App Encryption Documentation

This document describes the encryption used by the PocketDev iOS app, provided for Apple App Store compliance review and US export classification purposes.

Encryption Algorithms Used

1. Ed25519 Digital Signatures (RFC 8032)

PocketDev uses Ed25519 asymmetric key signing, implemented via the @noble/ed25519 JavaScript library (a publicly available, open-source implementation). This is a standard algorithm accepted by IETF (RFC 8032).

Purpose: Device authentication only. When a mobile device pairs with a PocketDev server, an Ed25519 keypair is generated on the device. The private key signs outgoing API requests; the server verifies the signature against the registered public key to confirm the request is from an authorized device.

What is not encrypted: No user content, files, prompts, or task output is encrypted using this algorithm. It is used exclusively to authenticate requests, equivalent in purpose to HMAC-based request signing.

Implementation note: This library runs in the JavaScript runtime and does not use Apple's CryptoKit or CommonCrypto APIs. It is publicly available at github.com/paulmillr/noble-ed25519.

2. TLS 1.2 / 1.3 (HTTPS and WSS)

All network communication between the mobile app and the paired server is conducted over HTTPS and secure WebSocket (WSS) connections. TLS is handled entirely by Apple's standard networking stack (the iOS URL loading system / NSURLSession) and is not implemented by the app.

Export Classification

Per the US Bureau of Industry and Security (BIS) Export Administration Regulations (EAR), Note 4 to Category 5, Part 2 (Information Security), the Ed25519 usage described above qualifies as an exemption: it is a publicly available, standard algorithm used solely for authentication (digital signature verification), not for encrypting or decrypting data.

No proprietary encryption algorithms are used. No encryption algorithms not accepted by international standard bodies (IEEE, IETF, ITU) are used.

Summary