NavigationCapabilitiesSystemsAegis BMDTimelineRequest Access
◆ Elston Industries — Defense Systems Division — Authorized Access Only — ELSTON INDUSTRIES — SIGINT • ISR • BMD • C4ISR • EW — Next-Generation Superiority —    ◆ Elston Industries — Defense Systems Division — Authorized Access Only — ELSTON INDUSTRIES — SIGINT • ISR • BMD • C4ISR • EW — Next-Generation Superiority —    
All Systems
Operational

SIGINT Secure Comms

CODENAME: BLACKWIRE
SRP-6aE2E EncryptionZero-Knowledge

Overview

BLACKWIRE is a zero-knowledge encrypted messaging platform designed for classified-level communications. It provides mutual authentication without transmitting passwords or storing them server-side, end-to-end encrypted messaging, and persistent secure contact management.

Authentication — SRP-6a

The platform uses Secure Remote Password protocol version 6a (SRP-6a) for mutual authentication. SRP-6a proves knowledge of a password without transmitting it, and proves to the client that the server also knows the verifier — preventing phishing attacks against a rogue server.

Registration Flow

Client:                          Server:
─────────────────────────────────────────
generate salt s
compute x = H(s, password)
compute v = g^x mod N            store (username, s, v)
send (username, s, v) ──────────►

Login Flow

Client:                          Server:
─────────────────────────────────────────
send username ──────────────────►
                                 generate B = kv + g^b mod N
◄─────────────────── send (s, B)
generate A = g^a mod N
send A ─────────────────────────►
                                 compute S_server = (Av^u)^b mod N
compute S_client = (B-kg^x)^(a+ux) mod N
derive K = H(S_client)           derive K = H(S_server)
compute M1 = H(A, B, K) ────────►
                                 verify M1, send M2 = H(A, M1, K)
verify M2 ◄──────────────────────

Both sides independently derive the same session key K. Neither the password nor the verifier is transmitted during login.

Message Encryption

Key Derivation

After SRP-6a authentication, the shared session key K is used to derive a per-session AES-256-GCM encryption key via HKDF:

message_key = HKDF-SHA256(K, salt="messaging", info=session_id)

Encryption

Each message is encrypted client-side before transmission:

ciphertext, tag = AES-256-GCM.encrypt(message_key, nonce, plaintext)
send { ciphertext, tag, nonce }

The server stores and forwards only ciphertext — it cannot read message content.

Group Chat

Group conversations use a shared group key distributed to members via asymmetric encryption:

  1. Group creator generates a random 256-bit group key GK
  2. GK is encrypted to each member's public key: E(member_pub, GK)
  3. Each member decrypts their copy of GK on join
  4. All group messages are encrypted with GK

Key rotation is triggered on member removal.

Security Hardening