Secure connections

Part of Bridgefy's functionality is its ability to provide a secure connection for sending data within a mesh network. To ensure the privacy and security of sensitive data, Bridgefy SDK employs encryption techniques. Encryption involves transforming data into an unreadable format, which can only be deciphered by authorized recipients who possess the correct decryption key.

Bridgefy utilizes the Signal Protocol, a widely recognized and trusted encryption protocol, to encrypt sensitive data exchanged between devices in a mesh network. The Signal Protocol provides end-to-end encryption, meaning the data remains encrypted throughout its entire journey from the sender to the intended recipient. This ensures that even if someone intercepts the data, they won't be able to access its contents without the proper decryption key.

However, companies and developers who use the Bridgefy SDK in their mobile apps also have the option to implement their own custom encryption if they prefer, which doesn't require the establishment of a secure connection but needs robust encryption-key management practices

Established secure connection

Bridgefy SDK offers the option to establish secure connections within the mesh network, encrypting the data traveling on the mesh using the Signal protocol. This ensures a secure connection and protects the data from unauthorized access.

When node is connected you can try to establishing a secure connection with follow method:

 public func establishSecureConnection(with userId: UUID) 

When the establishment is done, the secure connection is notified on delegate:

func bridgefyDidEstablishSecureConnection(with userId: UUID)

Bridgefy also allows users to implement their own custom encryption if they prefer not to use the Signal Protocol. In such cases, where custom encryption is utilized, it's important to note that Bridgefy does not require the establishment of a secure connection between devices.

Recommendations for using a secure connection

While it's common to think that a secure connection needs to be established simultaneously with other connections, it's not always the case. In fact, many secure connection protocols allow for the establishment of connections at different times, depending on the specific requirements and circumstances.

By recommending a secure connection that is not simultaneous, it means that the focus should be on establishing a secure connection whenever it is feasible and appropriate, without being bound to the constraints of synchronizing the connection with other devices.

This approach allows for flexibility and adaptability in securing the connection. For example, a device may establish a secure connection with one device at a time, ensuring that each connection is properly encrypted and authenticated. This way, the security of the connection is not compromised, even if it takes place at different times.

Additionally, requesting a secure connection that is not simultaneous can also be beneficial in terms of resource management. Establishing secure connections simultaneously with multiple devices may impose a heavier burden on the device's resources, such as processing power and network bandwidth. By prioritizing security over simultaneous connections, the device can allocate resources effectively and maintain a high level of security for each connection.

Fingerprint

public func fingerprint(for userId: UUID) throws -> BridgefyFingerprint? 

This method is used to generate a fingerprint for the secure connection established with a specific user identified by their UUID. A fingerprint is a unique identifier associated with a user's secure connection. It allows users to recognize and communicate securely with each other.

public func isFingerprintValid(_ fingerprintData: Data, for userId: UUID) throws -> Bool 

This method is used to verify the validity of a fingerprint for a particular user identified by their UUID. It allows users to ensure that they are securely communicating with the intended recipient by validating their fingerprint.