Hopr Sidecars whose workloads need to inter-operate must use the same CHIPS™ algorithm. A premium feature allows sidecar configuration for micro-segmentation using multiple algorithms.
Hopr's Synchronous Ephemeral Encryption (SEE™) protocol builds a secure 'tunnel' between workloads using the symmetric key produced by CHIPS™ at each workload. There is no key exchange.
By default, encryption-decryption occurs at Layer 4, the Transport layer. Every IP packet (message headers and bodies) is individually encrypted and decrypted. Layer 7 (application layer) encryption is configurable.
No. API keys are still passed within messages sent to an API endpoint, but they are only used for identification purposes by the API. They are protected because they are encrypted and cannot be sniffed in transit.
Connection attempts from untrusted workloads fail SEE™ protocol decryption, even if they are also TLS encrypted. They are immediately logged and discarded.
Yes. Hopr Connect protects all ingress and egress access to workloads located anywhere. Whether messages are N-S or E-W does not affect Hopr Connect due to its decentralized identity and secrets management capability.