allows the use of end-to-end encryption. With this kind of encryption, we secure data transmission against eavesdropping by the administrator of the communication channel and also by the server administrator in charge of the server through which users communicate.

End-to-End Encryption

Thus, even the server administrator cannot eavesdrop on client communication that the server mediates. The users can choose their own password or have a strong password automatically generated by the app. The stronger the password, the stronger the encryption key. The password must then be sent to the other party - the recipient of the data.

Key derivation

A random variable - called "salt" - is added to the design of the key, so that it is difficult to use the table of frequently used passwords (rainbow table) to break the password. Salt is a randomly generated 128-bit content sent to the PBKDF2 derivation function. There, with the help of 100,000 iterations (we call the SHA-256 hash function 100,000 times) it creates a master key that has 256 bits. In this way, a key (master key) is generated for the encryption itself.

The Encryption

Subsequently, the original data is encrypted with the master key using the AES-GCM encryption algorithm. Advanced Encryption Standard is a standardized algorithm used to encrypt data in computer science. It is a symmetric block cypher that encrypts and decrypts data divided into blocks of a fixed length with the same key. It is used, for example, for wireless Wi-Fi networks within the WPA2 security that follow the IEEE 802.11i standard. This creates encrypted data. All this takes place only in the sender's browser and the opposite process in the recipient's browser. No one else, not even the communication channel administrator or the server administrator can access the password, master key or the original data.