Ntru and McEliece asymmetric encryption algorithms implemented in WebAssembly and wrapped in Javascript are used as the method of asymmetric encryption.
Supersphincs asymmetric signature algorithm implemented in WebAssembly and wrapped in Javascript is used to sign each layer of encrypted data from the asymmetric encryption method.
TripleSec symmetric encryption and signature algorithm is used as the method of symmetric encryption and signature. TripleSec does contain the scrypt algorithm which is weakened in order to keep great performances. TripleSec is rebuild using algorithms from libsodium which has WebAssembly implementations.
Public keys generated from asymmetric encryption and signature algorithms are placed into a String which is publicly shared on the user's Steem account. Asymmetric private keys are kept private.
This shared public String is used to encrypt two String called the shared secrets between two contacts which are two keys generated by the symmetric encryption and signature algorithm. Primary and secondary shared secrets are unique per contact pair and can be renewed.
All data exchanged by a pair is encrypted and decrypted using the primary shared secret.
All data including files and data stream are transmitted through a Peer-To-Peer method using the WebRTC protocol. PeerJS-server is used as a connection broker which is required for P2P web application while PeerJS-client is used to facilitate the internal P2P implementation. A connection broker does not proxy any data.
Data can also be sent in a memo in a Steem transfer. Data contained in a memo are encrypted using the secondary shared secret. If no secondary shared secret has been set between a pair, the memo is not encrypted.
If no public key has been set for an account, that means that the account is not using the application. If no shared secrets have been set between a contact pair, that means that the contact is not paired.
Locally stored data are encrypted using symmetric encryption and signature method defined above with the password set in the application.
If a user wants to use the application from multiple devices, the user must make his shared secrets and private keys portable. The user can encrypt and store theses data in a distant file or in his Steem account.
The portability of an account is not activated by default.
If the portability method is Steem, portable private data are encrypted through the symmetric encryption and signature method defined above with the account's private memo key. It is possible and recommended to add a custom password to the private memo key.