Message sessions
One-to-one and per-recipient group delivery use independent Olm Double Ratchet sessions through Matrix Rust SDK Crypto and its vodozemac cryptographic engine.
Security architecture
QEYET encrypts content for authorized devices while acknowledging the network metadata, endpoint risks, and assurance work that encryption alone cannot erase.
Each layer has a specific job. No single label such as “encrypted” is used to imply protections the system does not provide.
One-to-one and per-recipient group delivery use independent Olm Double Ratchet sessions through Matrix Rust SDK Crypto and its vodozemac cryptographic engine.
Signed P-256 device identities let contacts verify which cryptographic devices belong to a conversation.
Account state and local history are stored in an AES-256-GCM encrypted vault. Recovery material is derived with PBKDF2-SHA-256.
WebRTC protects live media and direct file transfers in transit. File bytes wait for both peers rather than being uploaded for later download.
Mini-nodes and federation peers can store and forward encrypted envelopes. They do not receive participant conversation keys.
Safety numbers and authorized-device pairing provide a second-channel way to confirm encrypted identities.
Encryption protects message and file contents, but it does not make internet transport invisible. A QEYET node or network provider may observe connection timing, source network addresses, approximate encrypted packet sizes, delivery attempts, client version, and aggregate health counters. WebRTC peers may learn each other's network addresses depending on connection path.
QEYET does not claim that routing metadata disappears. The design minimizes content custody and separates encryption keys from routing infrastructure; it does not promise network anonymity.
Identity recovery and message-history recovery are deliberately separate.
The words can restore a standard identity. They cannot recreate message history that has been deleted from every authorized device and backup.
Authorized devices can synchronize encrypted state when they reconnect. Compromise of an unlocked endpoint remains an endpoint-security risk.
Local deletion removes messages, call logs, cached media, and browser storage from that device while preserving contacts when that option is selected.
An administrator can issue replacement organizational access. The administrator cannot decrypt a former device's history or restore deleted content.
QEYET uses established cryptographic components, but the assembled QEYET product has not yet completed an independent cryptographic review or penetration test. It should not be represented as independently certified or as an implementation of the Signal Protocol.
| Area | Current state | Required before enterprise certification |
|---|---|---|
| Cryptographic engine | Matrix Rust SDK Crypto / vodozemac | Independent review of QEYET's integration and protocol boundaries |
| Application security | Automated adversarial, regression, and recovery testing | Independent penetration testing and remediation verification |
| Availability | Federated nodes, mini-node participation, queued encrypted envelopes | High-concurrency load tests and documented regional failure exercises |
| Recovery | Recovery words, device linking, encrypted backups, enterprise reissuance | Formal recurring recovery drills with recorded outcomes |
Security concerns can be reported privately to admin@qeyet.com. Do not include active recovery words, account keys, or private message content.