Data Encryption

Messaging

Glacier leverages the OMEMO (OMEMO Multi-End Message and Object Encryption) protocol, an adaptation of the Signal Protocol, for all messages (text, media, audio, video).

Multi-Device Support

Glacier supports multiple devices associated with the same account.
Each device establishes a unique Glacier session.
Messages are encrypted with a random key, which is transmitted as part of the message content.

Encryption & Security

Glacier employs a Double Ratchet algorithm to establish secure sessions for every device combination. This process uses:

Each session securely exchanges encryption keys for message security. Every message has a unique encryption key, ensuring that AES-GCM secures its contents.

Security Guarantees

Guarantee	Description
Confidentiality	Messages are only readable by sender and receiver.
Forward Secrecy	Compromised key material does not affect past messages.
Break-in Recovery	A compromised session recovers after a few communication rounds.
Authentication	Participants can verify message authenticity.
Integrity	Messages cannot be altered during transit.
Asynchronicity	Messaging does not require both users to be online simultaneously.

Video & Voice Calls

Media shared in voice and video calls is end-to-end encrypted and inaccessible to Glacier.

Secure Media Exchange

DTLS/SRTP encryption secures direct communication.
TURN servers relay encrypted media without decryption when necessary.