How can I force eJabberd to store encrypted messages to the database (mod_mam) instead of storing messages as plain text?

Question

Im building a secure messaging system based on ejabberd server. But I have realized ejabberd (mod_mam module) stores message archive at barely plain text. If database will be stolen (some kind) chats of all my users will be compromised. How can I enable stored messages encryption?

score 2 · Answer 1 · answered Apr 10 '19 at 10:08

2

mod_mam or ejabberd do not support anything like that. You can configure ejabberd to use an external SQL database, if that helps you. Or you can tell your users to use client-2-client encryption...

answered Apr 10 '19 at 10:08

Badlop

3,840
1
8
9

1

External SQL database? I am already using pgsql for ejabberd data. What do you mean? – lovesuper Apr 10 '19 at 10:31
Ahh, ok. Then I haven't more ideas. – Badlop Apr 12 '19 at 09:29

score 1 · Answer 2 · answered Apr 15 '19 at 10:49

1

If you want to encrypt your data at rest, you can rely on the database features. For example, you can leverage pgcrypto for Postgres: https://www.postgresql.org/docs/current/pgcrypto.html

answered Apr 15 '19 at 10:49

Mickaël Rémond

9,035
1
24
44

Nice idea. I should check it. – lovesuper May 08 '19 at 21:19

How can I force eJabberd to store encrypted messages to the database (mod_mam) instead of storing messages as plain text?

2 Answers2