Cloud Key Storage
In the BBM Enterprise SDK, messages are protected from being viewed or modified by anyone other than the sender and intended recipients. The cryptographic keys used to protect communications are stored and distributed in a cloud storage system that you choose.
To ensure that your application may use any combination of the SDKs to fulfill its needs, a common storage schema for the encryption, signing, and symmetric keys must be maintained across all product lines. For example, both the Android and iOS versions of an application using the BBM Enterprise SDK must be able to exchange keys, and users must be able to switch between those two versions without losing their keys.
- The cloud storage system must authenticate users that are using tokens or credentials managed by your application
- The cloud storage system must allow a user to read and write private data
- The cloud storage system must allow a user to publish data that other users can read only
The cloud storage solution must include restricted read and write access (private data can only be read or written if the owner of that data is logged into the app). The following private data must be stored:
- The user's private encryption key
- The user's private signing key
- For each chat
- The symmetric encryption key for each of the user’s chats
The cloud storage solution must include public read access (where public data can only be read by authenticated users within the ecosystem), and restricted write access (where private data can only be written if the owner of that data is logged into the application). The following public data must be stored:
- The user's public encryption key
- The user's public signing key
Example Cloud Key Storage Integrations
The BBM Enterprise SDK can use any cloud storage system that meets these basic requirements.