doc/CRYPTOGRAPHY.md

# Cryptography and Verification

## Release context

- Product release: `v4.8.5`
- Protocol version: `4.1`

## Session establishment

SecureBit.chat uses ECDH-derived session material, DTLS-protected WebRTC transport, and a mandatory Short Authentication String (SAS) verification step.

The SAS is deterministic for both peers in the same authenticated session. Users compare the displayed code through an out-of-band channel and enter the matching code manually. Local success alone is insufficient: the session becomes verified only after both peers confirm.

## Message protection

- encrypted payloads are validated before decryption
- decrypted chat text is sanitized before entering React state or the UI
- replay and ordering controls remain part of the session layer

## Local key metadata

Sensitive IndexedDB metadata is stored in encrypted envelopes. Legacy plaintext metadata remains readable through a migration path and is re-written in encrypted form when accessed. Corrupted encrypted metadata fails closed.

## Scope note

This document describes the current browser implementation behavior relevant to the v4.8.5 hardening release. It does not replace independent cryptographic review.
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`# Cryptography and Verification`
Create CRYPTOGRAPHY doc 2025-08-14 04:01:08 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`## Release context`
Create CRYPTOGRAPHY doc 2025-08-14 04:01:08 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			- Product release: `v4.8.5`
			- Protocol version: `4.1`
Create CRYPTOGRAPHY doc 2025-08-14 04:01:08 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`## Session establishment`
Create CRYPTOGRAPHY doc 2025-08-14 04:01:08 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`SecureBit.chat uses ECDH-derived session material, DTLS-protected WebRTC transport, and a mandatory Short Authentication String (SAS) verification step.`
Create CRYPTOGRAPHY doc 2025-08-14 04:01:08 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`The SAS is deterministic for both peers in the same authenticated session. Users compare the displayed code through an out-of-band channel and enter the matching code manually. Local success alone is insufficient: the session becomes verified only after both peers confirm.`
Create CRYPTOGRAPHY doc 2025-08-14 04:01:08 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`## Message protection`
What Changed: 2025-09-04 17:25:01 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`- encrypted payloads are validated before decryption`
			`- decrypted chat text is sanitized before entering React state or the UI`
			`- replay and ordering controls remain part of the session layer`
What Changed: 2025-09-04 17:25:01 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`## Local key metadata`
What Changed: 2025-09-04 17:25:01 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`Sensitive IndexedDB metadata is stored in encrypted envelopes. Legacy plaintext metadata remains readable through a migration path and is re-written in encrypted form when accessed. Corrupted encrypted metadata fails closed.`
What Changed: 2025-09-04 17:25:01 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`## Scope note`
What Changed: 2025-09-04 17:25:01 -04:00
release: prepare v4.8.5 security hardening release 2026-05-17 14:48:52 -04:00			`This document describes the current browser implementation behavior relevant to the v4.8.5 hardening release. It does not replace independent cryptographic review.`