A
Air-gap
Definition: Computer network physically isolated, without connection to the Internet or other external networks. Also called "closed network" or "isolated network".
In CryptPeer: CryptPeer® can operate in air-gap mode, enabling secure communications in a completely isolated environment, without any Internet connection.
See also: Local-only mode, Closed network
Sovereign Architecture
Definition: Independent IT architecture, without dependence on external providers, cloud services, or third-party intermediaries. Ensures total control of data and infrastructure.
In CryptPeer: CryptPeer® is based on a sovereign architecture: zero intermediaries, zero delegation, zero collection. The user maintains total control of their infrastructure.
See also: Self-hosted, Zero intermediary
Self-hosted
Definition: Solution where the user hosts and controls the infrastructure themselves (server, data) on their own equipment, without depending on an external service.
In CryptPeer: CryptPeer® is 100% self-hosted. The relay server can be installed on your own infrastructure, from Raspberry Pi 5 to enterprise server.
See also: Autonomous relay server, Sovereign architecture
B
Encrypted Backup 3.2.1
Definition: Redundant backup strategy: 3 copies of your data, on 2 different media types, including 1 off-site copy. All backups are encrypted.
In CryptPeer: Redundant encrypted backup system allowing you to back up your data across multiple media (USB, SSD, cloud, NAS, external drive). Automatic timestamping prevents overwriting.
See also: Encryption, NAS
Sovereign bubble
Definition: Autonomous perimeter of infrastructure and governance, operated by an entity, where communications and data remain under sovereign control (rules, access, operations, continuity).
In CryptPeer: A sovereign bubble can be embodied by a sovereign autonomous server, reinforced by an autonomous relay server and failover mechanisms.
See also: Sovereign autonomous server, Sovereign architecture
Link failover
Definition: Continuity mechanism that switches relay/access points without long service interruption, to keep communications running in constrained environments.
In CryptPeer: Link failover enables continuity across multiple sovereign relays, aligned with server-hopping and multi-server management.
See also: Server-hopping, Server Manager, Autonomous relay server
C
Encryption
Definition: Process of transforming readable data (plaintext) into unreadable data (ciphertext) using an algorithm and a key. Only the key holder can decrypt the data.
In CryptPeer: All messages, files, and metadata are encrypted before transmission. Encryption is performed on the user's device; the server never sees plaintext content.
See also: Decryption, E2E, Over-encryption
Ephemeral Key
Definition: Temporary encryption key, used once or for a limited duration, then destroyed. Each message uses its own unique key.
In CryptPeer: Ephemeral key system per message: each message is encrypted with a unique key. Compromising one message provides no information about others.
See also: Segmented key, Instant obsolescence
Segmented Key
Definition: Key management system where a master key is derived into several distinct keys, one per conversation or group. Patented system in CryptPeer®.
In CryptPeer: Each conversation/group has its own derived key. Combined with ephemeral keys per message, this ensures total isolation between conversations.
See also: Ephemeral key, Encryption
Typological Isolation
Definition: Strict separation of communication flows by categories or user types. Each category is isolated and cannot access others.
In CryptPeer: Access is strictly controlled by categories. A user in one category cannot see or communicate with users in other categories, ensuring opposable separation of flows.
CryptPeer Defense
Definition: Specialized version of CryptPeer® reserved for regalian uses. Autonomous service with its own engine and optimized relay server. Learn more →
Features: Segmented and ephemeral key encryption, tunnel mode, end-to-end volatile memory, RAM-only encryption, volatile key management, zero logs, total absence of exploitable metadata and persistent digital traces. No storage: tunneled encryption with direct transfer of encrypted messages and files without storage.
See also: RAM-only, Regalian uses
Closed Network
Definition: Isolated computer network, without connection to the Internet or other external networks. Synonym of air-gap network.
In CryptPeer: CryptPeer® can operate on a local closed network, in local-only mode, without any Internet connection.
See also: Air-gap, Local-only mode
Cyberattack
Definition: Malicious computer attack aimed at compromising, disrupting, or destroying computer systems, networks, or data. Cyberattacks can target critical infrastructure, email servers, user accounts, or sensitive data.
In CryptPeer: CryptPeer®'s sovereign architecture, with its autonomous servers, end-to-end encryption, and absence of a single central point, significantly reduces the attack surface and the likelihood of successful compromise.
See also: Compromise, Vulnerability, Data exfiltration
Compromise
Definition: Situation where a system, account, or data has been accessed, modified, or controlled by an unauthorized attacker. Compromise can result from an exploited vulnerability, a hacked account, or an intrusion into a server.
In CryptPeer: Even if a relay server were compromised, data remains protected thanks to end-to-end encryption. The server never sees plaintext content, and the federated architecture allows isolation between sovereign bubbles.
See also: Cyberattack, E2E, Sovereign federated architecture
D
Decryption
Definition: Reverse process of encryption: transformation of encrypted data (unreadable) into readable data (plaintext) using the appropriate key.
In CryptPeer: Decryption is performed only in volatile memory (RAM) on the user's device. No decrypted data is stored persistently.
See also: Encryption, RAM-only
E
E2E (End-to-End)
Definition: End-to-end encryption. Data is encrypted on the sender's device and decrypted only on the recipient's device. No intermediary (server, provider) can see plaintext content.
In CryptPeer: All messages, audio/video calls, and files are E2E encrypted. The relay server never sees plaintext content; it only relays encrypted data.
See also: Encryption, Blind relay
EviEngine
Definition: Freemindtronic technology that enables automation of actions in web services without using servers or databases. Allows hardware-based software license management, not based on a person's identity. Learn more about EviEngine.
In CryptPeer: EviEngine is embedded in CryptPeer® for license management without servers or databases. The license system is based on the computer's motherboard serial number, preserving anonymity since the license is linked to hardware and not identity. CryptPeer® can thus operate in local network even offline, without dependency on external services.
See also: Sovereign architecture, Self-hosted
Data Exfiltration
Definition: Process by which an attacker transfers stolen data from a compromised system to an external server controlled by the attacker. Exfiltration is often the final objective of a cyberattack.
In CryptPeer: Thanks to end-to-end encryption, even if an attacker managed to exfiltrate data from a relay server, it would remain unreadable without the decryption keys held only by users.
See also: Cyberattack, Compromise, E2E
F
No terms yet.
G
Storage management
Definition: Set of rules and mechanisms controlling data persistence (retention, volumes, priorities, rotation, deletion) to optimize security and continuity.
In CryptPeer: Storage management works with automatic purge and the objectives “zero trace / zero actionable metadata”, depending on the operating modes.
See also: Automatic purge, Zero Trace, Zero actionable metadata
H
HSM (Hardware Security Module)
Definition: Hardware security module, physical device dedicated to secure management of cryptographic keys and encryption operations. Offers superior protection to software solutions.
In CryptPeer: CryptPeer® is compatible with PassCypher HSM PGP, NFC HSM, DataShielder HSM PGP and NFC HSM to over-encrypt data, messages and files upstream before sending. The master passphrase (> 256 bits) can be stored in an HSM.
See also: Passphrase, Over-encryption
I
Network Undetectability
Definition: System's ability to avoid detection by network monitoring tools, traffic analysis, or filtering. Communications are difficult to trace, block, or censor.
In CryptPeer: Thanks to systematic encryption, local-only mode, isolation, and P2P architecture, CryptPeer® reduces the attack surface and makes detection complex.
See also: Local-only mode, P2P
Instant Obsolescence
Definition: Security mechanism where a message's key becomes invalid immediately after an interface or system event (tab change, window, scroll, etc.).
In CryptPeer: The message key becomes invalid at any interface/system event. This ensures that once a message is read, it cannot be re-decrypted without a new user action.
See also: Ephemeral key, Zeroization
J
No terms yet.
K
KDF (Key Derivation Function)
Definition: Key derivation function. Transforms a master key or secret into one or more cryptographic keys. CryptPeer uses PBKDF2-HMAC-SHA256, HKDF-SHA256 and HKDF-SHA3-512.
In CryptPeer: KDFs derive conversation keys from the master passphrase, ensuring cryptographic isolation between conversations and messages.
See also: HKDF, Passphrase
KUBB Secure Mini Fanless
Definition: French fanless (no-fan) mini-computer, ultra-compact and low-power. Available in N150 and i3-N300 models. Ideal for hosting CryptPeer servers.
In CryptPeer: KUBB Secure Mini is tested and recommended to host CryptPeer. Enables a sovereign, autonomous, and portable deployment—ideal for sensitive environments.
See also: Self-hosted, Sovereign architecture
L
LAN (Local Area Network)
Definition: Local network limited to a site (building, office, operational area), used to connect devices within a restricted perimeter.
In CryptPeer: CryptPeer® can operate over LAN (including an isolated intranet), supporting local continuity and operational sovereignty.
See also: Isolated intranet, Local-only mode, WAN
N
NAS (Network Attached Storage)
Definition: Network storage server, a device connected to a local network that allows sharing files and data between multiple devices.
In CryptPeer: CryptPeer® can be deployed on a Linux-compatible NAS, enabling centralized/self-hosted deployment of the relay server.
See also: Self-hosted, Autonomous relay server
Local-only mode
Definition: Operating mode where the system runs only on a closed local network, without Internet connectivity. All communications remain within the private network.
In CryptPeer: CryptPeer® can run entirely in local-only mode via a private Wi-Fi network (closed AP Wi-Fi, no SIM/Internet). Ideal for sensitive environments and air-gapped networks.
See also: Air-gap, Closed network
Hidden mode (CryptPeer Hidden)
Definition: Autonomous CryptPeer® mode where everything stays encrypted on screen by default. The user can selectively decrypt a conversation via a padlock button, and it automatically re-encrypts.
Benefit: Dramatically reduces the ability to capture an entire conversation, even with shoulder-surfing or screenshots.
See also: Encryption, CryptPeer Defense
M
Metadata
Definition: Data that describes other data: who, when, where, with whom. Examples: sender, recipient, date/time, file size, IP address.
In CryptPeer: CryptPeer® encrypts all metadata upstream. Zero exploitable metadata is visible server-side. The server cannot know who communicates with whom, or when.
See also: Zero exploitable metadata, Encryption
Local-only Mode
Definition: Operating mode where the system works only on a closed local network, without Internet connection. All communications remain in the private network.
In CryptPeer: CryptPeer® can operate entirely in local-only mode, via a private Wi-Fi network (closed AP Wi-Fi, without SIM/Internet). Ideal for sensitive environments and air-gap networks.
See also: Air-gap, Closed network
Masked Mode (CryptPeer Masked)
Definition: Autonomous mode of CryptPeer® where all data remains encrypted on screen by default. The user can selectively decrypt a conversation via a padlock button, which automatically re-encrypts.
Advantage: Significantly reduces the possibility of capturing the entire conversation, even in case of prying eyes or screenshots.
See also: Encryption, CryptPeer Defense
O
Over-encryption
Definition: Application of an additional layer of encryption on already encrypted data. Double cryptographic protection.
In CryptPeer: CryptPeer® is compatible with HSMs (PassCypher HSM PGP, NFC HSM, DataShielder HSM PGP) to over-encrypt data, messages and files upstream before sending.
See also: HSM, Encryption
P
P2P (Peer-to-Peer)
Definition: Decentralized network architecture where each node (peer) can be both client and server. No central server; communications pass directly between peers.
In CryptPeer: CryptPeer® is based on a sovereign P2P architecture. Voice/video communications pass directly between peers, without central server or intermediary. The relay server only facilitates the initial connection.
See also: Autonomous relay server, Sovereign architecture
Passphrase
Definition: Secret phrase used to generate or derive cryptographic keys. Longer and more secure than a simple password.
In CryptPeer: The master passphrase (> 256 bits) can be stored in an HSM (PassCypher NFC HSM or PassCypher HSM PGP). Modifiable at will without message loss thanks to the ephemeral key system.
See also: HSM, Ephemeral key
Q
Quantum / Post-quantum resistance
Definition: Ability of a cryptographic system to resist attacks by quantum computers. Symmetric algorithms (AES-256) and hash functions (SHA-256, SHA3-512) provide natural quantum resistance.
In CryptPeer: CryptPeer® uses a “quantum-informed” architecture: AES-256-GCM, SHA-256, SHA3-512, and 256+ bit keys provide natural resistance to quantum attacks (Grover’s algorithm). Segmented keys limit the impact of any future compromise.
See also: AES-256-GCM, Segmented key
R
RAM-only
Definition: Security principle where decryption and processing of sensitive data occurs only in volatile memory (RAM), never on disk or persistent storage.
In CryptPeer: Decryption is performed only in volatile memory. No decrypted data is stored persistently. Buffers are erased immediately after reading (zeroization).
See also: Zeroization, Decryption
Blind Relay
Definition: Server that relays encrypted data without being able to decrypt it. The server never sees plaintext content; it only transmits encrypted data.
In CryptPeer: The CryptPeer® relay server processes only encrypted data. It cannot see the content of messages, calls, or files. Transit role only.
See also: E2E, Autonomous relay server
Autonomous Relay Server
Definition: Server that facilitates the initial connection between peers in a P2P architecture, then relays encrypted data. Self-hosted and autonomous.
In CryptPeer: The CryptPeer® relay server is autonomous, self-hosted, and low consumption. Compatible with Raspberry Pi 5, mini-PC, NAS, Linux VPS. Blind transit role only.
See also: Blind relay, Self-hosted
Repudiation
Definition: Action of removing or canceling a contact's access. Messages sent by the repudiated contact remain accessible, but they lose access to responses.
In CryptPeer: Feature allowing to repudiate a contact: messages sent by the repudiated remain accessible; they lose access to the other's responses.
Revocation
Definition: Administrative action to remove a user's or contact's access. Revocation is instantaneous and irreversible by the administrator.
In CryptPeer: The administrator can revoke a contact in 1 click: the contact immediately loses access to servers.
Regalian Uses
Definition: Uses related to the State's regalian functions: defense, security, diplomacy, justice, etc. Require maximum level of security and sovereignty.
In CryptPeer: CryptPeer® is designed for regalian and sensitive uses: diplomatic communications, military operations, air-gap networks, sensitive organizations, pseudonym anonymity.
See also: CryptPeer Defense, Air-gap
Server-hopping
Definition: Ability to instantly switch from one relay server to another. Enables high resilience and increased difficulty to censor or stop the service.
In CryptPeer: Via Server Manager, you can instantly switch to another relay (organization, client server, remote instance).
S
Zeroization
Definition: Secure erasure process of sensitive data in memory. Buffers are overwritten with random values or zeros to prevent recovery.
In CryptPeer: Buffers are erased immediately after reading (zeroization). No trace of decrypted data persists in memory.
See also: RAM-only, Decryption
Q
No terms yet.
T
No terms yet.
U
Zero Exploitable Metadata
Definition: Principle where no exploitable metadata is stored or accessible in plaintext. All metadata is encrypted.
In CryptPeer: CryptPeer® encrypts all metadata upstream. No exploitable data is visible server-side. The server cannot know who communicates with whom, or when.
See also: Metadata, Encryption
V
VPS (Virtual Private Server)
Definition: Private virtual server, a virtual machine hosted on a shared physical server. Provides dedicated hosting with full control over the OS and applications.
In CryptPeer: CryptPeer® can be deployed on a Linux VPS, enabling remote hosting with full control over the infrastructure.
See also: Self-hosted, Autonomous relay server
Vulnerability
Definition: Weakness in a system, software, or configuration that can be exploited by an attacker to compromise security. Vulnerabilities can be software bugs, incorrect configurations, or architectural weaknesses.
In CryptPeer: CryptPeer®'s sovereign and decentralized architecture reduces the impact of vulnerabilities: even if a relay server is compromised, end-to-end encryption protects data, and the absence of a single central point limits propagation.
See also: Cyberattack, Compromise, Sovereign federated architecture
W
WebRTC (Web Real-Time Communication)
Definition: Real-time communication protocol enabling audio/video calls directly between browsers or apps, without plugins. Uses encrypted P2P connections.
In CryptPeer: WebRTC is used for end-to-end encrypted audio/video calls. Communications go directly peer-to-peer through a secure WireGuard tunnel.
WireGuard
Definition: Modern, fast, secure VPN protocol. Uses state-of-the-art cryptography (ChaCha20, Poly1305, Curve25519, BLAKE2s) to build secure tunnels.
In CryptPeer: WireGuard creates the secure VPN tunnel used for WebRTC video calls. Without WireGuard, only messaging is available.
WAN (Wide Area Network)
Definition: Wide network connecting multiple geographically separated sites (carrier links, interconnections, remote access).
In CryptPeer: CryptPeer® can be operated in WAN contexts while keeping sovereign operations and the ability to fail over between relays.
See also: LAN, Link failover, Autonomous relay server
X
No terms yet.
Z
Zero Intermediary
Definition: Architecture principle where no intermediary (provider, cloud service, third party) intervenes in data processing or storage.
In CryptPeer: CryptPeer® guarantees zero intermediary, zero delegation, zero collection. The user maintains total control.
See also: Sovereign architecture, Self-hosted