Signal protocol questions

Question

Good day! I have several questions about Signal protocol using.

I have a small, basic chat and want to encrypt messages (end-to-end). I want to try Signal as you see, but I wand to keep my server-side implementation.

From what I saw - all the work begins with creating public keys and sending them to the server. Then, when Alice wants to write to Bob a message she asks server to send her a PreKeyBundle. After that all message exchange is just like in SessionBuilderTest at github repo.

The main questions are:

• if I get PreKeyBundle, when will it expire?
• When should I ask for another PreKeyBundle? When I ask for PreKeyBundle
• does server deletes that key from PreKeyStore, so no one can use it again?

Answer 1

Everyone uses Bob and Alice so I'll do the same 🙄

The pre key bundle is built from:

1. Registration ID
2. Identity public key
3. Signed pre key (public key and a signature)
4. Ephemeral pre key (public key)

Both Alice and Bob start by generating keys.
Both send to the server what they've created (only the public part of the keys, of course).
Now let's assume Bob wants to message Alice.
Bob asks the server for a signed pre key bundle.
The server sends the fixed keys (identity and signed), signature, and one of the unsigned pre keys.
It then disposes of the pre key - it is never used again, so Bob has a key that is unique for him, and will never expire.
Bob can now use the bundle to create a shared secret and send it to Alice, starting a session between the two using ratchet keys that change for each message.

So to answer your questions:

• You ask for a pre key bundle when you want to start a session
• Your bundle does not expire
• The server deletes the pre key (a part of the bundle) and will never use it again