Open source does not negate security. In fact I would trust open source much more than closed source. This is my industry and many, probably even most of the tools I use every single day are open source.
The code doesn't provide security by be hidden, the encryption keys provide security. Open source code lets you see that the keys are being properly used. How would you know the app isn't stealing your keys if the code is not open sourced?
Now let me tell you just a little bit about those encryption keys and asymmetric cryptography.
You have two keys: a private key and a public key. The public key is derived from the private key BUT the private key cannot be derived from the public key. You freely share your public key. You never share your private key.
Every user has a private key and public key (call it a key pair).
Now if you want to send me a message you have access to the following three keys: Your own private key, your own public key, and my public key. Similarly when I receive your message I will have access to three keys: my private key, my public key but only your public key.
Asymmetric cryptography uses these keys in such a way that (1) you can trust only I will be able to read your message and (2) I can trust that only you could have sent that message. Thus we achieved privacy and authenticity: Nobody read the message who wasn't allowed to read it and nobody faked the message.
Open source does not negate security. In fact I would trust open source much more than closed source. This is my industry and many, probably even most of the tools I use every single day are open source.
The code doesn't provide security by be hidden, the encryption keys provide security. Open source code lets you see that the keys are being properly used. How would you know the app isn't stealing your keys if the code is not open sourced?
Now let me tell you just a little bit about those encryption keys and asymmetric cryptography.
You have two keys: a private key and a public key. The public key is derived from the private key BUT the private key cannot be derived from the public key. You freely share your public key. You never share your private key.
Every user has a private key and public key (call it a key pair).
Now if you want to send me a message you have access to the following three keys: Your own private key, your own public key, and my public key. Similarly when I receive your message I will have access to three keys: my private key, my public key but only your public key.
Asymmetric cryptography uses these keys in such a way that (1) you can trust only I will be able to read your message and (2) I can trust that only you could have sent that message. Thus we achieved privacy and authenticity: Nobody read the message who wasn't allowed to read it and nobody faked the message.