From 4c4792c2d0cbe0dc02ebed6de2e11ac11e01cedc Mon Sep 17 00:00:00 2001 From: outlandishlizard Date: Sun, 12 Oct 2025 11:28:21 -0400 Subject: [PATCH 1/2] Remove outdated reference to asymmetric cryptography One of the opening paragraphs still contains a reference to encrypting message bodies with asymmetric crypto, looking at the linked threads and previous PR I'm pretty sure this just got missed when updating the design text. --- zaps/0002-encrypt-push-notifications.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/zaps/0002-encrypt-push-notifications.md b/zaps/0002-encrypt-push-notifications.md index 79d135f..1c341fa 100644 --- a/zaps/0002-encrypt-push-notifications.md +++ b/zaps/0002-encrypt-push-notifications.md @@ -43,9 +43,7 @@ in between the individual Zulip server and its users. # Design Each mobile push notification a Zulip server sends will be encrypted -with a public key belonging to the intended user device. -The corresponding private key will have been generated by the Zulip -mobile app on the device, and will remain only on the device. +with a symmetric key generated by the client and shared with the server. When a Zulip server sends a notification, the only information it sends to the Mobile Push Notification Service will be the cryptotext From a8219a54158bd15220ac5767a06a7b69c11ef150 Mon Sep 17 00:00:00 2001 From: outlandishlizard Date: Wed, 15 Oct 2025 09:39:53 -0400 Subject: [PATCH 2/2] update language based on feedback Co-authored-by: Greg Price --- zaps/0002-encrypt-push-notifications.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/zaps/0002-encrypt-push-notifications.md b/zaps/0002-encrypt-push-notifications.md index 1c341fa..820f110 100644 --- a/zaps/0002-encrypt-push-notifications.md +++ b/zaps/0002-encrypt-push-notifications.md @@ -43,7 +43,10 @@ in between the individual Zulip server and its users. # Design Each mobile push notification a Zulip server sends will be encrypted -with a symmetric key generated by the client and shared with the server. +with a secret key specific to the intended user device. +The key will have been generated by the Zulip mobile app +on the device, and shared only between that device +and the server. When a Zulip server sends a notification, the only information it sends to the Mobile Push Notification Service will be the cryptotext