New end to end encrypted IM/VOIP web app focused on ease of use

Tom Ritter tom at
Wed Aug 20 09:10:35 PDT 2014

This is cool!  I love the combined distribution of providing a hosted
version, and encouraging people to host it themselves.

I looked into the code to understand more about how it works.  Is it
fair to say that you use WebRTC with SRTP for the transport
encryption, and then a homebaked AES-GCM-based protocol with RSA
public keys to do the encrypted chat/actions/invites, and also to
distribute/authenticate the WebRTC fingerprints?


On 19 August 2014 05:33, Subrosa Team <contact at> wrote:
> Subrosa is an open source, end to end encrypted messaging / VOIP app focused on being easy to use for the general public. We made Subrosa in response to the mass surveillance revelations programs, and to address the difficulty of current tools for the average user. Oh, and it supports group video chats.
> Site, and hosted version to try it out:
> Why make something new?
> We've tried getting our non-techie contacts to use GPG/OTR/etc. Our personal experiences are that spending hours per person we want to talk to, teaching them how to use the tool, and helping them when they inevitably come across an issue (e.g. lose their keys) are just not practical. We think there's a place for an end to end encrypted messaging platform usable by *everyone*.
> Furthermore, not everyone cares about crypto. Subrosa is just as easy to use as making a Skype account, while key generation, etc are all performed behind the scenes. For end to end encryption to be widely adopted, it needs to convince people who don't care about it as well. And that means it can't be any harder, or more confusing than popular offerings.
> Subrosa does cryptography transparently, however we don't *hide* information such as fingerprints (so you can verify you're not being MITM attacked, by us). RSA keypairs are stored on our servers, with the private key being passed through PBKDF2 with the user password (not sent). Messages are encrypted using exchanged AES keys, with VOIP/video chats encrypted with SRTP.
> We know web crypto, when executing code from a remote server, has grave security implications. For ease of use, we do have a hosted version. Subrosa's client is fully open source however, and you can (and should!) run a local copy of the client. We use the ForgeJS library.
> We're also fully committed to end to end encryption. We don't have any "gotchas" like iMessage being end to end for delivery, but storing the plaintext of messages in iCloud. We shouldn't have the ability to read any messages, in all circumstances (assuming local client).
> Please let us know what you think about Subrosa, and pick at this :)

More information about the cypherpunks mailing list