Siilo applies two levels of encryption for data-in-transit: 

1. End-to-end encryption. The data intended for transport is encrypted on your device with your private key, and only a trusted receiver can decrypt the data with your public key 

2. Transport layer encryption (TLS). The end-to-end encrypted data is encrypted again for its transport between the mobile client and the server using the axolotl ratchet to provide forward secrecy  

Siilo uses the open source “Box“ model of the NaCl Networking and Cryptography Library * to encrypt and authenticate messages. The primary goal of NaCl is to cryptographically protect every network connection, providing strong confidentiality, strong integrity, and state-of-the-art availability against attackers sniffing or modifying network packets. NaCl’s authenticated-encryption mechanism is designed as a secure unit, always wrapping encryption inside authentication. Nothing is decrypted unless it first survives authentication, and the authenticator’s entire job is to prevent the attacker from forging messages that survive authentication.  

* Bernstein DJ, Lange T, Schwabe P. (2012). The security impact of a new cryptographic library. In Neven G & Hevia A (Eds.), Progress in Cryptology - LATINCRYPT 2012 (2nd International Conference on Cryptology and Information Security in Latin America, Santiago, Chile, October 7-10, 2012. Proceedings) (pp. 159-176). Berlin: Springer.