Every message and file stored and sent with Peerio is encrypted end-to-end without any need to enable or activate encryption. Our encryption is designed so that group communication across multiple devices is easy, fast, and persistent.
- Users’ keys are never seen by the server
- Unique keys are used for each conversation, and re-keyed each time participants change
- We use state-of-the art, fast encryption primitives from the NaCl cryptographic framework:
- X25519 for public key agreement over elliptic curves
- ed25519 for public key signatures
- XSalsa20 for encryption and confidentiality
- Poly1305 for ensuring the integrity of encrypted data
- scrypt for memory-hard key derivation
- BLAKE2s for various hashing operations
For in-transit encryption, we use Transport Layer Security (TLS) with best-practice cipher suite configuration, HTTP Strict Transport Security (HSTS), and include support for perfect forward secrecy (PFS). You can view a detailed and up-to-date independent review of Peerio’s TLS configuration on SSL Labs.