signalapp/libsignal

Signal is the private messaging app that many people use when they want their conversations to stay encrypted. This repository, libsignal, is the shared library of code that Signal's own apps and servers all rely on. It is written in Rust, but it is packaged so that Android apps can use it as Java, iPhone apps can use it as Swift, and desktop or web apps can use it as TypeScript. The most important part of this library is an implementation of the Signal Protocol itself, which is what keeps messages private. The protocol uses something called the Double Ratchet algorithm, which constantly rotates encryption keys so that even if one key is ever exposed, past and future messages stay protected. The library also handles standard cryptographic building blocks like AES-GCM encryption, which appears in many secure systems. Beyond message encryption, libsignal contains several other pieces Signal needs to operate. One module handles transferring your account from one device to another. Another handles remote attestation, which is a way for Signal's servers to prove to clients that they are running trustworthy software inside a protected environment. There is also support for zero-knowledge group membership, which lets users join or verify group membership without revealing their contacts or group lists to Signal's servers. The library also includes code for usernames, for account key management tied to Signal's PIN-based backup system, and for manipulating media files. Each of these components is written in Rust but exposed to app developers through Java, Swift, or TypeScript wrappers. The README is explicit that this library is intended only for Signal's own use. Third-party developers who want to build apps using the Signal Protocol should look elsewhere, because the APIs here can change without notice. Building the code requires Rust plus several other tools, and separate setup steps exist for Android, iOS, and Node.js targets.