Decrypt and Read Full Assignment Details Including Sensitive Personal Information

When the peer mentor opens an assignment from the inbox, the Assignment Detail Screen retrieves the encrypted ciphertext from Supabase via the Assignment Repository and invokes the Encrypted Message Service to decrypt it client-side using the private key stored in the device secure enclave (Flutter Secure Storage via Secure Key Store). The Key Management Service retrieves the private key, which was derived from the peer mentor's BankID-verified identity during account setup and is protected by the device hardware security module. Decryption uses X25519 + XSalsa20-Poly1305 via the Encryption Infrastructure. On the first open of any given assignment, the Read Receipt Service writes a read receipt record to assignment_read_receipts in Supabase, notifying the coordinator that the assignment has been viewed. The detail screen presents the contact's full name, address, medical summary, and mission details in a structured layout. A prominent encryption status widget confirms that the information was transmitted and stored encrypted.

CRITICAL story-encrypted-assignment-dispatch-peer-mentor-002 8 pts

Story Points

Critical

Priority

Encrypted Assignment Dispatch

Feature

User Story

As a Peer Mentor (Likeperson)

I want to open an assignment and have it automatically decrypted on my device so I can read the full sensitive details — including the contact's name, home address, and medical summary — without that information ever being visible to anyone other than me

So that So that I receive the information I need to carry out the peer support visit while the organization remains compliant with Norwegian privacy legislation

Acceptance Criteria

Given the peer mentor opens an assignment for the first time, when the detail screen loads, then the assignment payload is decrypted on-device using the private key from the secure enclave and the full sensitive details are displayed
Given the assignment is opened for the first time, when the screen renders, then a read receipt is written to assignment_read_receipts and the coordinator's status dashboard reflects the 'read' state
Given the peer mentor opens the same assignment a second time, when the detail screen loads, then no duplicate read receipt is created
Given the device's private key is unavailable (e.g., key not yet initialized), when the peer mentor attempts to open an assignment, then a clear error message instructs them to complete BankID identity verification to restore their key
Given the ciphertext in Supabase is tampered or corrupted, when decryption is attempted, then the authenticated encryption fails, a tamper warning is displayed, and no partial data is shown
Given the assignment detail screen is open, when the encryption status widget is visible, then it shows a confirmed padlock icon indicating the message was end-to-end encrypted
Given the peer mentor navigates back from the detail screen, when they return to the inbox, then the assignment is now marked as read

Business Value

This story is the core privacy-compliance mechanism of the feature. Norwegian law (Personopplysningsloven, GDPR Art. 32) requires technical measures to protect sensitive personal data in transit and at rest. End-to-end encryption with device-local private keys means Supabase never holds plaintext, satisfying this requirement.

The read receipt also eliminates the coordinator's uncertainty about whether sensitive information has been received, closing a major operational gap previously handled via phone calls.

Components

Assignment Detail Screen ui
Encryption Status Widget ui
Encrypted Message Service service
Read Receipt Service service
Key Management Service service
Assignment Repository data
Encryption Infrastructure infrastructure
Secure Key Store infrastructure

Encrypted Assignment Dispatch

Related Feature

Peer Mentor (Likeperson)

User Role