lockbitchat
27 lines
1.2 KiB
Markdown
27 lines
1.2 KiB
Markdown
# Cryptography and Verification
|
|
|
|
## Release context
|
|
|
|
- Product release: `v4.8.5`
|
|
- Protocol version: `4.1`
|
|
|
|
## Session establishment
|
|
|
|
SecureBit.chat uses ECDH-derived session material, DTLS-protected WebRTC transport, and a mandatory Short Authentication String (SAS) verification step.
|
|
|
|
The SAS is deterministic for both peers in the same authenticated session. Users compare the displayed code through an out-of-band channel and enter the matching code manually. Local success alone is insufficient: the session becomes verified only after both peers confirm.
|
|
|
|
## Message protection
|
|
|
|
- encrypted payloads are validated before decryption
|
|
- decrypted chat text is sanitized before entering React state or the UI
|
|
- replay and ordering controls remain part of the session layer
|
|
|
|
## Local key metadata
|
|
|
|
Sensitive IndexedDB metadata is stored in encrypted envelopes. Legacy plaintext metadata remains readable through a migration path and is re-written in encrypted form when accessed. Corrupted encrypted metadata fails closed.
|
|
|
|
## Scope note
|
|
|
|
This document describes the current browser implementation behavior relevant to the v4.8.5 hardening release. It does not replace independent cryptographic review.
|