Circlet is committed to providing high security. We apply industry-standard 256-bit AES-GCM encryption for end-to-end private messaging. Additionally, the client communicates with the server using the HTTPS protocol with TLS 1.2 standard, ensuring that only the parties in the chat room can read the messages.
Each chat room has its own encryption key. Even if the parties in different chat rooms are the same, they have different encryption keys. This ensures that the messages in each chat room are securely protected and isolated.
On top of this, the encryption key of each chat room is stored in Circlet's system database in an encrypted form using the user's public key. We use 2048-bit RSA encryption for the user's public/private key pair. To read the chat room messages, the server passes the encrypted chat room key to the client, and only the corresponding user can decrypt it using their private key. This ensures that only the related users can read the messages in the chat room. Even Circlet's system has no way to decrypt the chat room's messages, providing the highest level of security and privacy in messaging.
The user's public/private key pair is generated when the user registers with Circlet. We use a 2048-bit RSA public key encryption algorithm. The public key is stored in Circlet's database to encrypt the chat room's encryption key when a chat room is created for that user. The private key is encrypted by an AES-256 key (System Key) and sent back to the user.