OneBuddy's encrypted messaging uses industry-standard cryptographic protocols to ensure that only the intended recipient can read your messages.
Key Exchange: When you initiate a conversation, OneBuddy uses ECDH (Elliptic Curve Diffie-Hellman) P-256 to negotiate a shared secret key with the recipient. This happens automatically without either party needing to share keys manually.
Message Encryption: Each message is encrypted using AES-GCM with a 256-bit key derived from the shared secret. AES-GCM provides both confidentiality and authenticity, ensuring messages cannot be read or tampered with in transit.
Zero-Knowledge Architecture: The relay server that routes messages between users handles only encrypted data. It has no access to encryption keys and cannot decrypt message content. Even if the server were compromised, message contents would remain protected.
Both the sender and recipient must have OneBuddy installed for encrypted messaging to work. The extension handles all cryptographic operations locally on each device.