Server-Blind Architecture

BlackVoice Technologies uses a zero-knowledge server design. The server is mathematically unable to access user message content or encryption keys.

How It Works

All encryption and decryption happens exclusively in the user's browser using the Web Crypto API. The server receives only encrypted ciphertext and has no mechanism to derive the decryption keys.

Key Principles

• Client-side key generation — All encryption keys are generated in the browser and never transmitted to the server
• Client-side encryption — Messages are encrypted before being sent to the server
• Client-side decryption — Only the recipient's browser can decrypt received messages
• No key escrow — BlackVoice Technologies does not maintain copies of user encryption keys
• Forward secrecy — Each message uses ephemeral keys via the Signal Protocol Double Ratchet

What the Server Stores

The server stores encrypted ciphertext, public key material for key exchange, and metadata necessary for message routing. It cannot access plaintext content, private keys, or session keys.

Implications

Even if the server is compromised, an attacker gains only encrypted data without the means to decrypt it. Court orders or subpoenas cannot compel BlackVoice Technologies to produce plaintext content because the server does not possess it.