May 5, 2016 at 13:03Viber got default end-to-end encryption
The Viber authors followed the same path as the WhatsApp developers and integrated full end-to-end encryption into their messenger, which implies the storage of private encryption keys on user devices. Unlike WhatsApp, which uses the implementation of the Double Ratchet algorithm from Open Whisper Systems (Signal) as the end-to-end encryption protocol , Viber authors wrote its implementation from scratch. At the same time, text messages sent between users, calls, and also transferred files are encrypted. The function is available to users since Viber 6.0.
To organize end-to-end encryption, each client uses a key pair: public and private. This key pair of the 256-bit Curve-25519 encryption algorithm (key ID) for the Viber client is generated when the messenger is installed on the main device. The public part of the key is sent to the Viber server, and the private part is stored on the client device to decrypt incoming messages. Other devices that work with this Viber account also receive a copy of the private key from the main device using a special cryptographic algorithm.
Viber establishes a secure connection with all client devices when they want to exchange messages. This means that if on one side the messenger is installed on the main device, on a PC and tablet, and on the other it is also used on several devices, a secure connection will be established between each of the devices on opposite sides.
Для использования данной функции шифрования пользователям следует обновить свое приложение Viber до новейшей версии.
Более подробную информации о шифровании Viber см. www.viber.com/en/security-overview
Starting with Viber 6.0, all of Viber's core features are secured with end-to-end encryption: calls, one-on-one messages, group messages, media sharing and secondary devices. This means that the encryption keys are stored only on the clients themselves and no one, not even Viber itself, has access to them. Viber's protocol uses the same concepts of the "double ratchet" protocol used in Open Whisper Systems Signal application, however, Viber's implementation was developed from scratch and does not share Signal's source code.
To organize end-to-end encryption, each client uses a key pair: public and private. This key pair of the 256-bit Curve-25519 encryption algorithm (key ID) for the Viber client is generated when the messenger is installed on the main device. The public part of the key is sent to the Viber server, and the private part is stored on the client device to decrypt incoming messages. Other devices that work with this Viber account also receive a copy of the private key from the main device using a special cryptographic algorithm.
Viber establishes a secure connection with all client devices when they want to exchange messages. This means that if on one side the messenger is installed on the main device, on a PC and tablet, and on the other it is also used on several devices, a secure connection will be established between each of the devices on opposite sides.
To send a secure message, secure sessions must exist between the sending device and all the recipient's devices, as well as between the sending device and all the sender's other devices. So for example, if user A that has a mobile phone and a PC registered to Viber under the same account wishes to communicate with user B that has a mobile phone and a PC, secure sessions must be established between each pair of devices.
Для использования данной функции шифрования пользователям следует обновить свое приложение Viber до новейшей версии.
Более подробную информации о шифровании Viber см. www.viber.com/en/security-overview