-
-
Notifications
You must be signed in to change notification settings - Fork 3
Model
Panger Lkr edited this page Jan 15, 2026
·
2 revisions
SecureComm follows a client-centric security architecture.
-
Client Applications
Responsible for key generation, encryption, and decryption. -
Relay Server
Facilitates message delivery without access to plaintext or cryptographic keys.
The relay server is treated as an untrusted intermediary.
All cryptographic trust exists exclusively between clients.
SecureComm enforces security at the application layer.
- End-to-end encryption by default
- No server-side access to plaintext
- No server-side key storage
- Minimal metadata handling
Security is enforced by design rather than operational policy.
SecureComm considers the following adversaries:
- Network-level attackers
- Malicious or compromised relay servers
- Passive traffic observers
- Unauthorized clients
- Compromised client devices
- User behavior risks
- Physical access attacks
SecureComm uses established cryptographic primitives and libraries.
- No custom cryptography
- Ephemeral key material where feasible
- Client-side encryption and decryption
- Secure randomness sources
Cryptographic implementation details may evolve over time and are documented accordingly.
- Client devices are trusted
- Browsers correctly implement cryptographic APIs
- Users safeguard their own environments
- No protection against endpoint compromise
- No message recovery
- No anonymity guarantees against traffic analysis