msg2future
Time-locked E2E crypto

msg2future - Sending Messages into the Future

A secure messaging application to send messages or large files that can only be decrypted after a specific release date.

πŸ‘‰ A digital time capsule powered by OPAQUE, ECIES + AES-GCM, Ed25519, and chunk-based encryption.

Explore features View on GitHub
OPAQUE β€’ ECIES + AES-GCM β€’ Ed25519 β€’ BLAKE2b β€’ Argon2id
🧭 Time-locked flow (overview)
  1. 1
    OPAQUE login β†’ derive a session key, password never leaves client.
  2. 2
    Encrypt content with fresh K (AES-GCM-256). Split into chunks, compute BLAKE2b per chunk to form H
  3. 3
    Encapsulate K to recipient via ECIES (ECDH P-256 + HKDF) β†’ Ck
  4. 4
    Sign metadata with Ed25519 over (H || Ck || T)
  5. 5
    Unlock at T β†’ server releases Ck iff now β‰₯ T. Client verifies & decapsulates to recover K, then decrypts all ciphertext chunks.
⚠️

Project disclaimer

This is a personal project to explore modern cryptography (OPAQUE, ECIES, Ed25519) and its integration into a modern development stack.

It is intended for learning and experimentation, not for production use.

✨ Features

What the app delivers beyond a typical messaging PoC.

πŸ”‘ OPAQUE authentication

Login without ever revealing the password to the server. Derives a session key that protects sensitive API payloads.

πŸ—οΈ Hybrid encryption (ECIES + AES-GCM-256)

Only recipients can decrypt. A per-message key K is encapsulated via ECIES (ECDH P-256 + HKDF) to produce Ck.

✍️ Digital signatures (Ed25519)

Authenticity & non-repudiation. Sign (H || Ck || T) where H summarizes BLAKE2b(Ck).

⏳ Time-locked decryption

Server enforces T and withholds Ck until due. Client verifies, decapsulates, then decrypts all C.

πŸ“‚ Large files (TB, PB)

64 MB chunking, streaming/resume, per-chunk BLAKE2b verification.

πŸ•΅οΈ Server privacy

Only encrypted blobs are stored. Private keys stay client-side, protected by Argon2id-derived keys.

πŸ”„ Secure password change

Change password without losing access to past messages, preserving cryptographic integrity.

🌍 Scalable architecture

Client-side crypto keeps the backend lightweight and horizontally scalable.

Cryptography at a glance

Primitives & libs

  • OPAQUE (serenity-kit/opaque) β†’ session key + password secrecy
  • ECIES (ECDH P-256 + HKDF-SHA-256) β†’ encapsulate K to Ck
  • AES-GCM-256 β†’ content encryption (chunked ciphertext C)
  • Ed25519 β†’ signatures (metadata)
  • Argon2id β†’ client-side key derivation
  • BLAKE2b β†’ per-chunk integrity
  • libsodium / libsodium-wrappers + WebCrypto

Time-locked decrypt timeline

1

OPAQUE

2

Encrypt + chunk

3

ECIES encapsulate K β†’ Ck

4

Sign metadata with Ed25519

5

Release @ T

Verify signature β†’ server releases Ck at T β†’ decapsulate K β†’ decrypt all ciphertext chunks C

πŸš€ Getting started

Run locally with Docker Compose. Three quick steps.

1

Clone

git 
  git clone https://github.com/hadrylouis/msg2future
  cd msg2future
2

Build images

docker 
docker compose build
  • frontend React/Vite on 5173
  • backend Fastify API on 3000

πŸ› οΈ Stack & Libraries

Backend

API β€’ Data β€’ Auth
TypeScript Node.js Fastify Prisma SQLite Docker Compose
  • High-performance HTTP with Fastify
  • Prisma ORM & schema management
  • SQLite for simple, portable storage
  • Dockerized for easy deployment

Frontend

UI β€’ State β€’ Tooling
TypeScript React Vite TailwindCSS Radix UI Zustand Zod
  • React + Vite developer experience
  • TailwindCSS utility-first styling
  • RadixUI accessible components
  • Zustand state management
  • Zod schema validation

Cryptography libraries

client β€’ server
libsodium Web Crypto API serenity-kit/opaque

πŸ“‚ Folder Structure

Frontend

frontend/         # React + Vite + Tailwind + Radix UI + Zustand + libsodium-wrappers
  └── src/
      β”œβ”€β”€ App.tsx
      β”œβ”€β”€ assets/       # images, icons…
      β”œβ”€β”€ components/   # reusable UI (buttons, fields, modals)
      β”œβ”€β”€ crypto/       # ECIES, Ed25519, AES-GCM, Argon2id, HKDF, utils
      β”œβ”€β”€ hooks/
      β”œβ”€β”€ layouts/
      β”œβ”€β”€ lib/          # helpers (http, validators)
      β”œβ”€β”€ main.tsx
      β”œβ”€β”€ pages/        # views/screens
      β”œβ”€β”€ services/     # API per feature (auth, messages…)
      β”œβ”€β”€ stores/       # Zustand stores (session, uploads…)
      └── types/

Backend

backend/          # Fastify (TS) + Prisma (SQLite) + serenity-kit/opaque + libsodium
  └── src/
      β”œβ”€β”€ crypto/       # hkdf.ts, session-crypto.ts (AES-GCM over session_key)
      β”œβ”€β”€ routes/       # auth.ts, login.ts, message.ts, user.ts
      β”œβ”€β”€ server.ts     # Fastify bootstrap
      β”œβ”€β”€ types/        # TS types
      └── utils.ts

πŸ“– Documentation & License

Documentation

The report/ folder contains the full cryptographic design and analysis. It includes:

  • Choice of algorithms and key sizes
  • Key management and derivation schema
  • Time-lock decryption protocol design
  • Scalability considerations for millions of users
  • Implementation details (frontend crypto, backend OPAQUE, chunk-based files)
  • Possible improvements (e.g., replay protection)
View report (PDF)
Open Source

πŸ“œ License

Licensed under GNU GPL-3.0. You may use, modify, and redistribute under the same terms.

Read LICENSE