Hacker News new | ask | show | jobs
by sil3ntmac 4390 days ago
I assumed it was asymmetric like pgp, but you're right they dont mention it anywhere. That is rather puzzling. wtf.
1 comments
rakoo 4390 days ago
Actually they seem to mention it's symmetric:

    Each email or file has its own unique key, which is stored
    in and protected by a keystore in my butt. By default, 
    the Virtru keystore is used, but advanced users will be 
    able to operate their own key stores.
link
DHowitzer 4389 days ago
Our base case is indeed symmetric for each message (the key distribution is over Elliptic Curve Diffie Hellman Ephemeral).

The number one reason why we allow for symmetric message keys is to allow you to send an encrypted message to anyone, even if they don't have public keys somewhere. Distributing and using private/public keys in a trusted AND easy to use way is a problem we're currently working to solve, and will add as soon as we get that done in a way that doesn't make our software so hard to use that people stop using it.

link
rakoo 4388 days ago
We don't have a problem with symmetric encryption. We have a problem with the key being stored on your servers, effectively nullifying encryption.

Now, I'm not saying it's an easy problem; kudos to you for tackling it. It's just that

- if you have the keys to the payload

- if you don't provide open-source client code

then no one can honestly trust your service. Don't forget that what you're primarily doing with is trust.

link