In your application, two users might want to communicate before one of them has been registered with Virgil Security and receives the requisite key pair for encrypting and decrypting data.

In this situation, we recommend that you adjust your product's flow using non-technical solutions.

However, in the unusual case where communication between a sender and an unregistered recipient is absolutely required, developers can use the temporary channel E3Kit method to create a shared, temporary key to encrypt the initial message until the recipient registers with Virgil Security. 

SECURITY WARNING: While this approach is more secure than sending plaintext messages, it is not true end-to-end encryption and should be used sparingly and with caution!

How Temporary Channels Work

When a user wants to send encrypted data to a recipient that isn't yet registered, you can create a temporary channel with the unregistered recipient's future identity. For example, if you plan to use the recipient's unique user ID when registering them, you should create the temporary channel with the recipient's UUID. This identity is the one that will be used in the JWT generation for that user to authenticate with Virgil Cloud.

The temporary channel consists of a temporary key that is safely stored in Virgil's KeyKnox service. After the creation of the temporary channel, it's possible to encrypt data that can be decrypted by the recipient as soon as they register.

After the recipient registers and decrypts the messages from the temporary channel, it's recommended to delete the temporary channel and then establish the usual end-to-end encrypted flow.

Implement Temporary Channels in Your Application

You can find implementation details and code snippets in Github here.
This method is currently only supported in Swift.

Additional Resources

If you need implementing this feature, you can chat with us via the chat bubble on this page or joining our Slack community: https://virgilsecurity.com/join-community

Did this answer your question?