Security

Security Architecture

Security is the core principle of PRIVATGRAMM. The system is designed to protect corporate communication through transport protection, cryptographic session management, device isolation, and administrative control.

Transport Protection

Communication between client applications and the server is protected through TLS-based secure connections.

Signal-Class Cryptographic Model

PRIVATGRAMM uses a Signal-class cryptographic architecture adapted for corporate environments, including asynchronous key exchange, PreKey Bundle handling, and device-specific sessions.

X3DH and Double Ratchet

Session establishment and continuous key evolution

X3DH is used for establishing secure communication sessions between users through public cryptographic materials.

Double Ratchet is used for continuous evolution of session keys, providing a separate keying process for protected message exchange.

Identity Keys

→

PreKey Bundle

→

X3DH Session

→

Double Ratchet

Security principles

Designed to limit exposure of sensitive content

Device-Level Session Isolation

Each authorized device may have its own identifier, registration ID, cryptographic state, session storage, and delivery route.

Attachment Protection

Files, images, voice messages, and video messages are processed as protected attachments using unique identifiers, chunk-based transfer, and AES-GCM based encryption.

No Plaintext Message Storage

The server is designed to store and route encrypted content. Plaintext content should remain available only on authorized user devices after local decryption.