Blindnet in mobile/desktop only applications

Blindnet SDKs for mobile and desktop manage data encryption, decryption, encryption keys, and also execute data transfer from sender’s to recipient’s device. When the transfer is executed, the encrypted data is temporarily stored in a secured storage until it reaches the recipient’s device.

flowchat
Before you start

Blindnet provides a sandbox environment for you to try our SDKs in your applications before using them in production.

To use blindnet SDKs in production, you must first obtain your application_id, application_key, and application_key_id, which are needed for authenticating your users to blindnet. You can find this information on your dashboard. You must be very careful with managing your application_key, as it gives you or anyone in its possession the access to blindnet.

User authentication

Blindnet is compatible with your existing authentication mechanism, which means that you authenticate users of your application on your server independently of blindnet.

For your application users to access and use blindnet, they must authenticate with blindnet backend. This is done via JSON Web Tokens (JWT), which are generated on your server by using the application_id, application_key, and user_id. User_ids used for the generation of JWTs must be unique for each user of your application. We recommend that these user_ids are the same unique ids that you use to identify users in your application.

The payload of your JWTs must include application_id, user_id and token’s expiration datetime.

Blindnet provides an SDK for generation of JWTs on your backend. Since JWTs give access to blindnet, you must pass them only to those users who first authenticate on your server.


  private final String appId = "YOUR_BLINDNET_APP_KEY";
  private final String appKey = "YOUR_BLINDNET_APP_KEY";
  private String userId = "your_user_id";
  JWT userToken = BlindnetAuth.generateUserJwt(appId, appKey, userId);
Initialise SDK

When your users use your application and blindnet for the first time, the SDK needs to be initialised. This is done by invoking the initialisation method and passing to it the JWT obtained from your server.

During the process of initialisation, the SDK generates cryptographic key pairs for a user. Private keys are stored in users’ browser IndexedDB, while the public keys are published to blindnet and associated with user identity.


  boolean init = Blindnet.initialize(userToken, userId);
User deletion

At any given moment you can remove a user from blindnet, for example when a user deletes an account on your application, or when a user requests removal of his data. This is done by invoking the delete method, which results in permanent removal of all user keys from the browser IndexedDB, as well as removal of all user data from blindnet system. Use this carefully, since this action cannot be undone.


  boolean del = Blindnet.delete(userToken);
End-to-end encryption

Blindnet SDKs allow you to encrypt and decrypt data by invoking the corresponding methods. When these methods are invoked, blindnet automatically manages encryption and decryption keys in the background via its backend service, and transfers the data from sender’s to recipient’s device. You do not need to manage the keys or transfer the data yourself.

Encryption

To encrypt the data, you must provide the recipient’s user_id to the encrypt method. Blindnet SDK will retrieve the recipient’s public key and use it to encrypt the data. At this moment, the SDK encrypts the data on the sender’s local device and sends it to blindnet secure storage. The encrypted data can only be decrypted by the recipient.


  boolean sent = Blindnet.encryptAndSend(userToken, data, recipientId);
Decryption

Once you can call the decrypt method from your application, blindnet SDK will fetch the recipient’s data from blindnet secure storage and use the recipient’s private key to decrypt the data on his local device.


  List<String> messageIds = Blindnet.checkMessages(userToken);
  byte[] message = Blindnet.receiveAndDecrypt(userToken, messageId);
Backups

Users are initially able to access their data only from the device that they originally used to initialise blindnet SDK. To prevent users from losing their data in the case of a device loss, or in the case that they want to switch to a new device, blindnet provides the option for secure data backup.

To ensure that user data remains private, blindnet requires a password from the user. This password is used to derive the encryption key, which is then used to encrypt the data and temporarily store it on blindnet secure storage. Important: for your users to use the same password for backup as the one for authenticating to your application, you must introduce additional password hash to your authentication system.


  boolean backup = Blindnet.backup(userToken, password);

Blindnet SDK provides a method to retrieve backup data. When calling this method, a user must input the same password that was used when making the backup. Once the data is retrieved, a user can use the new device and access old data.


  List<Document> backupDocs = Blindnet.retrieve(userToken, password);