CryptShare E2E - Secure End-to-End Encrypted Messaging & File Sharing System

A production-grade, security-focused messaging and file sharing platform with complete end-to-end encryption, zero-knowledge architecture, and comprehensive attack defense mechanisms.

---

Table of Contents

• Overview
• Key Features
• Technical Architecture
• Technology Stack
• Libraries & Dependencies
• Functional Details
• Security Features
• Project Accomplishments
• Installation & Setup
• Project Structure
• API Documentation
• Security Documentation

---

Overview

CryptShare E2E is a modern secure communication platform designed with security-first principles. The system implements:

• End-to-End Encryption: All messages and files encrypted on the client-side using AES-256-GCM
• Authenticated Key Exchange: CryptShare-KEX protocol using ECDH + ECDSA for secure key establishment
• Zero-Knowledge Architecture: Server never has access to plaintext data, private keys, or session keys
• Triple-Layer Replay Protection: Nonce + Timestamp + Sequence number defense mechanism
• Attack Mitigation: Comprehensive defenses against MITM attacks, replay attacks, and other threats

---

Key Features

🔐 Encryption & Cryptography

• AES-256-GCM: Authenticated encryption for messages and files (confidentiality + integrity)
• ECDH P-256: Elliptic Curve Diffie-Hellman for secure key agreement
• ECDSA P-256: Digital signatures for key exchange authentication
• HKDF-SHA256: Key derivation from shared secrets
• Dual-Key System:
  • Conversation Keys (persistent across sessions)
  • Session Keys (ephemeral, forward secrecy)

💬 Messaging

• Real-time encrypted messaging via WebSocket (Socket.IO)
• Message history with decryption capability
• Typing indicators and user presence
• Read receipts and delivery confirmation
• Persistent message storage (encrypted)

📁 File Sharing

• End-to-end encrypted file sharing
• Chunked encryption for large files (64KB chunks)
• Client-side encryption before upload
• Secure file downloads with decryption
• File metadata encryption

👤 User Management

• Secure registration and login
• Password hashing with bcrypt
• JWT-based authentication
• User profile management
• User discovery and contacts

🛡️ Security Protections

• Triple-layer replay attack protection
• Man-in-the-Middle (MITM) attack prevention via ECDSA
• HTTPS/WSS (TLS 1.3) for transport security
• CORS protection
• Input validation and sanitization
• Security event logging

🔍 Auditing & Logging

• Comprehensive security event logging
• Key exchange event tracking
• Message and file activity logs
• Attack detection and alerting
• Audit trail for compliance

---

Technical Architecture

System Overview

┌─────────────────────────────────────────────────────────────────────────┐
│                              CLIENT SIDE                                 │
│  ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐     │
│  │   React App     │    │   Web Crypto    │    │   IndexedDB     │     │
│  │   (UI Layer)    │◄──►│   API           │◄──►│   (Key Store)   │     │
│  └─────────────────┘    └─────────────────┘    └─────────────────┘     │
│           │                                                              │
│           │ HTTPS/WSS (TLS 1.3)                                         │
└───────────┼─────────────────────────────────────────────────────────────┘
            │
┌───────────┼─────────────────────────────────────────────────────────────┐
│           │                     SERVER SIDE                              │
│           ▼                                                              │
│  ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐     │
│  │   Express.js    │◄──►│   Socket.io     │    │   MongoDB       │     │
│  │   (REST API)    │    │   (Real-time)   │◄──►│   (Ciphertext)  │     │
│  └─────────────────┘    └─────────────────┘    └─────────────────┘     │
│                                                                          │
│  Server NEVER has access to:                                            │
│  • Private keys        • Plaintext messages     • Decrypted files       │
└─────────────────────────────────────────────────────────────────────────┘

Key Storage & Identity

Each user has:

• ECDSA P-256 Identity Keypair (for signing/verifying key exchange)

  • Private key: Stored only in browser (IndexedDB) - never sent to server
  • Public key: Stored on server for peer discovery

• ECDH P-256 Long-Term Keypair (for conversation key derivation)

  • Private key: Stored only in browser (IndexedDB)
  • Public key: Stored on server for peer key fetching

• Ephemeral ECDH Keypairs (for each session)

  • Generated fresh for each key exchange
  • Provides forward secrecy
  • Discarded after session key derivation

---

Technology Stack

Frontend

• React.js 18.2.0 - UI framework and component library
• React Router 6.21.0 - Client-side routing and navigation
• Socket.IO Client 4.6.1 - Real-time bidirectional communication
• Axios 1.6.2 - HTTP client for API requests
• Web Crypto API - Native browser cryptography (AES-GCM, ECDH, ECDSA, HKDF)

Backend

• Node.js - Runtime environment
• Express.js 4.18.2 - Web framework and REST API
• Socket.IO 4.6.1 - Real-time communication server
• MongoDB 8.0.3 - NoSQL document database
• Mongoose 8.0.3 - MongoDB ODM and schema validation

Security & Utilities

• bcrypt 5.1.1 - Password hashing
• jsonwebtoken 9.0.2 - JWT token generation and verification
• dotenv 16.3.1 - Environment variable management
• Multer 1.4.5 - File upload middleware
• CORS 2.8.5 - Cross-Origin Resource Sharing

Development Tools

• react-scripts 5.0.1 - Build tools and development server
• nodemon 3.0.2 - Development server with auto-reload

---

Libraries & Dependencies

Client-Side Cryptography

The client uses the Web Crypto API (native browser cryptography) for all cryptographic operations:

• SubtleCrypto.generateKey() - Key generation (ECDH, ECDSA)
• SubtleCrypto.deriveKey() - Key derivation (ECDH shared secret)
• SubtleCrypto.encrypt/decrypt() - AES-256-GCM encryption
• SubtleCrypto.sign/verify() - ECDSA digital signatures
• SubtleCrypto.deriveBits() - HKDF-SHA256 key derivation
• crypto.getRandomValues() - Cryptographically secure random number generation

Core Dependencies

Frontend (client/package.json)

{
  "react": "^18.2.0",              // UI framework
  "react-router-dom": "^6.21.0",   // Routing
  "socket.io-client": "^4.6.1",    // WebSocket client
  "axios": "^1.6.2"                // HTTP requests
}

Backend (server/package.json)

{
  "express": "^4.18.2",            // Web framework
  "socket.io": "^4.6.1",           // WebSocket server
  "mongoose": "^8.0.3",            // MongoDB ODM
  "bcrypt": "^5.1.1",              // Password hashing
  "jsonwebtoken": "^9.0.2",        // JWT authentication
  "multer": "^1.4.5-lts.1",        // File uploads
  "cors": "^2.8.5",                // CORS middleware
  "dotenv": "^16.3.1"              // Env configuration
}

---

Functional Details

1. User Registration & Authentication

Registration Flow:

1. User provides email, username, and password
2. Password is hashed using bcrypt (salt rounds: 10)
3. ECDSA P-256 identity keypair generated on client
4. ECDH P-256 long-term keypair generated on client
5. User record created with password hash and public keys
6. Private keys stored in browser IndexedDB

Login Flow:

1. Username/password verified against bcrypt hash
2. JWT token generated and returned
3. Client retrieves stored keys from IndexedDB
4. Session established

2. Key Exchange Protocol (CryptShare-KEX)

3-Message Authenticated Key Exchange:

Message 1: KEX_INIT (Alice → Server → Bob)

• Alice generates ephemeral ECDH keypair
• Constructs KEX_INIT with ephemeral public key, nonce, timestamp
• Signs message with ECDSA private key
• Server relays to Bob

Message 2: KEX_RESPONSE (Bob → Server → Alice)

• Bob generates ephemeral ECDH keypair
• Constructs KEX_RESPONSE with ephemeral public key, nonce binding, timestamp
• Signs message with ECDSA private key
• Server relays to Alice

Message 3: Session Key Derivation

• Both parties verify ECDSA signatures using known identity public keys
• Both compute ephemeral ECDH shared secret: S = ECDH(my_eph_priv, peer_eph_pub)
• Both derive session key using HKDF-SHA256: K_sess = HKDF-SHA256(S, salt, info)
• Session key established with forward secrecy

3. Conversation Key Derivation

Persistent Key for Message History:

1. User fetches peer's long-term ECDH public key
2. Client computes ECDH shared secret: S = ECDH(my_ecdh_priv, peer_ecdh_pub)
3. HKDF-SHA256 derives deterministic conversation key: K_conv = HKDF-SHA256(S, salt, info)
4. Conversation key allows decryption of entire message history
5. Same key derived consistently across sessions

4. Message Encryption & Decryption

Encryption:

1. User types message
2. Client selects key (prefer session key for forward secrecy)
3. Generate random 96-bit IV (nonce)
4. Encrypt plaintext using AES-256-GCM
5. Attach replay protection metadata (nonce, timestamp, sequence)
6. Emit via WebSocket with sender, recipient, ciphertext, IV, auth tag

Decryption:

1. Receiver gets message from WebSocket
2. Verify replay protection (checks nonce, timestamp, sequence)
3. Retrieve appropriate key (session or conversation)
4. Decrypt using AES-256-GCM with stored IV
5. Verify authentication tag
6. Display plaintext message

5. File Encryption & Sharing

Encryption:

1. User selects file to share
2. File split into 64KB chunks
3. Each chunk encrypted with same conversation/session key but unique IV
4. Metadata (filename, size, type) encrypted separately
5. Encrypted file uploaded to server via multipart form
6. Server stores ciphertext blob without decryption

Decryption:

1. Receiver fetches encrypted file
2. Decrypt metadata to retrieve filename, size
3. Download encrypted chunks
4. Decrypt each chunk using stored key and corresponding IV
5. Reassemble chunks into original file
6. Save to user's device

6. Replay Attack Protection

Triple-Layer Defense:

1. Nonce Layer: Random value with every message prevents exact replay
2. Timestamp Layer: Message timestamp checked against server clock; rejects old messages (configurable window)
3. Sequence Number Layer: Monotonic sequence counter per conversation pair; rejects duplicate sequences

Implementation:

{
  messageId: uuid,
  sender: alice_123,
  recipient: bob_456,
  ciphertext: base64,
  iv: base64,
  authTag: base64,
  nonce: uuid,
  timestamp: 1704067200000,
  sequence: 42,
  replayProtection: { nonce, timestamp, sequence }
}

7. MITM Attack Prevention

Protection Mechanism:

• All key exchange messages signed with ECDSA
• Receiver verifies signature using known peer identity public key
• If signature invalid: KEX aborts, alert user
• Attacker cannot forge/modify keys without knowing peer's identity private key
• Ephemeral keys prevent long-term compromise

---

Security Features

🔐 Cryptographic Security

• AES-256-GCM: 256-bit symmetric encryption with authentication
• ECDH P-256: 128-bit equivalent security for key agreement
• ECDSA P-256: Signature verification and authentication
• HKDF-SHA256: Secure key derivation
• CSPRNG: Cryptographically secure random number generation

🛡️ Protocol Security

• Forward Secrecy: Ephemeral keys ensure past sessions aren't compromised
• Authentication: ECDSA signatures prevent key substitution
• Integrity: AES-GCM authentication tags ensure data hasn't been tampered
• Zero-Knowledge: Server doesn't possess plaintext, keys, or sensitive data

🚫 Attack Prevention

• Replay Attacks: Triple-layer protection (nonce + timestamp + sequence)
• Man-in-the-Middle: ECDSA authentication and signature verification
• Key Compromise: Ephemeral keys and forward secrecy limit damage
• Brute Force: JWT token expiration and rate limiting

🔍 Monitoring & Auditing

• Comprehensive security event logging
• Key exchange tracking
• Message/file activity logging
• Attack detection and alerts
• Audit trail for compliance

---

Project Accomplishments

✅ Completed Features

1. Core Cryptography Implementation

   • ✓ Web Crypto API integration for all crypto operations
   • ✓ AES-256-GCM encryption/decryption
   • ✓ ECDH key agreement (P-256)
   • ✓ ECDSA digital signatures (P-256)
   • ✓ HKDF-SHA256 key derivation

2. User Authentication & Registration

   • ✓ Secure password hashing with bcrypt
   • ✓ JWT-based authentication
   • ✓ User registration system
   • ✓ Login/logout functionality

3. Key Management

   • ✓ Client-side key generation (identity and ECDH)
   • ✓ IndexedDB key storage
   • ✓ Conversation key derivation
   • ✓ Session key derivation
   • ✓ Ephemeral key management

4. Key Exchange Protocol

   • ✓ CryptShare-KEX 3-message protocol
   • ✓ Authenticated key exchange via ECDSA
   • ✓ Nonce binding for anti-MITM
   • ✓ Session key derivation post-KEX

5. Real-Time Messaging

   • ✓ WebSocket communication via Socket.IO
   • ✓ Encrypted message transmission
   • ✓ Message history storage (ciphertext)
   • ✓ Typing indicators
   • ✓ User presence tracking

6. File Sharing

   • ✓ Chunked file encryption (64KB chunks)
   • ✓ Metadata encryption
   • ✓ Secure file upload/download
   • ✓ Client-side encryption before server upload
   • ✓ File decryption on download

7. Replay Attack Protection

   • ✓ Nonce-based replay prevention
   • ✓ Timestamp validation
   • ✓ Sequence number tracking
   • ✓ Triple-layer protection

8. UI/UX Components

   • ✓ Login page with validation
   • ✓ Registration form
   • ✓ Chat interface
   • ✓ File share interface
   • ✓ User list/contacts
   • ✓ Loading spinners and feedback
   • ✓ Password strength indicator

9. Security Monitoring

   • ✓ Security event logging
   • ✓ Key exchange logging
   • ✓ Message/file activity logging
   • ✓ Attack detection logging
   • ✓ Audit trail

10. Attack Demonstrations

    • ✓ MITM attack demo script
    • ✓ Replay attack demo script
    • ✓ Educational attack scenarios

11. Documentation

    • ✓ Threat model (STRIDE analysis)
    • ✓ System flow documentation
    • ✓ Alice-Bob scenario walkthrough
    • ✓ Architecture diagrams (drawio)
    • ✓ Security design documentation

---

Installation & Setup

Prerequisites

• Node.js 14+ and npm
• MongoDB instance (local or remote)
• Modern web browser with Web Crypto API support

Backend Setup

cd server
npm install

# Create .env file
echo "MONGODB_URI=mongodb://localhost:27017/cryptshare" > .env
echo "JWT_SECRET=your-super-secret-jwt-key" >> .env
echo "PORT=5000" >> .env

# Start server
npm start
# or with auto-reload
npm run dev

Frontend Setup

cd client
npm install

# Create .env file (optional)
echo "REACT_APP_API_URL=http://localhost:5000" > .env

# Start React app
npm start

The app will open at http://localhost:3000

---

Project Structure

CryptShare-E2E/
├── client/                          # React frontend
│   ├── public/
│   │   └── index.html              # Main HTML file
│   ├── src/
│   │   ├── App.js                  # Main app component
│   │   ├── index.js                # React entry point
│   │   ├── components/
│   │   │   ├── Chat.js             # Chat interface
│   │   │   ├── FileShare.js        # File sharing
│   │   │   ├── Login.js            # Login form
│   │   │   ├── Register.js         # Registration form
│   │   │   └── common/
│   │   │       ├── Button.js       # Reusable button
│   │   │       ├── FormInput.js    # Form input component
│   │   │       ├── Avatar.js       # User avatar
│   │   │       ├── LoadingSpinner.js
│   │   │       ├── PasswordStrength.js
│   │   │       └── index.js
│   │   ├── crypto/
│   │   │   ├── encryption.js       # AES-256-GCM encryption
│   │   │   ├── fileEncryption.js   # File chunked encryption
│   │   │   ├── keyExchange.js      # CryptShare-KEX protocol
│   │   │   ├── keys.js             # Key generation
│   │   │   ├── keyStore.js         # IndexedDB key storage
│   │   │   ├── sessionKeyStore.js  # Session key management
│   │   │   └── conversationKey.js  # Conversation key derivation
│   │   ├── hooks/
│   │   │   └── useKeyExchange.js   # Key exchange React hook
│   │   ├── services/
│   │   │   ├── api.js              # API client
│   │   │   ├── socket.js           # Socket.IO setup
│   │   │   └── fileService.js      # File operations
│   │   └── utils/
│   │       └── replayProtection.js # Replay attack defense
│   └── package.json
│
├── server/                          # Express backend
│   ├── app.js                       # Express app setup
│   ├── middleware/
│   │   ├── auth.js                 # JWT authentication
│   │   └── replayProtection.js     # Replay protection
│   ├── models/
│   │   ├── User.js                 # User schema
│   │   ├── Message.js              # Message schema
│   │   ├── File.js                 # File metadata schema
│   │   └── Log.js                  # Security log schema
│   ├── routes/
│   │   ├── auth.js                 # Auth endpoints
│   │   ├── messages.js             # Message endpoints
│   │   ├── files.js                # File endpoints
│   │   └── logs.js                 # Log endpoints
│   ├── services/
│   │   └── logger.js               # Security logging
│   ├── uploads/                    # Encrypted file storage
│   └── package.json
│
├── attacks/                         # Attack demonstration scripts
│   ├── mitm-demo.js                # MITM attack demo
│   └── replay-demo.js              # Replay attack demo
│
├── docs/                            # Documentation
│   ├── System-Flow.md              # Complete system flow
│   ├── Alice-Bob-Scenario.md       # Alice-Bob walkthrough
│   ├── Diagrams/
│   │   ├── Encryption-Decryption-Workflows.drawio
│   │   └── Key-Exchange-Protocol.drawio
│   └── client-flows.drawio
│
├── threat-model.md                 # STRIDE threat model
└── README.md                        # This file

---

API Documentation

Authentication Endpoints

POST /api/auth/register

• Register new user
• Request: { username, email, password, publicKeys: { idPub, ecdhPub } }
• Response: { userId, token }

POST /api/auth/login

• Login user
• Request: { username, password }
• Response: { userId, token, user }

Message Endpoints

GET /api/messages/:conversationId

• Get message history
• Response: [{ messageId, sender, recipient, ciphertext, iv, authTag, ... }]

POST /api/messages

• Store encrypted message
• Request: { sender, recipient, ciphertext, iv, authTag, ... }

File Endpoints

POST /api/files/upload

• Upload encrypted file
• Multipart form: encryptedFile, metadata

GET /api/files/:fileId

• Download encrypted file
• Response: Encrypted file blob

Key Exchange Endpoints

GET /api/keys/:userId

• Get user's public keys
• Response: { idPub, ecdhPub }

---

Security Documentation

Threat Model

See threat-model.md for comprehensive STRIDE analysis covering:

• Spoofing threats and mitigations
• Tampering detection mechanisms
• Repudiation protections
• Information disclosure prevention
• Denial of service defenses
• Elevation of privilege protections

System Architecture

See docs/System-Flow.md for:

• Complete cryptographic flow
• Key derivation processes
• Encryption/decryption workflows
• Replay protection mechanisms
• MITM attack prevention

Alice-Bob Scenario

See docs/Alice-Bob-Scenario.md for:

• Step-by-step walkthrough
• Concrete user scenario
• Key exchange examples
• Message encryption process
• File sharing flow

---

Testing & Demo

Running Attack Demonstrations

MITM Attack Demo:

node attacks/mitm-demo.js

Replay Attack Demo:

node attacks/replay-demo.js

These scripts demonstrate how the system defends against various attacks.

---

Author & License

Created: December 2025

Security-First Design | Zero-Knowledge Architecture | End-to-End Encryption

---

For security vulnerabilities or concerns, please reach out directly.