Security Architecture
Security Architecture
How SemaFore handles keys, sessions, encryption, and rotation.
This section documents the cryptographic architecture of SemaFore, a messaging platform for regulated enterprises. The pages that follow describe the Signal Protocol implementation (X3DH and Double Ratchet), the key lifecycle (Identity Keys, Signed Pre-Keys, and One-Time Pre-Keys), and how the server routes ciphertext while remaining plaintext-blind. These pages are intended for security teams, engineers, and compliance reviewers assessing the platform’s cryptographic posture. All claims in this section are grounded in ADRs and verified against the live implementation in sf-server.
Overview
What plaintext-blind means and how the trust model works.
PAGECryptographic Primitives
X25519, Ed25519, AES-256-GCM, HKDF, and HMAC-SHA256.
PAGEIdentity Keys
Dual identity key contract, key bundles, and per-device keys.
PAGESession Establishment
X3DH walkthrough, first-message headers, and multi-device fan-out.
PAGEMessage Encryption
Double Ratchet, SMD1 wire format, and forward secrecy.
PAGEBroadcast Messages
Organisation-wide announcements, offline delivery, and plaintext-blind relay.
PAGEKey Rotation
SPK rotation triggers, procedure, and why it matters.