How to create and encrypt your own end-to-end encrypted private chat service with Matrix and Riot (now Element)? step by step guide

Index:

UPDATED ✅ Do you want to create your own secure instant messaging platform? ⭐ ENTER HERE ⭐ and Learn Everything FROM ZERO!

In this article we will explain how to create and encrypt your own private chat service and then encrypt it end to end. Do not panic! because we will explain in detail everything you need to know so you don’t make mistakes.

The first thing we will show you is an analysis of how secure communications are in the most used chat services today. Then you can read the benefits you will have if you use your own messaging.

We will also introduce you to the tools you need and a guide to creating your own private platform and then encrypt it. Take a look at the whole post.

How secure are communications in the most used chat services today?

An instant chat service is a virtual platform that allows you to send messages to any user who is registered on the portal. To create and write in this chat it is necessary that a person, who happens to be called client, communicate with him server (from messaging) and this delivers the conversation to the other client. Namely, An instant messaging platform works on a client-server-client model to deliver messages.

The problem lies in the data interceptionso the servers encrypt this information so that it cannot be analyzed by anyone. This is why you can find in WhatsApp, for example, the legend that the communication is encrypted from end to end. But there is a detail that you must take into account, this is not always true, since the messages are not encrypted from the server side.

So that any requirement of justice, or by more invasive methods that it is not necessary to name them, the history can be obtained of conversations in text format. This happens because the servers keep that information indefinitely. For this reason, we will explain below so that you are aware of everything how secure the communications are in the most used chat services today.

Look below:

FacebookMessenger

This messenger, born as facebook-chathas modified its privacy and security policy some time ago. The conversations are protected from end to end, so to be read it is necessary for the user to access the decryption keys. This means that it is not possible to read the messages on phones or computers in which the receiving account of the chat is not registered.

According to encryption experts, Facebook Messenger does not participate in the creation of the encryption, so you shouldn’t have access to messages stored on their servers. But you should keep in mind that when using the E2EE encryption protocol does not imply that if message history is required by government authoritiesthey cannot access it in a much easier way.

Instagram Direct

Like Facebook, Instagram belonging to the same group as Mark Zuckerberg’s company, also uses end-to-end encryption type in direct messages. It has been detected that those users who maintain two or more accounts on the same deviceplatform development facilitates the filtering of private information.

While it is true that this bug was fixed a few years agoit is not entirely clear whether it is currently fully functional. Even more so with the public problems that Facebook had for leaking information.

It is another instant messenger that belongs to the group of Facebook. Also encrypt messages with end-to-end protocols and the platform does not intervene to generate encryption keysso only the sender and the recipient access them to know the chat sent.

But we return to the point that, if any authority requires access to the messages, the platform is willing to give them the texts without encoding. This is reflected in the ban on high-ranking UN officials from using WhatsApp for fear of leaking confidential information. Another piece of evidence is the complaint received by the Israeli technology company NSO by Facebook in studying (and apparently) finding security holes in the development of WhatsApp.

Telegram It is considered by many as one of the most secure instant messaging platforms, which is designed and intended to maintain the privacy of the users. Messages are encrypted, but there is a big difference in relation to other platforms because in this case it is not from end to end, but between the user and the server.

Instead adds a layer of security in which the message option is created self destructible and a navigation keyboard in incognito mode. But, for the point of analysis we refer to in this post, private messages are saved on the server and can be read without any inconvenience.

Skype

Instant messages, videos and voice and file transfers They are protected through the AES encryption protocol of 256 bit. But in this case, as in Telegram, the server of Skype is the one who intervenes certify public keys and thus keep conversations secure.

Some time ago the international movement of more than 7 million people, called Amnesty International, Microsoft requests that you warn its users that organizations governments have access to your messages. From this it follows that if you are thinking of sending confidential chats via Skype you should take into account all this information.

What are the benefits of using your own private chat service? reasons to do it

After have read everything we show you so farif you are thinking about use your own private chat service don’t hesitate to do it! Because you will get different benefits, which we explain below.

Please read carefully:

You will need to use two completely free tools, so you only have to worry about hiring a server in the cloud and a private domain. This will save you a lot of money.
You will have full control of the server in which the private conversations will be hosted. This way you can save or delete them according to your needs. And best of all, no one can access them.
Messages are end-to-end encryptedso no intruder will be able to intercept them.
The application you will use is compatible with well-known operating systems for mobile and computers.
You can create different chat rooms making the members share the information in a very easy way. In addition, you will have the possibility to choose the function of direct messages between the same members.
When you have your own server you can choose the level of security you want and build bridges with other platforms.
If they do social engineering They will not be able to capture your private data, nor will there be advertising or information leakage in your private chat service.
Although it is true that with Slack (or similar tools) you can have similar benefits, it is not the same as having your own server. This is because on these server platforms outside your company, any intruder, using phishing techniques, can access the administration panel and expose private information in a very easy way. This is because always messages remain on the server side in text format and are stored indefinitely.

What tools do I need to create my own private and encrypted chat platform?

As we mentioned in previous points, the messaging servers keep the history of information and keep it for an indefinite period of time. In addition, this data is in text format, so it is possible to access it in a not so complicated way.

If you have a company and your problem is that you must keep the data confidential that originate from it in a safe way, it is possible to create a chat room (or several) and host it on a private server. In this way, all information control and security protection will remain in the hands of the organization itself. To benefit from this great option to strengthen privacy and security, it is necessary to use two fundamental elements.

One is an application that can be installed on computers with Windows, MacOS or Linux operating systems and also on Android and iOS mobiles. And the other necessary item is a protocol that allows create chat rooms to write private messages and keep them safe on your own server. Therefore, we will show you below what are the tools that you will need to create your own private and encrypted chat platform.

Let’s start:

Matrix Protocol

The Matrix protocol is an information method that combines end-to-end encrypted messages and hosts them on a server. In this way it is possible to create chat rooms, write messages and leave all that information within a platform or the structure of the private server that is chosen.

Ideal for sharing sensitive data because it is possible to create encrypted chat rooms. In addition, it allows the servers to be encrypted and ensures that all the exchange of messages remains under the absolute control of the company. The communication protocol it offers is in real time and is decentralized. It is carried out through standards established by the organization Matrix.org Foundationwhich is not for profit.

Among the most outstanding advantages of this protocol are:

It allows the end to end encryption in the chats.
it’s possible create all the chat rooms that are necessary and send messages to them so that the information is known by all members of the room. Or, deliver private messages to another member.
facilitates the creation of ChatBot.
Each server has full sovereignty over the data hosted on itso only the company that owns it has access to confidential information.
It is open sourcewhich greatly improves confidence in this platform.
Conversations are recorded on all servers that are createdso that access to information by all members is 100% effective.
For installation on a computer you will need to have a domain name, a virtual server and some knowledge of linux programming. So that any user can generate their own private server in Matrix.
Use Synapse as the application needed for the server, while Riot (now Element) It is in charge of working on mobile devices and on users’ computers. From this it follows that it is not necessary large sophisticated tools for its use.
It is compatible with other protocolsfor example XMPP. In addition, it is possible to connect with Twitter, Slack, Facebook, WhatsApp Y Telegram, among others.
It is possible to have communications through Voice over IP (VoIP)which makes it a versatile and low-cost tool for the organization that uses it.

Element (Formerly Riot)

In the middle of the year 2020 Riot changed its name and was renamed Element. This was mainly because there were other applications that had the same name and also a bit because of the translation you have riots of Englishwhich means disturbance and is not related to the purpose of the app at all.

We told you something when we analyzed Matrix about Riot. Synapse is used for the server and Element for the client as a necessary application to carry out the project on Windows, MacOS, Linux, iOS and Android. With this tool it is possible to keep all the conversations private and safe from the data mining analysis that anyone can carry out through the Internet.

Its main characteristics are:

sharing app, so it is possible to have chat rooms with several people at the same time.
This computer development was intended to be used in the business environment. This allows the characteristics of its tools to greatly benefit the members of a company.
It can be used on all major operating systems.
Its development is based in methods Open Sourceso it allows any IT person to collaborate on the project to improve it.

Learn step by step how to create your own chat service with the best privacy and security

For create a private, encrypted chat service and then host it on your own server using the Matrix protocol and using the Riot app It will be necessary for you to read the steps that we will show you below so that you can carry out this task without problems. The first thing you have to know is that it is not a difficult process, you just have to take into account all the details that we show you so that you don’t die trying and have a communication in your company 100% secure.

Let’s start:

Hire a domain name

To get started with this task you will need to access a server so you will have to choose a domain name. There are a large number of platforms that you can access and choose the one you like the most.

For example:

DonWeb.com
GoDaddy.com
Records.com
cdmon.com
Webempresa.com
namecheap.com
Domains.Google
Mrdomain.com
Hostinet.com
nominalia.com

Once you have found the one that you like the most, what you should do is download Debian as operating system so you can create a cloud server or in a physical space. To do this, you will have to go to the official page https://www.debian.org Y download free code. Then you must choose the cloud server, if you do not want to do it in a physical one. Just like the platforms. domain too you can find a lot of servers.

Some of them are:

awsis the server owned by Amazon. You can use it by entering its official website https://aws.amazon.com/es/.
DigitalOcean, originally from the United States and considered one of the best. His page is https://www.digitalocean.com/.
Gigenet, also widely recognized as a good digital server. To contract their services you will have to enter https://www.gigenetcloud.com/.

Link the DNS of the server with the name of your domain

For this you must get into, one time open debian terminalthe command myserver.internetpasoapaso.com. 500 IN A 8.8.8.8. We will take as an example that the server name will be myserver.internetstepbystep.comwhile 500 is the IP address of your provider’s DNSA is the record in text and 8.8.8.8 is the one we take for example from Google.

Prepare to install Synapse

What you have to do now is create a Matrix referral server to be used in the communication process of the chat service. What you will have to do now is create a virtual machine in Debian.

For this you will have to access as root user to the virtual server provider and create, through SSH-protocol, the functions to have remote access. Next, you will need to standardize the repository Synapse in Matrix. This means that you are going to make compatible the files that are stored in Synapse to obtain the necessary resources and thus be able to use them in the Matrix protocol.

You can do this by entering:

# echo 'deb http://ftp.debian.org/debian ipap-backports main' >> /etc/apt/sources.list

The output can also be random, such as a 64-character string. For example, VJLKdqPqIAsrvfvEtgHfY8oZ06F5NMYnhdbHhVbneDiTFTDfdIXPBWDOqaVsR5erbut we will continue to use the output as Pap to simplify the example.

Then it is recommended to verify that the OS finds the repository, so you should write:

# apt-get update && apt-get dist-upgrade -y

The steps that we have mentioned in this part correspond to the access method through FTP. But this does not imply that it is the only thing you can also do by entering from the server. It is usually used cPanel as administrator of the hosting of your provider.

Upgrade your VM

having performed the above steps have you created a virtual machine that is detected by Debianbut this is basic so you will need to add some packages to it that will help you in the process.

You can do this with the commands:

# apt-get install -y apt-transport-https lsof curl python python-pip
# apt-get install -y certbot -t ipap-backports

Add more repositories

Now you have to follow adding program repositories to enhance the virtual machine. You will have to open a text editor, which can be Elder brotherin which you will have to enter /etc/apt/sources.list.d/matrix.list and call it this way.

To finish this step you must write the following in the text editor file that you just created:

deb https://matrix.org/packages/debian/ ipap main
deb-src https://matrix.org/packages/debian/ ipap main

Install Synapse

Enter the following commands to install Synapse:

# curl https://matrix.org/packages/debian/repo-key.asc | apt-key add -
# apt-get update
# apt-get install matrix-synapse -y

If for any reason the installation fails it is because you have a conflict in a code library python-cffi. so you should repair it from the exit door.

For this you will have to write:

# apt install python-cffi/ipap-backports and then retry with install Synapse.

Run the command again:

# apt-get install matrix-synapse -y

Next, you must enter the name of your server hostingand which we have called in this example myserver.internetstepbystep.com.

Create a global SSL security certificate on your domain

Matrix works through SSL certificates, so you will need your domain that you have registered before to be able to transfer the data in an encrypted way between any browser and the hosting. For this, you will need request a certificate authority to authenticate transport layer security through cryptographic protocols.

In this example we will use Let’s Encrypt which you can access via the URL https://letsencrypt.org/. You must press the button Start to start the process. Otherwise you can use an external tool called certbot for obtain your TSL certificate.

For this last option you will have to enter the command # certbot certonly and then click on the option Activate a web server temporary. You should bear in mind that this certificate has a duration of 3 months so if you want to get a renewal to run automatically you will have to enter the command # crontab -e. And then you need to insert @daily certbot renew --quiet --post-hook "systemctl reload nginx".

Set up a reverse proxy server

You must not forget that a proxy is a server or device that acts as an intermediary between requests that are made between the client and the server in any network. While a reverse proxy works as a resource retriever from the client’s point of view. For this reason, it is necessary to use some server that is light and high performance to fulfill the objectivein this case we will take as an example nginx. This reverse server must be compatible with the HTTPS protocol.

You need to configure it as follows:

Write # apt-get install nginx -y.
Opens the file /etc/nginx/conf.d/matrix.conf that what you created with the text editor.

Write below (without the bullet points you see at the beginning):

server {

listen 443 ssl;

server_name myserver.internetpasoapaso.com;

ssl_certificate/etc/letsencrypt/live/myserver.internetpasoapaso.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/myserver.internetpasoapaso.com/privkey.pem;

ssl_protocolsTLSv1 TLSv1.1 TLSv1.2;

ssl_ciphersHIGH:!aNULL:!MD5;

location /_matrix {

proxy_pass http://localhost:8008;

proxy_set_header X-Forwarded-For $remote_addr;

}

}

To end, restart the nginx Reverse Proxy server by typing # systemctl restart nginx.

Customize Synapse

What you should do now is add a shared secret between users. So you have to open the file /etc/matrix-synapse/homeserver.yaml Y to write registration_shared_secret: <agregue caracteres aleatorios aquí, lo que quiera que sea su secreto>. This will make Synapse save the conversation in RAM of the server.

If you wish increase RAM capacity for it to store in the cache all the information of the conversations that take place, you will have to open /etc/default/matrix-synapse and then addSYNAPSE_CACHE_FACTOR 0.02`.

After you will be able to run Synapse by entering the commands:

# systemctl restart matrix-synapse
# systemctl enable matrix-synapse

Create user accounts

Write below the codes to create your first user:

# register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml https://localhost

New user localpart [root]: {add your name/handle here}

Password: [escribe aquí tu clave de acceso o la de un usuario] ingresando a /].

Confirm password:

Make admin [no]: yes

Sending registration request…

Success.

If you want you can use our Password Generator. If you want new users to be enabled by registering the Element GUI it will be necessary that edit the document /etc/matrix-synapse/homeserver.yaml and enter enable_registration: true. Otherwise, you must write register_new_matrix_user -c and enter in /etc/matrix-synapse/homeserver.yaml https://localhost for add users manually.

Install Element

What you will have to do in this step is, on the server you just created, download fancypants front-end client. For that you will have to go to the official Element page by typing the URL address https://element.io/ and then you must choose the operating system of your computer for download the ISO.

Open Item

go to the app home screen Y plug it in to the created server.

You can do this by following this step by step:

enter to field sign in Y write your username and password.
Nextcheck the box Custom server.
Write in the section Home server URL internetpasoapaso.com (remember this is the server name example we created).
You will do the same in the URL field of the identity server, so you will have to enter myserver.internetpasoapaso.com.

Create a chat room

Once start with your username and password you’ll have to generate a new chat room and edit the preferences.

For this you must follow the following process:

On the home screen look for the tool create room and click on it. Write a name for it.
Head to the top of the control panel and click on the icon represented by a gear.
Nextlook for the option Enable encryption and click on it.
then save the changes.

Customize security settings

What you need to do now for this project to make sense is add other options that will strengthen the security level of the chat room.

Choose these criteria:

Who can access this room? — Only people who have been invited (default)
Who can read history? — Members only (since they joined)
URL previews –Disable URL previews
To invite users in the room –Moderator. with this option you can only invite the administrator to the chat rooms.

After this you must take into account other configurations. For example, the web implementation of Elementa firewall with a IP tableoperating system updates, protect the ssh login generate email notifications. Finally, you will be able to create interactions with Github, Giphy, Google image search engine, Wikipedia, Guggy, Twitter and Slack, among other applications.

Invite people to participate in the private chat service

What you will have to do next is invite people to join private rooms and they can send their messages between participants in a secure and encrypted way.

Informatic security