Hi! I'm on the mobile development team here at goTenna. We're taking advantage of the Bluetooth LE standard encyption with is AES-CCM. More on that here: http://bit.ly/1teKWvG

For encrypting the data as it's sent between gotennas we're using 1024 bit RSA. Not sure what level of detail you'd like.. but here are a few things to get you started!

RSA itself: http://bit.ly/1kDlTgP Cryptographic Services: http://bit.ly/1teLhPb More on CDSA (see above articles first): http://bit.ly/Ug2CLt

Much of our approach is fairly standard!

So, question: How do you authenticate the person you are trying to message with, i.e. How do I know that I'm sending the message I want to send to (the real) Jason Greengrocer not the FBI pretending to be Jason?

At set up, you can either set up your goTenna ID to be your phone number (recommended, as it will then integrate with your contact list and make it easy for other people you know using goTenna to find you with goTenna) or a randomly generated string we create for you (for the crypto people out there!). The way we ensure your (or Jason Greengrocer's!) phone number isn't spoofed is we verify your phone number through the regular telephony network when you do have connectivity. If you complete setup without connectivity and enter a telephone number as your ID, you will show up as "Unverified." We don't recommend offline setup though because then you can't download all our awesome detailed offline map packs (you'll just get the world vector map that comes with the app at download).