Labels: backend security enhancement
Background
backend/services/messagingService.ts (3 KB) stores chat messages in plaintext. Telemedicine chat between pet owners and vets may contain sensitive health information that should be encrypted at rest.
What "Done" Looks Like
- Messages encrypted client-side before sending using the recipient's public key (stored in the user profile)
- Backend stores ciphertext only — cannot read message content
- Key exchange: use X25519 (Diffie-Hellman) for shared secret, AES-256-GCM for message encryption
- Message decryption happens client-side in
telemedicineService.ts
- Key rotation: new keypair generated on device change; old messages remain readable via key history
- Update
backend/services/__tests__/messagingService.test.ts to verify ciphertext is stored (not plaintext)
Labels:
backendsecurityenhancementBackground
backend/services/messagingService.ts(3 KB) stores chat messages in plaintext. Telemedicine chat between pet owners and vets may contain sensitive health information that should be encrypted at rest.What "Done" Looks Like
telemedicineService.tsbackend/services/__tests__/messagingService.test.tsto verify ciphertext is stored (not plaintext)