Features - Samruddhi9369/Incognito GitHub Wiki

1. Two Step Verification Process :

  • Password based registration along with email based verification.
  • Verification code is sent to user's email address to complete the registration process.
  • Assumption : Email Servers are trusted.

Two Step Verification

2. Remote Login Process:

  • Password never leaves the device in the login process.
  • Remote login consists of two post requests sent by the user for authentication.
  • Server is RESTful hence need not maintain state of the user.

Remote Login

3. JWT Authentication:

  • JSON Web Tokens (JWT) are used for user authentication.

JWT

4. In Person Public Key Exchange:

  • QR codes are used to exchange public key for initiating the conversation.
  • Each user possesses his/her own public key which needs to be scanned with other users to initiate communication with that user.

5. Pretty Good Privacy:

  • Two symmetric keys for encryption and integration.
  • Uses AES 256 in Counter Mode.
  • RSA for encrypting the ciphertext, tag and symmetric keys.
  • Uses RSA 2048 -OAEP with SHA256 & MGF1 padding.