Security Architecture
Built on open standards. Verified by design. No trust required.
Signal Protocol
The same encryption protocol trusted by Signal, WhatsApp, and Google Messages.
X3DH Key Agreement
Extended Triple Diffie-Hellman establishes shared secrets between two parties without prior communication. Identity keys, signed pre-keys, and one-time pre-keys ensure forward secrecy from the first message.
Double Ratchet
Every message uses a unique encryption key derived from a continuously evolving chain. Compromising one key reveals nothing about past or future messages. Keys are ratcheted forward after every exchange.
AES-256-GCM
Messages are encrypted with AES-256 in GCM mode — the same standard used by governments and military. Provides both confidentiality and integrity verification.
PBKDF2 Key Derivation
All PINs and passwords are hashed with PBKDF2-HMAC-SHA256 (100,000 iterations) with unique random salts. Brute-force attacks are computationally infeasible.
Zero Knowledge
What the server sees vs. what you see.
Infrastructure
All local data is stored in an AES-256 encrypted SQLCipher database. The encryption key lives in your device's secure storage (Keychain/Keystore). No one — not even with physical device access — can read the database without the key.
Messages are auto-deleted from the server: 72 hours after delivery for DMs, 17 days if undelivered. The server is a temporary relay, not permanent storage. Ghost Mode messages have even shorter lifespans.
The server stores only what's needed for message delivery: encrypted blobs, routing metadata, and pre-key bundles. No message content, no contact graphs, no analytics. UUID filenames, hashed IPs, octet-stream content types.
Local backups use AES-256-GCM with a password-derived key (PBKDF2, 100K iterations). The .cmbackup file contains your database, encryption keys, and preferences — all encrypted. Without your password, it's unreadable.