Encryption Mechanism ​

Ripto utilizes Hybrid Public Key Encryption (HPKE) for encryption purposes.

Initially, Ripto employed end-to-end encryption (E2EE) with RSA key pairs. However, due to various issues such as setup complexity, slow transmission speeds, low security, and limitations on the number of characters, Ripto transitioned to HPKE.

The encryption library employed by Ripto is hpke-js (https://github.com/dajiaji/hpke-js). Within a given chat room, Ripto retrieves the public keys of users who have been online within the last 5 minutes. Using these public keys, Ripto generates encrypted data specific to each user.

When receiving a message, Ripto decrypts the data that has been specifically prepared for the recipient. Then, it verifies the signature using the sender's public key before displaying the message on the screen.

Ripto utilizes Firebase Realtime Database as its storage solution. For details regarding the content stored in the database, please refer to the privacy policy.