Message Encryption

All messages in the Headlance messenger are encrypted on the server using the AES-256-GCM algorithm. This means data is protected both at rest and in transit.

How it works

When a message is sent, the text is encrypted on the server before being saved to the database. When a message is received, it is decrypted and delivered to the recipient over a secure connection (TLS 1.2/1.3).

This approach is similar to Telegram's encryption model: messages are protected from external access but remain accessible to the system for search functionality and dispute arbitration.

What this provides

• Data protection at rest in the database (encryption at rest)
• Protection during transmission via TLS (encryption in transit)
• Ability to search through messages
• Arbitrator access to conversations when a dispute is opened

Attachments

Files are stored in encrypted MinIO storage. File access is controlled at the application level: only conversation participants can view attachments.