FAQ — Frequently Asked Questions — CryptPeer®

General Operation

Does CryptPeer® require an Internet connection to work?

No. In a local closed network, everything works in local-only mode. CryptPeer® can operate entirely without an Internet connection, via a private Wi‑Fi network (closed Wi‑Fi AP, without SIM/Internet).

Can the server see the content of my messages in plaintext?

No. The relay server is blind: it never sees plaintext. All messages are encrypted on the user's device before transmission. The database and metadata are encrypted upstream. Zero exploitable metadata.

Is CryptPeer® a traditional VoIP solution like others?

No. CryptPeer® is based on a sovereign P2P architecture: voice/video communications pass directly between peers, without a central server or intermediary.

What is the difference between VoIP and P2P?

VoIP is a transport technology, often centralized. P2P is a decentralized architecture: each user is both client and node. CryptPeer® combines IP transport and P2P architecture, with systematic encryption and typological compartmentalization.

On which devices can I use CryptPeer®? Do I need to install anything?

CryptPeer® works on all devices — computer, phone, tablet, smart TV, media — without installation. The experience is immediate with an "app‑like" UX: automatic display configuration, feeling of an installed application without actual installation.

Compatibility and Browsers

Which web browsers are compatible with CryptPeer®?

CryptPeer® uses Tailwind CSS v4.0 for its interface, which should ensure optimal compatibility with modern browsers. In principle, the following browsers should be compatible with CryptPeer®:

Chromium-based Browsers (Blink engine)

Mainstream browsers:

• Google Chrome 111+ (March 2023 and later versions) — Windows, macOS, Linux, Android, iOS
• Microsoft Edge 111+ (March 2023 and later versions) — Windows, macOS, Linux, Android, iOS
• Opera 97+ (March 2023 and later versions) — Windows, macOS, Linux, Android, iOS
• Brave 1.49+ (March 2023 and later versions) — Windows, macOS, Linux, Android, iOS
• Vivaldi 5.7+ (March 2023 and later versions) — Windows, macOS, Linux, Android
• Arc Browser (recent versions) — macOS, Windows (beta)
• Chromium (version 111 and later, open-source) — Windows, macOS, Linux

Privacy-focused browsers:

• Ungoogled Chromium (version 111 and later) — Windows, macOS, Linux
• Iridium Browser (recent versions) — Windows, macOS, Linux
• Bromite (recent versions) — Android only
• Tor Browser (based on Firefox ESR, see Gecko section)
• Epic Privacy Browser (recent versions) — Windows, macOS
• Comodo Dragon (recent versions) — Windows

Regional Chromium-based browsers:

• Yandex Browser (recent versions) — Windows, macOS, Linux, Android, iOS
• Naver Whale (recent versions) — Windows, macOS, Android
• 360 Secure Browser (recent versions) — Windows, macOS, Android
• QQ Browser (recent versions) — Windows, macOS, Android, iOS
• Baidu Browser (recent versions) — Windows, macOS, Android
• UC Browser (recent Chromium-based versions) — Windows, Android, iOS
• Maxthon (recent versions) — Windows, macOS, Linux, Android, iOS
• SRWare Iron (recent versions) — Windows, macOS, Linux

Gecko-based Browsers (Firefox engine)

• Mozilla Firefox 128+ (July 2024 and later versions) — Windows, macOS, Linux, Android, iOS
• Firefox ESR (recent versions) — Windows, macOS, Linux
• Tor Browser (based on Firefox ESR) — Windows, macOS, Linux, Android
• Waterfox (recent versions) — Windows, macOS, Linux, Android
• LibreWolf (recent versions) — Windows, macOS, Linux
• Pale Moon (recent versions, Firefox fork) — Windows, macOS, Linux
• Basilisk (recent versions) — Windows, macOS, Linux
• Iceweasel (recent versions, Debian) — Linux
• GNU IceCat (recent versions) — Linux

WebKit/Blink-based Browsers

• Apple Safari 16.4+ (March 2023 and later versions) — macOS, iOS, iPadOS
• Safari Technology Preview (recent versions) — macOS
• GNOME Web (Epiphany) (recent versions) — Linux
• Midori (recent versions) — Windows, macOS, Linux
• Otter Browser (recent versions) — Windows, macOS, Linux
• QupZilla (recent versions) — Windows, macOS, Linux
• Konqueror (recent versions) — Linux

Mobile Browsers

Android:

• Chrome Mobile (Android)
• Samsung Internet (Chromium-based, recent versions)
• Firefox Mobile (Android)
• Opera Mobile (Android, Chromium-based)
• Brave Mobile (Android, Chromium-based)
• Vivaldi Mobile (Android, Chromium-based)
• Microsoft Edge Mobile (Android, Chromium-based)
• UC Browser (Android, Chromium versions)
• Bromite (Android, Chromium-based)

iOS/iPadOS:

• Safari iOS (iOS 16.4+, iPadOS 16.4+)
• Chrome Mobile (iOS, uses WebKit)
• Firefox Mobile (iOS, uses WebKit)
• Microsoft Edge Mobile (iOS, uses WebKit)
• Opera Mobile (iOS, uses WebKit)
• Brave Mobile (iOS, uses WebKit)

Smart TV and Embedded System Browsers

• Samsung Smart TV (Tizen, Chromium-based browser) — Recent models
• LG Smart TV (webOS, WebKit-based browser) — Recent models
• Android TV (Chrome for Android TV, Chromium-based)
• Apple TV (Safari, WebKit-based) — Recent tvOS
• Roku (integrated browser, Chromium-based) — Recent models
• Fire TV (Amazon) (Silk Browser, Chromium-based)
• PlayStation (integrated browser, Chromium-based) — PS4, PS5
• Xbox (Microsoft Edge, Chromium-based) — Xbox One, Xbox Series
• Nintendo Switch (integrated browser, WebKit-based) — Recent versions

Embedded Systems and IoT Browsers

• Car browsers: Android Auto (Chrome), Apple CarPlay (Safari), integrated systems (Chromium/WebKit)
• E-reader browsers: Kindle (Silk Browser), Kobo (integrated browser)
• Smartwatch browsers: Wear OS (Chrome), watchOS (Safari)
• Embedded Linux system browsers: Chromium, Firefox, WebKit

Important note — Precautionary principle: This comprehensive list covers modern web browsers that should be compatible with Tailwind CSS v4.0 (Chrome 111+, Safari 16.4+, Firefox 128+). In principle, compatibility should be ensured for browsers based on recent Chromium/Blink, Gecko, and WebKit engines. However, if you encounter a compatibility issue with a browser mentioned in this list, please report it immediately to the CryptPeer technical team so we can investigate and resolve the problem.

Unsupported Browsers

CryptPeer® is not compatible with the following obsolete browsers:

• Internet Explorer (all versions, including IE 11) — Obsolete browser, support discontinued by Microsoft
• Older browser versions prior to minimum required versions (Chrome < 111, Safari < 16.4, Firefox < 128)
• Browsers based on obsolete engines that do not support modern web standards (CSS Grid, advanced Flexbox, ES6+, WebAssembly)

Technical reasons: These browsers do not support the modern CSS features required by Tailwind CSS v4.0 (such as field-sizing: content, @starting-style, text-wrap: balance, native CSS variables, and CSS nesting). CryptPeer® also uses modern JavaScript (ES6+), TypeScript, and WebAssembly (WASM) which are not supported by these obsolete browsers.

⚠️ Report issues: If you encounter a compatibility issue with a browser mentioned in the list of compatible browsers, please report it immediately to the CryptPeer technical team via our contact form or by email. Your feedback helps us improve compatibility and resolve issues quickly.

How do I check my browser version?

To check your browser version and ensure it is compatible with CryptPeer®:

• Chrome/Edge/Opera/Brave/Vivaldi: Menu (⋮) → Help → About [Browser]
• Firefox: Menu (☰) → Help → About Firefox
• Safari: Safari → About Safari (or Apple menu → About This Mac)
• Mobile: App Settings → About / Information

Minimum required versions:

• Chrome 111+ (March 2023)
• Safari 16.4+ (March 2023)
• Firefox 128+ (July 2024)

How do I update my browser?

Most modern browsers update automatically. If not:

• Chrome: Browser updates automatically. Restart it if an update is available.
• Firefox: Menu → Help → About Firefox (checks and installs updates automatically)
• Safari: Updated via macOS/iOS system updates (Settings → General → Software Update)
• Edge: Menu (⋯) → Settings → About Microsoft Edge
• Mobile: Update via app stores (App Store, Google Play)

What should I do if CryptPeer® doesn't work correctly on my browser?

Checks to perform:

1. Check your browser version (see above) and ensure it is up to date
2. Clear cache and cookies: Cached data can cause compatibility issues
3. Temporarily disable extensions: Some extensions can interfere with CryptPeer®
4. Test in private/incognito mode: This helps isolate issues related to extensions or cache
5. Verify JavaScript is enabled: CryptPeer® requires JavaScript to function
6. Check browser console: Press F12 (or Cmd+Option+I on Mac) to see any errors
7. Test with another browser: If the problem persists, test with Chrome, Firefox, or Safari

Browser extensions that may affect CryptPeer®:

• Aggressive ad blockers (may block necessary resources)
• Strict security extensions (may block WebAssembly or certain APIs)
• Extensions modifying JavaScript (may interfere with functionality)
• Automatic translation extensions (may modify the DOM)

If the problem persists, contact our technical support with the following information:

• Browser name and version
• Operating system
• Exact error message (if available)
• Installed extensions

Modern CSS Features and Browser Support

CryptPeer® uses Tailwind CSS v4.0 which leverages modern CSS features. Here is their support:

• Native CSS variables (--variable): Supported by all modern browsers (Chrome 49+, Firefox 31+, Safari 9.1+)
• CSS Grid: Supported by all modern browsers (Chrome 57+, Firefox 52+, Safari 10.1+)
• Advanced Flexbox: Supported by all modern browsers
• CSS Nesting: Supported by Chrome 112+, Safari 16.5+, Firefox 117+
• field-sizing: content: Limited support (Chrome 123+, Safari 17.0+)
• @starting-style: Limited support (Chrome 117+, Safari 17.2+)
• text-wrap: balance: Limited support (Chrome 114+, Safari 17.0+)

Graceful degradation: Features with limited support are automatically adapted or disabled on browsers that do not support them, which should allow CryptPeer® to remain functional even if some advanced visual features are not available. If you notice a malfunction, please report it to the CryptPeer technical team.

Technologies Used by CryptPeer®

CryptPeer® is a progressive web application (PWA) using:

• Modern JavaScript (ES6+): Requires a browser supporting ES6+ features (arrow functions, classes, modules, async/await, etc.)
• TypeScript: Compiled to JavaScript compatible with modern browsers
• WebAssembly (WASM): Used for performant cryptographic operations (supported by Chrome 57+, Firefox 52+, Safari 11+, Edge 16+)
• Modern Web APIs: IndexedDB (local storage), WebRTC (audio/video calls), Web Crypto API (encryption), Service Workers (PWA)
• Tailwind CSS v4.0: Modern CSS framework for user interface

Browser Security Recommendations

For optimal security when using CryptPeer®:

• Keep your browser updated: Updates include critical security patches
• Enable automatic updates: Ensure you always have the latest version
• Use trusted extensions only: Avoid unverified extensions that could compromise security
• Enable tracking protection: Available in Firefox, Safari, Brave, Edge
• Disable JavaScript on untrusted sites: Use extensions like NoScript with caution
• Verify SSL/TLS certificates: Ensure the connection to your CryptPeer® server is secure (HTTPS)

Compatibility Testing and Support

CryptPeer® is regularly tested on the following browsers (non-exhaustive list):

• Google Chrome (latest stable, beta, and dev versions)
• Mozilla Firefox (latest stable and ESR versions)
• Apple Safari (macOS and iOS, latest versions)
• Microsoft Edge (latest versions)
• Opera, Brave, Vivaldi (recent versions)
• Mobile browsers (Chrome Mobile, Safari iOS, Firefox Mobile, Samsung Internet)

⚠️ Report a compatibility issue: If you encounter a compatibility issue with a browser mentioned in this list or a recent version, contact the CryptPeer technical team immediately via our contact form with the following details:

• Exact browser name and version
• Operating system and version
• Exact error message (screenshot if possible)
• Installed browser extensions
• Steps to reproduce the problem
• Browser console (F12) — any errors

We strive to ensure compatibility with all modern browsers, and your report helps us improve CryptPeer® for all users.

Does CryptPeer® work on Android smartphones?

Yes. CryptPeer® has been tested and validated on Android smartphones, with confirmed compatibility from Android 7 (Nougat) minimum. The application works via the web browser, without requiring installation of a native application.

Tested Android devices:

• Android 7.0 (Nougat) and later versions
• Chrome Mobile for Android
• Samsung Internet
• Firefox Mobile for Android

Does CryptPeer® work on iPhones (iOS)?

Yes. CryptPeer® is compatible with iPhones via Safari iOS. The application works via the Safari web browser, without requiring installation from the App Store.

Note: Compatibility tests have been performed on recent iOS versions. Compatibility testing with the oldest iPhone versions has not yet been completed, but CryptPeer® should work on iPhones with iOS 12 or later (compatible with Safari 16.4+).

Tested iOS devices:

• Safari iOS (recent versions)
• Chrome for iOS
• Firefox for iOS

Does CryptPeer® work on smart TVs and video projectors?

Yes. CryptPeer® is designed to work on all devices with a web browser, including:

• Samsung Smart TVs: Compatible with the integrated web browser of Samsung Smart TVs (recent models)
• Android TV: Compatible with Chrome for Android TV and web browsers available on Android TV
• Connected video projectors: Compatible with video projectors with an integrated web browser
• Other smart TVs: Compatible with smart TVs with a modern web browser (LG webOS, Tizen, etc.)

Recommendations for smart TVs:

• Use a remote control with keyboard or connect a USB/Bluetooth keyboard to facilitate input
• Ensure your smart TV has an up-to-date web browser
• For the best experience, prefer recent smart TV models

What operating systems are compatible for the CryptPeer® server?

The CryptPeer® server works on all computers running Linux (ARM / x86), including:

• ARM mini-computers: Raspberry Pi 5, Orange Pi, NanoPi, and other ARM platforms
• x86 processors: Intel, AMD and compatible architectures
• Enterprise servers: From mini-computers to dimensioned servers
• All Linux systems: Maximum compatibility for portable and duplicable sovereignty

For more details on server compatibility, see the Architecture section.

Are there any compatibility limitations to be aware of?

Since CryptPeer® is a progressive web application (PWA), some limitations may apply depending on the device:

• Advanced features: Some modern features may require a recent browser
• Performance: Performance may vary depending on device power and browser version
• Local storage: Local storage may be limited on some devices (especially smart TVs)
• Notifications: Push notifications may not be available on all devices

For an optimal experience, we recommend using a recent and up-to-date browser on your device.

Available Services

Can I make group video calls with CryptPeer®?

Yes. CryptPeer® supports group audio/video calls (conferences) in a private self‑hosted environment. Remote access is possible depending on network configuration (NAT, reverse proxy, Let's Encrypt).

Can I send large files with CryptPeer®?

Yes. CryptPeer® supports large-capacity file transfers with E2E encryption. The recipient can choose to import files encrypted or decrypted. File signing available.

Can I send voice or video messages with CryptPeer®?

Yes. Audio/video recordings are captured locally then sent encrypted. Ideal for voice memos, video messages, or recorded conferences.

In which languages is CryptPeer® available?

14+ languages offline. The interface is available in 14+ languages offline. Messages are not automatically translated (respect for confidentiality).

Administration and Access Management

Can I easily switch servers with CryptPeer®?

Yes. Via Server Manager, you can manually switch to another relay (organization, client server, remote instance) by clicking on the desired server link. Server‑hopping enables high resilience. Automation of this switching is planned.

How does contact revocation or repudiation work?

Yes. The administrator can revoke a contact with 1 click: the contact immediately loses access to servers. Between contacts, repudiation works as follows: messages sent by the repudiated remain accessible; they lose access to the other's responses.

Can I modify my passphrases without losing my messages?

Yes, modifiable at will, without loss. The user can change their passphrases thanks to the ephemeral key system per message. Changing the passphrase does not affect existing messages.

How does CryptPeer® administration work?

Simple and granular. Directory by categories (form ⟶ validation ⟶ restricted visibility), 1-click revocation, controlled repudiation, Server Manager (manual switching to another relay — automation planned). Admin gauges in integration: A/V latency/jitter, throughput, simultaneous capacity (conferences), Pi 5 consumption.

Security and Resilience

Can I backup my data with CryptPeer®?

Yes. Encrypted database backups and restoration of encrypted messages with user keys. Auto‑purge of unrecovered files in case of saturated SSD/SD.

Does CryptPeer® work on a mini‑PC like the Raspberry Pi?

Yes. CryptPeer® works on mini‑PCs like the Raspberry Pi 5, with very low power consumption (2.4 to 9 W depending on usage), ensuring optimal autonomy and resilience in sensitive environments.

What is CryptPeer®'s level of resilience?

High. Server‑hopping, local‑only mode, multi‑instances, difficult to detect/stop. Manual switching to another relay (via Server Manager) — automation planned. Without VPN / without external service: no third-party dependency.

Can I use an HSM (Hardware Security Module) with CryptPeer®?

Yes. PassCypher NFC HSM (Android NFC) & PassCypher HSM PGP (PC) for master passphrase > 256 bits. Secure storage of secrets.

Does CryptPeer® depend on an external provider or cloud?

No. CryptPeer® is entirely self‑hosted. There is no dependency on a third-party provider, no imposed cloud, no external delegation.

Are my communication metadata exploitable by the server?

No. CryptPeer® encrypts all metadata and logs upstream. No exploitable data is visible on the server side.

Can CryptPeer® be detected by network monitoring tools?

Very difficult. Thanks to local‑only mode, compartmentalization, and systematic encryption, CryptPeer® reduces the attack surface and makes detection complex.

Storage and Management of Cryptographic Keys

Where are the master keys (K_pair) stored that are used to generate private keys?

Master keys are never stored in plaintext. The segmented pairing key K_pair is managed by the segmented key authentication engine (patent WO2018154258A1) and is never stored in full. It is segmented into several parts (hardware, software, cognitive segments) stored separately on different media (NFC HSM, PGP HSM, encrypted local memory, PIN/passphrase). The recomposition of K_pair occurs only in volatile memory, ephemerally, only when necessary to derive the root key K_seg.

Where are the private keys (K_seg) stored that are used to encrypt messages?

Private keys are never stored persistently. The local root key K_seg is derived on demand from K_pair via the segmented engine, then maintained only in volatile memory (RAM) for a minimal duration. It is actively erased after use. K_seg is never stored on disk, never transmitted over the network, and never accessible to the relay server. The server holds no decryption keys.

Where are the derived keys (K_conv_v2, K_file_v2, K_msg) stored that are used to encrypt content?

Derived keys are calculated on demand and erased immediately after use. All derived keys (K_conv_v2 for conversations, K_file_v2 for files, K_msg for each message) are derived locally on the client side from K_seg and public data (conversation identifiers, etc.). They are maintained only in volatile memory during their use, then erased. Each message uses a unique ephemeral K_msg key, which is erased after decryption, ensuring local Perfect Forward Secrecy. No derived keys are stored on disk or transmitted to the server.

Can the server access my encryption keys?

No, absolutely not. The CryptPeer® relay server is completely blind: it holds no encryption keys, neither K_pair, nor K_seg, nor any derived keys. All key derivations are performed exclusively on the client side, from K_seg obtained via the local segmented engine. The server only stores encrypted blobs that it cannot decrypt. Even in case of total server compromise, your messages remain protected because keys are never exposed to the server.

What happens if I lose access to the segmented key engine?

You lose access to your messages, but they remain protected. Without access to the segmented engine and the segments necessary to reconstruct K_pair, it is impossible to derive K_seg and therefore decrypt your messages. This is a security feature: even if an attacker steals your terminal or compromises the server, without the segments (notably hardware HSM segments or cognitive PIN segments), they cannot access your data. This is why it is essential to keep your encrypted 3-2-1 backups and protect your segments (HSM, PIN, etc.).

Regalian and Sensitive Uses

For which types of organizations is CryptPeer® designed?

CryptPeer® is intended for sensitive organizations (institutions, defense, diplomacy, critical companies) and individuals wishing for total control of their communications.

Examples of regalian uses:

• Diplomatic or military communications
• Mission orders in air‑gap mode
• Encrypted archiving of sensitive documents
• Resilience against censorship or network outages
• Secure transmission via messenger or shuttle
• Sending via encrypted analog/digital fax

Differentiating Points

• Sovereign P2P architecture: no dependency on a central server or external provider
• Typological compartmentalization: strict access by categories, guaranteeing opposable separation of flows
• Local‑only mode: complete operation without Internet, on closed network
• Multi‑instance resilience: manual switching between relays (via Server Manager) — automation planned, difficult to censor or stop
• Paper and digital archiving: opposable, encrypted, long-term preservation
• Granular identity management and instant revocation: total control by administrator
• Mini‑PC compatibility: optimized operation on Raspberry Pi 5, energy-efficient and deployable anywhere
• Zero exploitable metadata: no data visible on server side
• Network undetectability: communications difficult to trace or block
• Secure interoperability: possibility of encrypted gateways with other systems without compromising internal security