Security
Security is at the core of everything we build at Rail Gun.
Encryption Protocol
Rail Gun uses the Signal Protocol, the same encryption standard trusted by billions of users worldwide. The protocol provides:
- End-to-end encryption for all messages
- Perfect Forward Secrecy (PFS)
- Deniable authentication
- Future secrecy (post-compromise security)
Key Management
Your identity keys are generated locally on your device using cryptographically secure random number generators. Private keys never leave your device and are stored in secure storage (Keychain on macOS, Credential Manager on Windows, libsecret on Linux).
Open Source
Rail Gun is open source, allowing security researchers and the community to audit our code. We believe transparency is essential for trust.
View on GitHubReporting Vulnerabilities
We take security vulnerabilities seriously. If you discover a vulnerability, please report it responsibly:
Email:
security@railgun.appPlease include a detailed description of the vulnerability and steps to reproduce. We aim to respond within 48 hours and will work with you to resolve the issue.
Security Audits
We are committed to regular security audits by independent third parties. Audit reports will be published here as they become available.
Best Practices
To maximize your security when using Rail Gun:
- Always download Rail Gun from official sources
- Verify download checksums before installation
- Keep your operating system and Rail Gun updated
- Use strong device passwords/biometrics
- Verify safety numbers with your contacts
- Be cautious of phishing attempts