Encryption Service
Component Detail
Description
Implements per-tenant asymmetric encryption and decryption for assignment payloads. Generates and persists RSA/EC key pairs to Flutter Secure Storage on first run, exposes encrypt(plaintext, publicKey) for coordinators and decrypt(ciphertext, privateKey) for peer mentors, and ensures the private key never leaves the device.
encryption-service
Sources & reasoning
Core cryptographic service mandated by the end-to-end encryption requirement. Per-tenant asymmetric keys ensure plaintext never leaves the sender unencrypted and the server stores only ciphertext. This service is the single authority for all key lifecycle and crypto operations in the feature.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Generate per-tenant asymmetric key pair and store private key in Flutter Secure Storage
- Encrypt assignment plaintext with recipient public key before dispatch
- Decrypt assignment ciphertext with local private key on detail open
- Expose public key endpoint registration for coordinator-side encryption
- Wipe in-memory plaintext immediately after render
Interfaces
generateKeyPair(tenantId) → Future<KeyPair>
encrypt(plaintext, publicKey) → Future<String>
decrypt(ciphertext) → Future<String>
getPublicKey(tenantId) → Future<String>
isKeyPairInitialized(tenantId) → Future<bool>
Relationships
Related Data Entities (3)
Data entities managed by this component