Software developers have a love-hate relationship with security, especially when shipping their product is concerned. All too often security is bolted on at the last minute or not at all. End-to-end encryption is particularly difficult to properly build and integrate into an application.
Twilio is partnering with Virgil Security to make building end-to-end encrypted applications a breeze with Twilio IP Messaging and Virgil Crypto SDK and Key Management. Now every developer can build security into their Twilio apps without having to become a crypto expert themselves.
What is end-to-end encryption?
The Virgil Crypto SDK is used to encrypt the content of messages so that only the message originators and recipients have the ability to decrypt and read it. Virgil Key Management provides the message recipient’s public key. The SDK uses that public key to encrypt the message on the sender’s device before the message is sent. The result is that the content transmitted or stored in the cloud is undecipherable gibberish. The recipient uses their private key to decrypt the message on their device. This ensures that no one else, including Twilio, Virgil Security, telecom providers, Internet providers, or eavesdroppers can decrypt the message.
When should I use end-to-end encryption?
By default, Twilio IP Messaging is already encrypted in transit with HTTPS. End-to-end encryption is an additional layer of security designed to address the needs of companies that operate under strict regulatory environments. At the same time, encrypting end-to-end may remove the ability to access advanced functionality such as searching chat history. Before implementing additional security you will want to evaluate if it will address your business needs.
Different market sectors such as finance, healthcare, and education must adhere to regulation that requires heightened security when transmitting or storing certain types of data. All around the world, regulators are paying more attention to privacy and passing laws demanding higher levels of security. Depending on the regulatory atmosphere of your industry or geography, HTTPS alone may not be sufficient.
Getting started with Twilio IP Messaging and Virgil Security encryption
To get you started quickly, Virgil has created a demo application along with quickstart guides in several languages. Check out the demo of Twilio IP Messaging with end-to-end encryption along with the demo source code.
Choose your favorite language to build your own secure messaging application with these tutorials:
Virgil at SIGNAL
At this year’s SIGNAL conference we are pleased to have Virgil Security co-founder and CTO Dmtry Dain. Come join Dmitry in person as he shares how to add end-to-end encryption to your IP Messaging app as well as bonus information on regulatory compliance.