HushCircuits Docs

Appearance

Return to top
On this page

Encryption

The Encryption screen manages your client-side encryption keys and identity fingerprint.

Security Architecture

DEFENSE IN DEPTH

Security layers protecting your communications

🔑
APP PIN LOCK L1

Local 6-digit PIN with lockout after 5 failed attempts. Biometric option available.

ACTIVE
🚨
DURESS PIN L2

Secondary PIN that triggers silent wipe or sends distress signal when entered under coercion.

ACTIVE
🧮
VISUAL CAMOUFLAGE L3

Calculator disguise mode hides the app behind a functional calculator interface.

ACTIVE
🔐
AES-256 ENCRYPTION L4

Client-side key generation from entropy harvesting. Zero-knowledge architecture — we never see your keys.

ACTIVE
🌐
BRIDGE PROTOCOL L5

Two-leg call bridge ensures your device never contacts the target directly. No traceable connection.

ACTIVE
🎤
VOICE MODULATION L6

Real-time server-side voice transformation prevents vocal identification and forensic analysis.

ACTIVE
ALL LAYERS: NOMINAL

Key Generation

When you first access the Encryption screen, you'll need to generate your encryption keys.

The Entropy Harvester

Key generation uses mouse movement entropy to create cryptographically strong random data:

  1. Tap START KEYGEN
  2. Move your mouse (or finger on mobile) around the screen
  3. A progress bar fills from 0% to 100% as entropy is collected
  4. At 100%, the key pair is automatically generated

The result is a 256-bit AES key pair unique to your account.

Identity Fingerprint

After key generation, you'll see your active identity fingerprint — a 16-character hexadecimal string that uniquely identifies your encryption keys.

This fingerprint can be shared with contacts to verify your identity through an out-of-band channel.

Encryption Pipeline 

Your Device → AES-256 Encryption → Bridge Server → SIP TLS → Target

Key principles:

  • Zero-knowledge — The server never has access to your encryption keys
  • Blind relay — The bridge forwards encrypted data without decryption
  • Client-side only — All encryption/decryption happens on your device

Key Rotation (Burn & Regenerate)

If you need to rotate your keys (compromise suspected, routine security hygiene):

  1. Tap BURN_IDENTITY_AND_REGENERATE
  2. Enter your PIN in the challenge modal
  3. Old keys are destroyed
  4. New entropy harvesting begins
  5. A new key pair and fingerprint are generated

WARNING

Burning your identity destroys the old keys permanently. Any data encrypted with the old keys cannot be recovered.