βββ ββββββββββββββ ββββββ βββ ββββββββββ βββββββ
βββ βββββββββββββββ βββββββ βββ ββββββββββββββββββββ
βββ βββββββββ βββββββ βββ βββ ββββββββββββββ βββ
ββββ ββββββββββ βββββ βββ βββ ββββββββββββββ βββ
βββββββ ββββββββ βββ ββββββββββββββββββββ ββββββββββββ
βββββ ββββββββ βββ ββββββββ βββββββ βββ βββ βββββββ
V E Y L U R O Β· W A T E R & D R A G O N
"Veil your privacy. Let the dragon flow."
End-to-End Encrypted Messenger - Mobile Β· Desktop Β· Server Web
Veyluro lΓ nα»n tαΊ£ng nhαΊ―n tin zero-knowledge, end-to-end encrypted cho mobile + desktop. Server chα» lΖ°u encrypted bundle vΓ metadata giao vαΊn, khΓ΄ng giα»― private key Δα» Δα»c nα»i dung tin nhαΊ―n.
- Mobile - React Native + Expo
- Desktop - Wails v2
- Backend - Go + Chi + MySQL/MariaDB + WebSocket hub
- Web runtime - static bundle Δược serve tα»«
packages/server/cmd/server/web
Messages Δược mΓ£ hΓ³a client-side bαΊ±ng AES-256-GCM. Session key mα»i tin nhαΊ―n Δược wrap theo tα»«ng recipient bαΊ±ng RSA-2048-OAEP.
apps/mobilelΓ mobile app chΓnhapps/desktop/wails-applΓ desktop app chΓnhapps/android-nativelΓ hΖ°α»ng native song song (work-in-progress)- shared crypto/types nαΊ±m α»
packages/common - server API + realtime nαΊ±m α»
packages/server
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SENDER DEVICE β
β β
β plaintext -> AES-256-GCM -> ciphertext β
β ^ β
β ephemeral session key (random) β
β β β
β RSA-OAEP wrap x N recipients β
β sessionKeys = { userId: encryptedKey, ... } β
βββββββββββββββββββββββ¬βββββββββββββββββββββββββββββ
β { sessionKeys, payload }
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GO SERVER (BLIND) β
β β
β Stores encrypted bundles and metadata. β
β Forwards via WebSocket hub. β
β Cannot read message plaintext. β
βββββββββββββββββββββββ¬βββββββββββββββββββββββββββββ
β same bundle
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β RECIPIENT DEVICE β
β β
β sessionKeys[myId] -> RSA-OAEP unwrap β
β βΌ β
β session key -> AES-256-GCM decrypt β
β βΌ β
β plaintext β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Platform | Storage | Backed by |
|---|---|---|
| Web bundle runtime | IndexedDB (idb) |
Browser origin |
| Desktop (Wails) | IndexedDB | WebView storage |
| Mobile | expo-secure-store |
Android Keystore / iOS Keychain |
veyluro/
βββ apps/
β βββ mobile/
β βββ desktop/wails-app/
β βββ android-native/
βββ packages/
β βββ common/
β βββ server/
βββ docs/
βββ scripts/
| Feature | Status |
|---|---|
| End-to-end encrypted DM | β |
| End-to-end encrypted group chat | β |
| Realtime WebSocket delivery | β |
| Friend system | β |
| Pending messages | β |
| Notes / ephemeral content | β |
| Google OAuth | β |
| TOTP 2FA | β |
| Passphrase key recovery | β |
| User blocking | β |
| Admin moderation tools | β |
| Avatar upload to Cloudflare R2 | β |
| Mobile client | β |
| Desktop client | β |
Requirements:
- Node.js 20+
- pnpm 9+
- Go 1.23+
- MySQL 8+ hoαΊ·c MariaDB 10.6+
Common commands:
pnpm install
npm run dev:mobile
cd apps/desktop/wails-app && /home/congmc/go/bin/wails dev
cd packages/server && go run ./cmd/serverRelease examples:
# Android
cd apps/mobile/android && ./gradlew clean assembleRelease
# Wails Linux
cd apps/desktop/wails-app && /home/congmc/go/bin/wails build
# Wails Windows portable + installer
/home/congmc/go/bin/wails build -platform windows/amd64
/home/congmc/go/bin/wails build -platform windows/amd64 -nsisreCAPTCHA chα» Γ‘p dα»₯ng cho auth flow của web runtime:
registerloginforgot-passwordreset-password
BαΊ£n mobile/desktop khΓ΄ng bα» Γ©p captcha.
Env cαΊ§n set:
- Server:
RECAPTCHA_SECRET_KEY - Frontend web:
VITE_RECAPTCHA_SITE_KEY
Xem cΓ‘c file template:
packages/server/.env.exampleapps/mobile/.env.exampleapps/desktop/wails-app/frontend/.env.example
KhΓ΄ng commit .env runtime secrets hoαΊ·c keystore vΓ o public repo.