Increasingly hackers, thieves, corporations, and other agencies are snooping on our private lives. What was once thought to be private can increasingly fall into the hands of the wrong people.

When you start ChatMap for the first time it creates 2 keys for you, a private key and public key, this is known as public or asymmetric cryptography.

**Private key:** Your private key is just that, private. It never leaves your phone; it is not shared with anyone including us. Your private key is used to decrypt messages and location data sent to you. Contained within your private key is 2 or more prime numbers (more on this later).

**Public key:** Your public key is created then stored on our server. It is available to any phone using ChatMap that requests it. Anything encrypted with a public key can only be decrypted with the matching private key.

At the heart of today’s encryption are prime numbers. As a refresher, a prime number is a whole number, greater than 1, which is only divisible by itself and 1. Some examples are: 13, 17, 19, 47, 89.

In simple terms, the product (multiply) of two large prime numbers is used to create an extremely large number - n (~617 decimal digits). Without knowing the two factors used to create n, a computer must use brute-force to try every combination of numbers to find the 2 factors. Even with today’s computational power, this can take up to 40 years. If you know the two factors, it takes a trivial amount of computational power to ensure that they are correct. This is the core of how encryption works.

Good encryption software requires balancing strength with performance. We use 3072 bit RSA keys and 256 bit AES keys. This is the maximum that current mobile hardware can handle within our application and still feel fast. Anything encrypted at this strength is estimated to remain uncrackable well beyond 2030.

When Bob wants to send Alice a message using ChatMap, Bob’s phone requests Alice’s public key from the ChatMap servers. Bob’s phone uses Alice’s public key and encrypts her message such that it can only be decrypted by Alice’s private key. Note, Bob does not have Alice’s private key, but using an encryption algorithm with the public key will generate a file that can only be opened by Alice’s private key.

That encrypted file is sent securely to ChatMap servers using SSL and stored securely on our servers. Note that since the server does not have access to Alices’s private key, we have no way of decrypting it, and neither does anyone but Alice. The message is briefly stored in its encrypted format until it is sent on to Alice over SSL. Once the message arrives on Alice’s phone, it is decrypted using the private key stored on Alice’s device. The message is then deleted from our servers.

In short, end-to-end encryption is about keeping data secured upon its creation and only decrypting on the device that it is going to be consumed on. With the appropriate keys, encrypting and decrypting is virtually transparent to customers and data is only consumed by the intended recipients.

By Cary Evans - September 2015