End to end encryption from Ionic 2 to Firebase

I’d like to encrypt communication between my ionic 2 app and Firebase. The info in the database is going to be public anyway so I’m not worried about encrypting the actual database.

I know that Firebase methods, such as .push(), communicate with the database through HTTPS so it is already encrypted. (Am I understanding this correctly? "HTTPS is required. Firebase only responds to encrypted traffic so that your data remains safe."
https://firebase.google.com/docs/reference/rest/database/ )

But if I wanted to ensure the privacy of my users even further, could I add an encryption library to encrypt the communication between firebase and ionic 2 such as this Whisper Systems Library? https://github.com/WhisperSystems/libsignal-protocol-javascript

Is this theoretically possible, or am I missing something important?

If you’re planning on storing the data in cleartext on the server, I don’t really see much of a point in doing anything above and beyond the TLS that is part of HTTPS.

Some of my potential users have expressed that they’d like to be able contribute to the database securely anonymously, but want the information they contribute to be public. Would the TLS that is part of HTTPS be secure enough? Is that just a call I have to make? Or Is there a way to buff up the security through added encryption?

In that case, I think it’s more important that you deliberately choose to not store any information in the database that can be used to identify the contributor. The transport is not much of an issue.

I don’t think encrypting things twice in transit offers any additional protection. HTTPS should be sufficient here, in my opinion.

1 Like

Thanks :slight_smile: