The algorithms and design decisions behind the cryptography are documented in the Cryptography Whitepaper.

If you find a security issue in Threema, please follow responsible disclosure and report it to us via Threema or by encrypted email, we will try to respond as quickly as possible. You can find the contact details at threema.ch/contact (section “Security”).

Every commit in this repository is cryptographically signed using the following PGP key:

pub   rsa4096 2016-09-06 [SC] [expires: 2026-09-04]
      E7AD D991 4E26 0E8B 35DF  B506 65FD E935 573A CDA6
uid           Threema Signing Key <dev@threema.ch>

The public key can be found at https://oss.threema.ch/65FDE935573ACDA6.pub.