As shown in FIG. 5, the sending client may first send an end-to-end encryption (E2EE) setup message 502 to the intermediate server. The intermediate server may forward the E2EE setup message 502 to the receiving client. The receiving client may generate an E2EE setup response 504, and transmit the response 504 to the server. The server may relay the response 504 to the sending client. The setup message 502 and response 504 may include all the information necessary to establish an E2EE session between the sending client and the receiving client.
On the sending client, a user may engage with a communications application to compose a message (process 506). The message may include an image. In response to receiving a request to transmit the message, the image may be encoded and encrypted, using the process described in FIG. 6A. The encrypted image data 508 may be uploaded to the blob server, which may respond with a location 510 of the image on the blob server.
An image message 512 may be generated, which includes encrypted message content; the encrypted message content may include the lengths of each set of data corresponding to different image qualities (see FIGS. 4A-4B), the HMACs of each data chunk in the image data, and a reference to the image. The reference may be, or may be derived from, the image location 510 received from the blob store. The image message 512 may be transmitted to the server, and then relayed from the server to the receiving client.
