Skip to content

Encryption

Chatalot uses Signal Protocol-based end-to-end encryption to protect your messages. The server never sees plaintext message content -- only encrypted blobs pass through it.

Status: Complete -- The cryptographic infrastructure is fully implemented, compiled to WASM, and running client-side. All DMs use the Signal protocol (X3DH + Double Ratchet) and group channels use Sender Keys. Per-message encryption indicators and fingerprint verification are available in the UI.

Pages

# Page Description
1 Overview Why E2E encryption matters and what Signal Protocol provides
2 How It Works High-level encryption flow for DMs and group channels
3 Key Management Identity keys, prekeys, key generation, rotation, and storage
4 DM Encryption X3DH key agreement and Double Ratchet for private messages
5 Group Encryption Sender Keys for efficient group message encryption
6 Verification Safety numbers, fingerprints, and trust-on-first-use
7 Limitations What is not encrypted and other security boundaries
8 Technical Details Cryptographic primitives, wire formats, and protocol specification

Implementation Status

Component Status
ChaCha20-Poly1305 AEAD Implemented and tested
Ed25519 identity keys Implemented and tested
X3DH key agreement Implemented and tested
Double Ratchet Implemented and tested
Sender Keys (groups) Implemented and tested
Safety numbers Implemented and tested
WASM bridge Compiled and bundled
Web client integration Complete
Per-message encryption indicators Complete
Fingerprint verification modal Complete
TOFU key change detection Complete
Key storage (IndexedDB) Complete
Key storage (desktop) Planned (OS keychain)

The crypto library includes 23 unit tests covering all protocols, including edge cases such as out-of-order messages, tampered ciphertext, invalid signatures, and session serialization round-trips.

Source Code

The encryption implementation lives in the following locations:

  • Rust crypto crate: crates/chatalot-crypto/src/ -- X3DH, Double Ratchet, Sender Keys, AEAD, identity management
  • WASM bindings: crates/chatalot-crypto-wasm/ -- wasm-bindgen exports for browser use
  • Web client crypto: clients/web/src/lib/crypto/ -- KeyManager, SessionManager, CryptoStorage (IndexedDB)
  • Server key routes: crates/chatalot-server/src/routes/keys.rs -- prekey bundle exchange
  • Server sender key routes: crates/chatalot-server/src/routes/sender_keys.rs -- group sender key distribution