Security Architecture
Security Architecture
How SemaFore handles keys, sessions, encryption, and rotation.
This section documents the cryptographic architecture of SemaFore, a messaging platform for regulated enterprises. Start with Overview for the trust model, then continue through Cryptographic Primitives, Identity Keys, Session Establishment, Message Encryption, Broadcast Messages, and Key Rotation. These pages are intended for security teams, engineers, and compliance reviewers assessing the platform’s cryptographic posture. All claims in this section are grounded in ADRs (Architecture Decision Records) and verified against the live implementation in sf-server.
Overview
What plaintext-blind means and how the trust model works.
PAGECryptographic Primitives
X25519, Ed25519, AES-256-GCM, HKDF, and HMAC-SHA256.
PAGEIdentity Keys
Dual identity key contract, key bundles, and per-device keys.
PAGESession Establishment
X3DH walkthrough, first-message headers, and multi-device fan-out.
PAGEMessage Encryption
Double Ratchet, dr_v1 wire format, and forward secrecy.
PAGEBroadcast Messages
Organisation-wide announcements, offline delivery, and plaintext-blind relay.
PAGEKey Rotation
SPK rotation triggers, procedure, and why it matters.