Skip to content
Spokes Documentation

Secure Chat

Spokes features a security mechanism known as Secure Chat. This feature encrypts messages at rest to ensure that private communications remain confidential even in the event of a catastrophic server compromise.

This page explains why Secure Chat exists, how it functions under the hood, and its security boundaries.

Why It Exists

Section titled “Why It Exists”

Standard databases store text in plain sight. If a server is compromised or, more commonly, if an automated database backup is accidentally leaked or stolen, all communication history is instantly exposed to the attacker. Secure Chat exists to prevent this exact scenario by ensuring that the database only holds scrambled, unreadable text.

What Goal Does It Have

Section titled “What Goal Does It Have”

The primary goal of Secure Chat is to provide a highly secure way to store messages at rest. It ensures that the messages stored on the disk and in database backups are mathematically impossible to read without the explicit cooperation (and password) of the users involved in the conversation.

How It Works

Section titled “How It Works”

Secure Chat relies on asymmetric (public/private key) encryption and password-derived secure vaults:

  1. Key Generation: When you first enable Secure Chat, the system generates an RSA Key Pair (a Public Key and a Private Key) specifically for your account.
  2. The Vault: Your Private Key is heavily encrypted using an AES Key Encryption Key derived from a custom “Chat Password” that you choose. This encrypted key is stored in the database.
  3. Channel Encryption: When a secure channel is created, unique encryption keys are generated for the channel. These channel keys are then encrypted using the Public Keys of each participant.
  4. Unlocking: To read or send messages in a secure channel, you must “Unlock your Vault” by entering your Chat Password. This decrypts your Private Key in memory, which is then used to decrypt the channel keys, and ultimately, the messages themselves.

How Secure Is It?

Section titled “How Secure Is It?”

It is significantly more secure than standard plaintext chat applications. The encryption protects your messages inside the database, keeping them completely safe if the server’s database or backups ever leak. Because your private key is encrypted with your personal Chat Password (which is only ever stored on your personal devices) the server cannot independently decrypt your messages.

Security Boundaries

Section titled “Security Boundaries”

It is crucial to understand what Secure Chat protects against and what its limitations are.

What it Protects Against

Section titled “What it Protects Against”
  • Database Leaks: If the raw database is stolen, the messages are unreadable.
  • Backup Exposures: If an automated backup file is exposed to the public internet, the attacker cannot read the chat history.
  • Rogue Administrators: An administrator with direct database access cannot read your private secure chat messages by simply querying the database.

What it Does NOT Protect Against

Section titled “What it Does NOT Protect Against”
  • Not True End-to-End Encryption (E2EE): While highly secure at rest, Spokes Secure Chat is not strictly End-to-End Encrypted. Because the encryption processes run in the browser and communicate with the server, a malicious server owner could theoretically modify the web application code to intercept data or passwords as they pass through the server.
  • Endpoint Compromise: If your computer or browser is compromised by malware, the attacker can read anything you can read while your vault is unlocked.