Your application users might find themselves in one of two situations:

  1. They want to encrypt data knowing that they’ll want to share it with other users in the future, but they don’t yet know which users or when.
  2. They want to share it with a certain user in the application, but that user doesn’t yet have an E3Kit keypair (e.g. when E3Kit is added to a production application with preexisting users not yet registered with E3Kit).

E3Kit’s whole value as a security tool is that it encrypts data so that only the specified recipients can decrypt that data. 

But if the system doesn’t yet know who the specified users will be or that user does not yet have a public key registered in the Virgil Cloud, there are some options available to you as the application developer:

  1. Don't allow User A to send messages to User B until they have registered.
  2. Allow User A to send messages to User B, but with a warning that the messages to User B will be unsecured until User B registers. When User B takes action to see the messages, immediately register User B.
  3. Send a non-sensitive message, like an invitation (“Someone sent you a message. Log in to see it.”) that will prompt User B to log in to your application and then be registered by E3Kit.
  4. Only if absolutely necessary, use the temporary channel method within E3Kit to create a temporary key to encrypt the initial message to the user.

If you need help deciding on or implementing one of these approaches, you can chat with us via the chat bubble on this page or joining our Slack community: https://virgilsecurity.com/join-community

Did this answer your question?