Security - Blade Terminal

End-to-End Encryption E2EE

Multiplayer sessions use X25519 key exchange with AES-256-GCM encryption. Terminal content and chat messages are encrypted between participants - Blade servers cannot read session data.

TLS Transport TLS 1.3

All WebSocket connections use TLS 1.3 with self-signed certificates and fingerprint-based trust-on-first-use (TOFU) verification.

Local-First Architecture No Cloud

Blade runs entirely on your machine. Terminal data never leaves your computer unless you explicitly share a session. No telemetry, no cloud processing.

Memory Safety Rust

Built in Rust with zero unsafe code in core paths. No buffer overflows, use-after-free, or data races. The compiler guarantees memory safety at compile time.

Session Security

Invite codes are single-use and expire after 15 minutes
Session hosts control who can type with driver/observer roles
Participants can be removed by the session host at any time
All session data is destroyed when the session ends

SSH Security

SSH keys are stored only on your local machine
Blade supports Ed25519 and RSA key types
Host key verification with known_hosts checking
Agent forwarding is disabled by default

Reporting Vulnerabilities

If you discover a security vulnerability in Blade, please report it responsibly to security@bladeterm.com. We aim to respond within 48 hours and will credit researchers in our security advisories.