a basic right for all of us.

About

End-to-end encryption (E2EE) API model where users have ownership of their data, and only authorized parties can access it.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages