Encryption Model

Dust Secure Messaging Model

Dust goes to great lengths to ensure the security and privacy of our users' messaging. To maximize this effort, our secure messaging model is built on two principles: maintaining all messaging on a closed loop and never storing data permanently. This is achieved by keeping direct messaging throughout the lifecycle exclusively available in RAM. In addition, the security keys used to encrypt and decrypt messages are created when each account is made. Dust takes advantage of these features to generate encryption unique to every individual message sent and received so that the maximum damage ever caused by a breach only affects that sole message; not all messages associated with the accounts.

Dust Encryption Model

Messages sent and received using the Dust app utilize an encryption process that benefits from the speed and efficiency of symmetrical encryption (AES) and the security of asymmetrical encryption (RSA). Whether sending a direct message to another registered Dust user or broadcasting a "Post" to multiple accounts in the user's network, each message generates its own AES 128-bit key which is then encrypted with an RSA 2048-bit key using the either the recipient's public key (direct message) or the Dust servers (public post).

Direct Message Encryption

Dust's direct messaging uses a two-step encryption and decryption process. The first step is to generate a unique AES 128-bit encryption key in clear text. The message is encrypted with this newly-created symmetric key. The second level of encryption uses the recipient's public key to encrypt the symmetrical key. Once the message is received, the symmetrical key is decrypted allowing the message to be decrypted and read. Here is the step-by-step process:

  1. The sender types the message to a registered Dust user and presses "send".
  2. The Dust app generates a unique AES 128-bit encryption key for the message.
  3. The recipient's public key is used to encrypt AES 128-bit key.
  4. The message is sent to Dust RAM memory until it is accessed by the receiving user.
  5. The recipient retrieves the key from the local secure store and the recipient's private key decrypts the AES key.
  6. The message is decrypted and the recipient can now read it.

Post Encryption

Dust's Posts utilizes a two-step encryption process similar to the direct messaging method; however, instead of using the recipient's public key to encrypt the symmetric key, the AES key is encrypted using the Dust servers' public key. This approach maintains service speed and efficiency while ensuring the highest levels of security. Like the direct messaging encryption, a post first creates a unique AES 128-bit key in clear text. The second layer of encryption occurs when the Dust server's public key encrypts the symmetric key. When each individual recipient is ready to read the message, their private keys decrypt the RSA key. This allows the AES encrypted message to then be decrypted. Here is the step-by-step process:

  1. The sender creates a message to his or her followers using the Dust's Post feature.
  2. The app generates a unique AES 128-bit encryption key in clear text.
  3. The Dust server's public key is used to encrypt the symmetric encryption key.
  4. The posts are sent to the Dust servers and placed in volatile RAM memory.
  5. As each recipient checks their message, the private key generated on the creation of the Dust account decrypts the symmetric key and the symmetric key decrypts the message.