Each message gets a unique Advanced Encryption Standard (AES) private encryption key and a unique Elliptic-curve Diffie–Hellman (ECDH) public key to negotiate the key exchange with recipients. Message content—including text, files, audio, or video—is encrypted on the sending device using the message-specific AES key. This key is then exchanged via the ECDH key exchange mechanism, so that only intended recipients can decrypt the message.
Every call, message, and file is encrypted with a new, random key. New keys cannot be used to decrypt old messages, and old keys cannot be used to decrypt new messages.
Wickr’s Zero Trust architecture is designed to withstand a full back-end breach without compromising the contents of messages. No one but intended recipients (not even AWS) can decrypt them.
Default expiration and burn-on-read (BOR) timers can be set for each room or message, allowing you to destroy sent messages and files after a set amount of time (anywhere from 1 minute to 365 days), or automatically delete messages once they have been read by recipients. Deleted data is digitally shredded so that it can never be recovered from lost or stolen devices.
Multi-factor authentication, account takeover protection, data encryption at rest, client network traffic obfuscation, secure link previews, message recall, screenshot detection, overlay protection, and more.