How We Protect Your Messages

Don't take our word for it — review the code.

Two Layers of Encryption

Sanctia uses two independent encryption models. Every message is encrypted at rest by default. For those who want maximum protection, end-to-end encryption ensures even we can't read your messages.

Server-Side Encryption

Always on by default

Every message is encrypted with its own unique key using envelope encryption.

  • A fresh 256-bit Data Encryption Key (DEK) is generated per message
  • Message content is encrypted with the DEK using AES-256-GCM
  • The DEK itself is encrypted by a Key Encryption Key (KEK) managed by AWS KMS
  • Only the encrypted DEK is stored alongside the message

If our database is breached, the attacker gets ciphertext and encrypted keys. Without access to AWS KMS, the data is useless.

End-to-End Encryption

Opt-in

Your passphrase never leaves your device. We literally cannot read your messages.

  • Keys are derived on your device using Argon2id — memory-hard, resistant to GPU and ASIC attacks
  • Messages and files are encrypted client-side with AES-256-GCM before reaching our servers
  • Each message gets its own salt and IV — compromising one reveals nothing about another
  • Domain separation prevents key reuse across verifiers, messages, and files

The server stores only ciphertext. Decryption happens entirely in the recipient's browser or app.

What We Can and Can't See

Server-Side Encryption End-to-End Encryption
Message content Encrypted at rest. Decrypted only for delivery to recipients. We cannot read it — ever
Attachments Stored in S3 Encrypted before upload
Your passphrase N/A Never sent to our servers
Metadata Visible (recipient names, delivery timing)

The Algorithms

AES-256-GCM

Authenticated encryption. Provides both confidentiality and integrity — if a single bit is tampered with, decryption fails.

Argon2id

Memory-hard key derivation. Default parameters: 64 MB memory, 3 iterations, 4-way parallelism. Makes brute-forcing a passphrase computationally expensive even on specialized hardware.

AWS KMS

Hardware-backed key management for server-side encryption. The master key never leaves the KMS boundary.

Open Source

Our encryption code is public. Both the client-side E2E library and the server-side envelope encryption service are available for review on GitHub.

We publish this code so you can verify our claims, not because we think security through obscurity works. The algorithms are industry standard. The implementation is what matters.

View on GitHub →

What's Next

  • Third-party security audit — on our roadmap once we launch
  • Key rotation — automated re-encryption with new keys
  • S3 server-side encryption — adding AWS SSE as an additional layer for attachments

Questions?

If you're a security researcher and want to discuss our implementation, reach out at support@sanctia.app.