Introducing End-to-end Encryption for Twilio IP Messaging with Virgil Security℠

Software developers have a love-hate relationship with security, especially when shipping their product is concerned. All too often security is bolted on at the last minute or not at all. End-to-end encryption is particularly difficult to properly build and integrate into an application.

Twilio is partnering with Virgil Security to make building end-to-end encrypted applications a breeze with Twilio IP Messaging and Virgil Crypto SDK and Key Management. Now every developer can build security into their Twilio apps without having to become a crypto expert themselves.

What is end-to-end encryption?

The Virgil Crypto SDK is used to encrypt the content of messages so that only the message originators and recipients have the ability to decrypt and read it. Virgil Key Management provides the message recipient’s public key. The SDK uses that public key to encrypt the message on the sender’s device before the message is sent. The result is that the content transmitted or stored in the cloud is undecipherable gibberish. The recipient uses their private key to decrypt the message on their device. This ensures that no one else, including Twilio, Virgil Security, telecom providers, Internet providers, or eavesdroppers can decrypt the message.

How End-to-End Encryption works with Twilio and Virgil

When should I use end-to-end encryption?

By default, Twilio IP Messaging is already encrypted in transit with HTTPS. End-to-end encryption is an additional layer of security designed to address the needs of companies that operate under strict regulatory environments. At the same time, encrypting end-to-end may remove the ability to access advanced functionality such as searching chat history. Before implementing additional security you will want to evaluate if it will address your business needs.

Different market sectors such as finance, healthcare, and education must adhere to regulation that requires heightened security when transmitting or storing certain types of data. All around the world, regulators are paying more attention to privacy and passing laws demanding higher levels of security. Depending on the regulatory atmosphere of your industry or geography, HTTPS alone may not be sufficient.

Getting started with Twilio IP Messaging and Virgil Security encryption

To get you started quickly, Virgil has created a demo application along with quickstart guides in several languages. Check out the demo of Twilio IP Messaging with end-to-end encryption along with the demo source code.

Choose your favorite language to build your own secure messaging application with these tutorials:

Virgil at SIGNAL

At this year’s SIGNAL conference we are pleased to have Virgil Security co-founder and CTO Dmtry Dain. Come join Dmitry in person as he shares how to add end-to-end encryption to your IP Messaging app as well as bonus information on regulatory compliance.

  • focorner

    Nice feature and great article. Thank you. :)

    Change of subject: I couldn’t help noticing that there are sponsored links on your blog. Why?

    • Twilio

      Hey Daniel,
      Thanks for the read! We’re disabling that Disqus ad feature. We apologize for the inconvenience.

      • focorner

        I didn’t know it was a Disqus feature, so now it makes more sense. Thank you for taking the time. :)

        • Twilio

          No problem at all. Thanks for the feedback, and thanks for reading the post. We’re here and we’re listening if you ever have questions or comments on the blog.

  • Carlos Rodriguez

    please don’t trust Virgil Security for anything, they have no idea what they’re doing. look at their code, their staff, and their lack of peer review, and you’ll see why.

  • Richard Komaiko

    The demo link appears to be broken. Is there a new link?