Dust goes to great lengths to ensure the security and privacy of our users' messaging. To maximize this effort, our secure messaging model is built on two principles: maintaining all messaging on a closed loop and never storing data permanently. This is achieved by keeping direct messaging throughout the lifecycle exclusively available in RAM. In addition, the security keys used to encrypt and decrypt messages are created when each account is made. Dust takes advantage of these features to generate encryption unique to every individual message sent and received so that the maximum damage ever caused by a breach only affects that sole message; not all messages associated with the accounts.
Messages sent and received using the Dust app utilize an encryption process that benefits from the speed and efficiency of symmetrical encryption (AES) and the security of asymmetrical encryption (RSA). Whether sending a direct message to another registered Dust user or broadcasting a "Post" to multiple accounts in the user's network, each message generates its own AES 128-bit key which is then encrypted with an RSA 2048-bit key using the either the recipient's public key (direct message) or the Dust servers (public post).
Dust's direct messaging uses a two-step encryption and decryption process. The first step is to generate a unique AES 128-bit encryption key in clear text. The message is encrypted with this newly-created symmetric key. The second level of encryption uses the recipient's public key to encrypt the symmetrical key. Once the message is received, the symmetrical key is decrypted allowing the message to be decrypted and read. Here is the step-by-step process:
Dust's Posts utilizes a two-step encryption process similar to the direct messaging method; however, instead of using the recipient's public key to encrypt the symmetric key, the AES key is encrypted using the Dust servers' public key. This approach maintains service speed and efficiency while ensuring the highest levels of security. Like the direct messaging encryption, a post first creates a unique AES 128-bit key in clear text. The second layer of encryption occurs when the Dust server's public key encrypts the symmetric key. When each individual recipient is ready to read the message, their private keys decrypt the RSA key. This allows the AES encrypted message to then be decrypted. Here is the step-by-step process: