SKILL

Implementing End To End Encryption For Messaging

End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version

Published by @mukul975·0 agent reads / 30d·0 saves·

Implementing End-to-End Encryption for Messaging

Overview

End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version of the Signal Protocol's Double Ratchet algorithm, using X25519 for key exchange, HKDF for key derivation, and AES-256-GCM for message encryption.

When to Use

  • When deploying or configuring implementing end to end encryption for messaging capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with cryptography concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Implement X25519 Diffie-Hellman key exchange for session establishment
  • Build the Double Ratchet key management algorithm
  • Encrypt and decrypt messages with per-message keys
  • Implement forward secrecy (compromise of current key does not reveal past messages)
  • Handle out-of-order message delivery
  • Implement key agreement using X3DH (Extended Triple Diffie-Hellman)

Key Concepts

Signal Protocol Components

ComponentPurposeAlgorithm
X3DHInitial key agreementX25519
Double RatchetOngoing key managementX25519 + HKDF + AES-GCM
Sending ChainPer-message encryption keysHMAC-SHA256 chain
Receiving ChainPer-message decryption keysHMAC-SHA256 chain
Root ChainDerives new chain keys on DH ratchetHKDF

Forward Secrecy

Each message uses a unique encryption key derived from a ratcheting chain. After a key is used, it is deleted, ensuring that compromise of the current state does not reveal previously sent/received messages.

Security Considerations

  • Delete message keys immediately after decryption
  • Implement message ordering and replay protection
  • Use authenticated encryption (AES-GCM) for all messages
  • Protect identity keys with device-level security
  • Verify identity keys out-of-band (safety numbers)

Validation Criteria

  • X25519 key exchange produces shared secret
  • Messages encrypt and decrypt correctly between two parties
  • Different messages produce different ciphertexts
  • Forward secrecy: old keys cannot decrypt new messages
  • Out-of-order messages can be decrypted
  • Tampered messages are rejected by authentication

Bundled with this artifact

9 files

Reference files that ship alongside this artifact. Agents pull these in only when the task needs them.

More on the bench

SKILL0

Devsecops Ssdlc Appsec Cursor Rule

Cursor rules for secure coding, secret handling, dependency hygiene, authentication, authorization, security testing, and compliance documentation.

cybersecurity-soc+1
0
SKILL0

Audit Skills

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

sickn33 and contributors
cybersecurity-soc+2
0
SKILL0

VibeSec Skill

This skill helps Claude write secure web applications. Use this when working on any web application or when a user requests a scan or audit to ensure security best practices are followed.

BehiSecc
cybersecurity-soc+2
0