Secure Device-to-Device Key Transfer
Transfer your encryption keys to a new device using QR codes. X25519 ECDH key exchange + AES-256-GCM encrypted transfer.
1,000-member groups, fully E2EE.
SIGNAL FOUNDATION SENDER KEYS
Across all plans — no upgrades to the limit
Sender Keys protocol
Official libsignal implementation, optimized for groups
Forward Secrecy
Past messages stay encrypted even if future keys leak
Low latency
Sender-side encryption is O(1) — fast at any scale
Source Device
On the device that has your keys: Settings → Key Sync → "Transfer Keys". A QR code is displayed (valid for 5 minutes).
Target Device
On your new device: After login, select "Scan QR" and scan the QR code from the source device with your camera.
Transfer Complete
Keys are securely transferred via encrypted channel. SHA-256 checksum verifies data integrity. Session auto-expires.
Transfer Protocol
Source Device Target Device
│ │
│ 1. Create Session (Firestore) │
│ 2. Generate X25519 Ephemeral Key │
│ 3. Display QR Code │
│ ─── QR Scan ───► │
│ │ 4. Parse QR → sessionId + publicKey
│ │ 5. Generate X25519 Ephemeral Key
│ │ 6. ECDH → Shared Secret
│ │ 7. HKDF-SHA256 → AES Key
│ ◄── Firestore ── │ 8. Write encrypted response
│ 9. ECDH → Same Shared Secret │
│ 10. Encrypt keys (AES-256-GCM) │
│ ── Firestore ──► │
│ │ 11. Decrypt → Import keys
│ │ 12. SHA-256 Checksum verify
│ 13. Cleanup session │
└────────────────────────────────────┘
Session TTL: 5 minutesKeys Transferred
| Key | Algorithm | Purpose |
|---|---|---|
| Identity Key Pair | X25519 | Identity verification / PQXDH |
| Signing Key Pair | Ed25519 | Message signatures (AEGIS XEdDSA) |
| Signed PreKey Pair | X25519 | X3DH session establishment |
| Registration ID | — | Session identifier |
One-Time PreKeys are NOT transferred. They are regenerated on the new device to avoid key competition between devices.
Platform Support
| Platform | QR Scan | Key Storage | Alternative |
|---|---|---|---|
| iOS | Supported | Keychain | — |
| Android | Supported | Android Keystore | — |
| macOS | Camera dependent | Keychain | Regenerate Keys |
| PWA (Web) | Camera permission dependent | Web Crypto API | Regenerate Keys |
Regenerate Keys: If QR scanning is unavailable (PWA/macOS), choose "Regenerate Keys" to create new encryption keys. New sessions will be established with all contacts, but previous messages cannot be decrypted.
Multi-Device Usage
Important considerations when using the same account on multiple devices.
Same Account, Multiple Devices
- • Each device stores independent encryption keys
- • Key Sync required to decrypt messages from original device
- • One-Time PreKey conflicts possible with simultaneous devices
- • Device limit: Essential 1 / Premium & Intelligence 3
Different Account, Same Device
- • All encryption sessions fully reset
- • Previous account messages permanently undecryptable
- • No key collision between different accounts
- • Warning dialog shown before account switch
Arc vs Signal: Multi-Device Model
| Feature | Signal | Arc V2 |
|---|---|---|
| Device Model | Primary/Linked | Independent key sets |
| Device Addition | Via Primary | Direct registration + Key Sync |
| Key Distribution | Primary distributes to Linked | Peer-to-peer QR exchange |
| Device Authentication | Implicit trust | Ed25519 signature verification |
| Primary Failure | All Linked devices orphaned | No impact (independent) |