This Rust code demonstrates a secure chat system using AES-GCM symmetric encryption for room messages and X25519 (Diffie-Hellman over Curve25519) for encrypting the AES room key per participant. The encrypt_room_message and decrypt_room_message functions handle encrypting and decrypting actual chat messages using a shared symmetric key (Aes256Gcm). To allow only specific users to decrypt the room key and participate, the room creator uses their ephemeral secret and the participant's public key to generate a shared secret through X25519, which is then used to encrypt the room's AES key. This encrypted key is shared with the participant via an AccessTicket containing the room address and a map of each participant's public key (in base64) to their encrypted AES key (also base64).
In main, the program first sets up the necessary key pairs for the room creator and a participant. It then generates an AES-256 key for the chat room and encrypts it for the participant using Diffie-Hellman key exchange. This key is inserted into an AccessTicket, serialized to JSON for transmission or storage. Later, the participant uses their private key and the creator’s public key to decrypt the room AES key, ensuring only authorized participants can access the chat. Finally, a test message is encrypted and decrypted to confirm that the system works end-to-end, validating both confidentiality and access control using strong cryptographic primitives.