Generation of signed messaging key pairsĪ state machine to help with the encryption of continuous streams of data.Secure import/export of recovery keys with scrypt.Secure import/export of key material encrypted with a random recovery key.
Perfect Forward Secrecy – Old message content is not compromised if the long-term key of a user or device is compromised.End-to-End Encryption – Message encryption keys are available only within Wickr clients and are not disclosed to network attackers or Wickr server operators.Joking aside, we believe it is a good time in Wickr’s development as a company to share the core crypto with the public in addition to the regular external security audits that all Wickr products undergoĪ faithful implementation of the Wickr protocol enables confidentiality of message content in transit and in storage. Team: The core crypto team has long been a strong internal advocate for opening the source code, and they have finally prevailed ☺. We are confident that the GitHub community will have ideas and constructive suggestions on how we can further evolve our protocol to make it stronger against emerging attacks (and, of course, fix a bug or two) Security: While Wickr is not a new tool for peer-to-peer encrypted ephemeral messaging, this protocol represents a new generation crypto in Wickr products.
Transparency: It is important for us to share with Wickr Professional customers how the Wickr crypto is designed in a way that is easy to review
Starting with this crypto lib, Wickr is opening its source code to its customers, partners, and the larger community-here is why: Pull requests are always welcome!Īny questions regarding the protocol itself (i.e: crypto design ideas, suggestions, high-level conceptual critique) can be be directed at all other security issues, please contact Wickr’s bug bounty program here. Please keep the issue tracker of this repo limited to code level bugs found in the implementation of the protocol as described in the white paper. We strongly believe in the value of the open source movement and are looking forward to collaborating with the community on this and other future projects, including under the GNU license.
This crypto lib is released for public review for educational, academic, and code audit purposes only (*this is not an open source license, more on license here). A markdown version of the white paper can also be found in the wiki. Wickr-crypto-c is an implementation of the Wickr Secure Messaging Protocol in C, which provides a platform for secure communications across all Wickr products.Ī white paper describing details of the protocol and its security model can be found here.