Secure connections

Part of Bridgefy's functionality is its ability to provide a secure connection for sending data within a mesh network. To ensure the privacy and security of sensitive data, Bridgefy SDK employs encryption techniques. Encryption involves transforming data into an unreadable format, which can only be deciphered by authorized recipients who possess the correct decryption key.

Bridgefy utilizes the Signal Protocol, a widely recognized and trusted encryption protocol, to encrypt sensitive data exchanged between devices in a mesh network. The Signal Protocol provides end-to-end encryption, meaning the data remains encrypted throughout its entire journey from the sender to the intended recipient. This ensures that even if someone intercepts the data, they won't be able to access its contents without the proper decryption key.

However, companies and developers who use the Bridgefy SDK in their mobile apps also have the option to implement their own custom encryption if they prefer, which doesn't require the establishment of a secure connection but needs robust encryption-key management practices

Established secure connection

Bridgefy SDK offers the option to establish secure connections within the mesh network, encrypting the data traveling on the mesh using the Signal protocol. This ensures a secure connection and protects the data from unauthorized access.

When node is connected you can try to establishing a secure connection with follow method:

// Bridgefy instance
val bridgefy: Bridgefy

bridgefy.establishSecureConnection(connectedNodeID: UUID)

Throws: A BridgefyException if there is an error during the connection establishment.

These methods are used to handle events related to the establishment of on-demand secure connections. The onEstablishSecureConnection function is invoked when a secure connection is successfully established, while the onFailToEstablishSecureConnection function is called when the establishment of a secure connection fails, providing details about the user involved and the reason for the failure.

val delegate: BridgefyDelegate = object : BridgefyDelegate {

      /**
       * This function is called to notify when an on-demand secure connection was successfully established.
       *
       * - userId: The ID of the user with whom the secure connection was established.
       */
      fun onEstablishSecureConnection(userId: UUID)
   
      /**
       * This function is called to notify when an on-demand secure connection could not be established.
       *
       * - userId: The ID of the user with whom the secure connection failed.
       * - error: The error reason indicating why the secure connection failed.
       */
      fun onFailToEstablishSecureConnection(
         userId: UUID,
         error: BridgefyException,
      )
   }

Bridgefy also allows users to implement their own custom encryption if they prefer not to use the Signal Protocol. In such cases, where custom encryption is utilized, it's important to note that Bridgefy does not require the establishment of a secure connection between devices.

Bridgefy Method

   bridgefy.fingerprint(userId: UUID): Result<BridgefyFingerprint>

Description: Generates a fingerprint for the secure connection established with a specified user.

Parameters:

  • userId: UUID - The UUID of the user for whom the fingerprint should be generated.

Returns: A Result containing the generated BridgefyFingerprint object or an error message. Returns null if a secure connection hasn't been established with the user.

   bridgefy.isFingerprintValid(
         fingerprintData: ByteArray,
         userId: UUID,
    ) : Result<Boolean>

Description: Verifies the validity of a fingerprint for a particular user. Parameters:

  • fingerprintData: ByteArray - The fingerprint data to be verified as a ByteArray.

  • userId: UUID - The UUID of the user whose fingerprint is being verified.

Returns: A Result containing true if the provided fingerprint data is valid, or false otherwise.

Recommendations for using a secure connection

While it's common to think that a secure connection needs to be established simultaneously with other connections, it's not always the case. In fact, many secure connection protocols allow for the establishment of connections at different times, depending on the specific requirements and circumstances.

By recommending a secure connection that is not simultaneous, it means that the focus should be on establishing a secure connection whenever it is feasible and appropriate, without being bound to the constraints of synchronizing the connection with other devices.

This approach allows for flexibility and adaptability in securing the connection. For example, a device may establish a secure connection with one device at a time, ensuring that each connection is properly encrypted and authenticated. This way, the security of the connection is not compromised, even if it takes place at different times.

Additionally, requesting a secure connection that is not simultaneous can also be beneficial in terms of resource management. Establishing secure connections simultaneously with multiple devices may impose a heavier burden on the device's resources, such as processing power and network bandwidth. By prioritizing security over simultaneous connections, the device can allocate resources effectively and maintain a high level of security for each connection.

Last updated