Understanding Encryption Session Key Changes in UTurn Chats

In person-to-person chats on UTurn, you may occasionally see messages indicating that encryption session keys have been removed from your device or that a new encryption session using new keys has been created. These notifications are part of UTurn’s enhanced security features, designed to keep you informed about system actions related to the protection of your messages and privacy.

How UTurn Handles Encrypted Messages

When you receive a message from another user, UTurn decrypts it before saving it to your message database and displaying it in your chat window. This decryption process begins by verifying the encryption session to ensure the message has not been tampered with. Once verified, the system attempts to decrypt the message payload.

If the system determines that the current encryption session should no longer be used—for any reason—it performs the following steps:

1. Permanently rejects the message.

2. Removes the existing encryption session between your device and the sender’s device.

3. Requests the sender’s device to resend the message using a new encryption session.

When this happens, you'll see an informational message in the chat window stating that encryption session keys have been removed from your device.

Once the sender's device receives the request, it initiates a new encryption session and resends the message using updated keys. Your device then goes through the same verification and decryption process. If the new session is successfully established and accepted, you'll see another notification indicating that a new encryption session using new keys has been created.

Why a Message Might Be Rejected

Encryption-related rejections typically occur for one of the following reasons:

• Loss of synchronization between the encryption states of the two devices.

• Device change, where one user switched to a new device without restoring encryption data from the previous device.

• Message tampering, where the message was altered in transit by a third party.

What You Should Do

In most cases, these system messages are routine and can be safely ignored. However, if you suspect that your conversation may be subject to surveillance or interference by a third party, it is advisable to directly contact the person you are chatting with and verify whether they are using a new device.

Note: A "capable third party" refers to an individual or organization with the technical expertise and resources to intercept your internet traffic and redirect it from its intended destination to one of their choosing—potentially compromising the security of your communications.