Security measures
Message encryption
Messaging refers to exchanging text messages and assets like audio messages and images. All messaging is subject to end-to-end encryption to provide you with a strong degree of privacy and security. End-to-end encryption takes place between two devices. Proteus is the main cryptographic protocol. It is an independent implementation of the Axolotl / Double Ratchet protocol, which is, in turn, derived from the Off-the-Record protocol, using a different ratchet. Furthermore, Wire uses the concept of prekeys to use the protocol in an asynchronous environment. Two parties don't need to be online at the same time to initiate an encrypted conversation.
Proteus uses the following cryptographic primitives (provided by libsodium):
- ChaCha20 stream cipher
- HMAC-SHA256 as MAC
- Elliptic curve Diffie-Hellman key exchange (Curve25519) and key derivation are done using HKDF
Calling encryption
Call media is exchanged between endpoints in an SRTP-encrypted media session. To initiate the session, the SRTP encryption algorithm, keys, and parameters are negotiated through a DTLS handshake. The authenticity of the clients is also verified during the handshake by sending the expected fingerprints over the existing authenticated Proteus session.
Conference calls use existing WebRTC mechanisms to establish peer connections between devices and the Selective Forwarding TURN server (SFT). On those legs, all data is encrypted in the same way as on 1:1 calls. In addition, devices use Encoded Transforms / Insertable Streams to end-to-end encrypt the content of media packets.
Transport encryption
Clients interact with backend servers over HTTPS connections supporting TLSv1.2. and TLSv1.3. Wire uses only cipher suites that support forward secrecy (PFS). The server indicates the order preference of cipher suites and communicates HTTP Strict Transport Security (HSTS) to all clients.
Local data protection
Wire stores your conversation history, such as text messages, pictures, and other assets, locally on your device. Depending on the platform, different protection mechanisms exist:
iOS
Local data is stored using Core Data and in files (both protected with NSFileProtectionCompleteUntilFirstUserAuthentication). Conversation content, cryptographic key material, and other sensitive data aren´t synced with iCloud or iTunes backups. You can only access local data from the Wire app. It is inaccessible to other apps thanks to iOS sandboxing.
Android
Local data is stored using an encrypted SQLite database and in files. Conversation content, cryptographic key material, or other sensitive data isn’t synced with Android Backup Service. You can only access local data from the Wire app. It is inaccessible to other apps thanks to the Android permissions. The app sometimes keeps cached data (for example, downloaded images). Those files aren’t encrypted.
Desktop
Local data is stored using IndexedDB. The data is stored in the user’s folder. Cookies handled by the Electron wrapper are encrypted using OS level cryptography keys. We strongly recommend using full-disk encryption like FileVault on macOS or Bitlocker on Windows.