That's not an undertaking that should be taken lightly. At minimum, you should have a team wherein one of the people making the final design decisions is a cryptography expert.
And I don't mean "I learned how to do textbook RSA in college", I mean more of, "Can tease a previously undiscovered cache-timing side-channel out of a crypto library". (For example, the recent libgcrypt advisories.)
If the words "padding oracle" or acronyms like AEAD sound strange and foreign, that person is not qualified to fill that role.
I would wager most developers lack the background to make a messaging service that is actually secure. (To anyone reading this: Please don't let this fact magnify any sense of impostor syndrome you may have. You're far from alone. Even the experts won't embark on this endeavor without peer review.)
to be clear, I was hoping to build it casually on top of a protocol or library. I would not be planning on rolling my own crypto or anything like that. I want a feature of my application to be encrypted chat which given the large availability or apps & libraries, I was hoping could be more of an integration than a build out.
And I don't mean "I learned how to do textbook RSA in college", I mean more of, "Can tease a previously undiscovered cache-timing side-channel out of a crypto library". (For example, the recent libgcrypt advisories.)
If the words "padding oracle" or acronyms like AEAD sound strange and foreign, that person is not qualified to fill that role.
I would wager most developers lack the background to make a messaging service that is actually secure. (To anyone reading this: Please don't let this fact magnify any sense of impostor syndrome you may have. You're far from alone. Even the experts won't embark on this endeavor without peer review.)