QEYET / Security

Security architecture

Security that says exactly what it does.

QEYET encrypts content for authorized devices while acknowledging the network metadata, endpoint risks, and assurance work that encryption alone cannot erase.

The protection model

Each layer has a specific job. No single label such as “encrypted” is used to imply protections the system does not provide.

Message sessions

One-to-one and per-recipient group delivery use independent Olm Double Ratchet sessions through Matrix Rust SDK Crypto and its vodozemac cryptographic engine.

Device identities

Signed P-256 device identities let contacts verify which cryptographic devices belong to a conversation.

Local vaults

Account state and local history are stored in an AES-256-GCM encrypted vault. Recovery material is derived with PBKDF2-SHA-256.

Calls and file transport

WebRTC protects live media and direct file transfers in transit. File bytes wait for both peers rather than being uploaded for later download.

Mini-node delivery

Mini-nodes and federation peers can store and forward encrypted envelopes. They do not receive participant conversation keys.

Device verification

Safety numbers and authorized-device pairing provide a second-channel way to confirm encrypted identities.

What infrastructure can observe

Encryption protects message and file contents, but it does not make internet transport invisible. A QEYET node or network provider may observe connection timing, source network addresses, approximate encrypted packet sizes, delivery attempts, client version, and aggregate health counters. WebRTC peers may learn each other's network addresses depending on connection path.

No “zero metadata” claim

QEYET does not claim that routing metadata disappears. The design minimizes content custody and separates encryption keys from routing infrastructure; it does not promise network anonymity.

Recovery and deletion

Identity recovery and message-history recovery are deliberately separate.

Six recovery words

The words can restore a standard identity. They cannot recreate message history that has been deleted from every authorized device and backup.

Linked devices

Authorized devices can synchronize encrypted state when they reconnect. Compromise of an unlocked endpoint remains an endpoint-security risk.

Local kill controls

Local deletion removes messages, call logs, cached media, and browser storage from that device while preserving contacts when that option is selected.

Enterprise reissuance

An administrator can issue replacement organizational access. The administrator cannot decrypt a former device's history or restore deleted content.

Current assurance status

QEYET uses established cryptographic components, but the assembled QEYET product has not yet completed an independent cryptographic review or penetration test. It should not be represented as independently certified or as an implementation of the Signal Protocol.

AreaCurrent stateRequired before enterprise certification
Cryptographic engineMatrix Rust SDK Crypto / vodozemacIndependent review of QEYET's integration and protocol boundaries
Application securityAutomated adversarial, regression, and recovery testingIndependent penetration testing and remediation verification
AvailabilityFederated nodes, mini-node participation, queued encrypted envelopesHigh-concurrency load tests and documented regional failure exercises
RecoveryRecovery words, device linking, encrypted backups, enterprise reissuanceFormal recurring recovery drills with recorded outcomes

Responsible reporting

Security concerns can be reported privately to admin@qeyet.com. Do not include active recovery words, account keys, or private message content.