Setting up encrypted communication by yourself is hard. If you’ve ever set up PGP for your email or implemented an off-the-record chat in Pidgin, you know that it can be a clunky, burdensome process. Thankfully, cryptographers are working to make it easier — and a new partnership will make it simpler for app developers to build encryption into their platforms. Twilio, the cloud-based communications platform, announced today that it is partnering with Virgil Security to enable developers to build strong encryption into their messaging services.
Just like Twilio lets developers easily add text messaging, voice calls and chat to their apps, Virgil Security gives developers the means to add end-to-end encryption and key management to their products. The partnership between the two companies will allow developers to integrate encryption into their chat features within a few hours.
“What we are trying to do is make every developer into a cryptologist,” says Dmitry Dain, founder of Virgil Security. “If you look at what Twilio has done, they have made every developer into a communications expert. What Virgil has done is the same thing for security.”
Demand for strongly encrypted messaging apps has grown recently, as breaches become more common and concerns over government surveillance increase. WhatsApp, the popular Facebook-owned messaging service, debuted end-to-end encryption for its users in April, and Viber followed suit later that same month. Both companies reportedly worked to establish their encryption systems for years. The Twilio-Virgil partnership will enable startups to add encrypted messaging to their apps within a few hours.
Of course, once Virgil Security’s encryption platform is used by hundreds of businesses, it’ll be essential that it’s actually as secure as the company claims. (If implemented properly, end-to-end encryption protects the contents of users’ messages from everyone except the intended recipient — even the company that supplies the messaging service.) That’s why Dain is keeping Virgil’s cryptography protocol open-source — so it can be audited by anyone at any time.
Twilio expects to see most of its clients implementing encryption in its IP messaging service. Twilio executives told TechCrunch that they saw demand for tighter security from the medical and financial industries, which are legally required to keep data secure.
But other Twilio customers could go back and add end-to-end encryption to their messaging systems, as well. “It will mean you have to do some re-implementation to put that in,” says Twilio’s Carl Olivier, “but it is certainly something that you can add after the fact.”
Although Twilio is focused mainly on bringing strong encryption to IP messaging, there are some use cases in IoT device verification, as well. Unfortunately, you likely won’t see Uber encrypting the text messages you receive when your driver arrives any time soon — Apple’s SMS messaging isn’t open to developer modification.
Twilio has launched a tutorial on integrating Virgil Security’s cryptography on GitHub.