Encryption Standards
Room 39 employs a Zero-Trust, End-to-End Encrypted (E2EE) architecture. This means that mathematical certainty, not trust in our servers, guarantees the privacy of your communications.
Cryptographic Primitives
We utilize industry-standard, open-source cryptographic primitives to ensure auditability and security.
| Component | Standard | Purpose |
|---|---|---|
| Symmetric Encryption | AES-GCM (256-bit) | Encrypting message bodies and files. |
| Key Exchange | ECDH (P-256) | Establishing shared secrets between users. |
| Key Derivation | PBKDF2 / Argon2 | Deriving encryption keys from user passwords. |
| Signatures | ECDSA (P-256) | Verifying message integrity and sender identity. |
The Message Lifecycle
1. Key Generation
When a user joins Room 39, the client device generates a Public/Private Key Pair locally. * The Private Key is encrypted with the user's password/PIN and stored locally. It never leaves the device in plaintext. * The Public Key is uploaded to the directory server to allow other users to initiate chats.
2. Transport Layer
When User A sends a message to User B: 1. The client generates a random 32-byte Message Key. 2. The message text is encrypted with this key using AES-GCM. 3. The Message Key is encrypted using User B's Public Key (and User A's Private Key for authenticated signing). 4. The encrypted blob is sent to the server.
3. Server Knowledge
The Room 39 servers (and any intercepting agency) see only: * Metadata: Timestamp, encrypted size. * Ciphertext: High-entropy random noise. * Sender/Receiver: (Unless using Sealed Sender protocols).
We cannot decrypt the message content because we do not possess the Private Keys required to unwrap the Message Key.
Local Storage Encryption
Data at rest on your device is encrypted using the Android Keystore / iOS Keychain system. Even if the raw database file is extracted from the device storage, the content remains encrypted without the biometric/PIN unlock vector.