A high-performance QUIC-based secure messaging system with military-grade encryption and perfect forward secrecy.
- Level 2 Security: AES-256-GCM encryption + Ed25519 signatures + HMAC-SHA256
- Perfect Forward Secrecy: X25519 ephemeral keys for each session
- Passphrase Protection: Optional Argon2-based key encryption
- Trust-On-First-Use (TOFU): Device fingerprint verification
- Replay Protection: LRU cache prevents message replay attacks
- Message Expiration: 5-minute validity window
- QUIC Protocol: Low-latency, multiplexed connections
- Efficient Cryptography: Hardware-accelerated via ring
- Concurrent Connections: Bridge supports multiple remotes
- 2.5MB Message Size: Can be changed
- Colored CLI: Professional interface with status indicators
- Network Interface Selection: Bridge can bind to any available network interface
- Persistent Identity: Reconnect without re-approval
- Simple Commands: Intuitive bridge and remote interfaces
- Cross-Platform: Works on Linux, macOS, and Windows
- Rust 1.70 or higher
git clone https://github.com/stan-smith/kaiju-secure-messaging
cd kaiju-secure-messaging
cargo build --releaseThe binaries will be in target/release/:
bridge- The bridge serverremote- The remote client
cargo install --path ../target/release/bridgeYou'll be prompted to:
- Select Network Interface: Choose from available interfaces (or press Enter for localhost)
- Choose Port: Specify port number (default: 5555)
Example:
Available network interfaces:
1. localhost - 127.0.0.1
2. eth0 - 192.168.1.100
3. wlan0 - 192.168.1.101
Select interface number (or press Enter for localhost): 2
Enter port (default: 5555): 5555
Starting bridge on 192.168.1.100:5555...
./target/release/remoteYou'll be prompted for:
- Device ID: Choose a unique name (e.g., "laptop", "phone")
- Passphrase Protection (first time only): Optionally protect your identity
- Bridge Address: Enter the bridge's IP:port (e.g., "192.168.1.100:5555")
On first connection, the bridge shows:
New device connection request:
Device ID: laptop
Identity key fingerprint: [a5, 2f, 8c, ...]
Accept this device? (yes/no): yes
From Remote:
> Hello bridge!
From Bridge:
> send laptop Hello from bridge!
> broadcast Hello everyone!
> list
| Command | Description |
|---|---|
list |
Show all connected devices |
send <device_id> <message> |
Send to specific device |
broadcast <message> |
Send to all devices |
quit or exit |
Shutdown bridge |
- Type any message to send to bridge
quitorexitto disconnect
- First-time setup creates a persistent identity key
- Optional passphrase encryption (recommended)
- Keys stored in
~/.local/share/kaiju-secure-messaging/device_keys/
- Bridge must approve new devices
- Approved devices stored in trust database
- Reconnections auto-approved for known devices
- Different identity = new approval required
- Connection: Remote sends Hello with public keys
- Approval: Bridge operator verifies fingerprint
- Key Exchange: X25519 Diffie-Hellman establishes session
- Encryption: AES-256-GCM with unique nonce per message
- Authentication: Ed25519 signatures + HMAC-SHA256
┌─────────────┐ QUIC/TLS 1.3 ┌─────────────┐
│ Remote │◄────────────────────────────►│ Bridge │
│ (Client) │ │ (Server) │
└─────────────┘ └─────────────┘
│ │
├─ Identity Key (Ed25519) ├─ Trust Store
├─ Ephemeral Key (X25519) ├─ Multi-Device Router
└─ Session Keys (AES+HMAC) └─ Session Manager
- Remote → Bridge: Direct encrypted messages
- Bridge → Remote: Routed by device ID
- Bridge → All: Broadcast capability
- Security: All messages encrypted, signed, and HMAC'd
kaiju-secure-messaging/
├── src/
│ ├── lib.rs # Public API and trust management
│ ├── error.rs # Error types
│ ├── protocol.rs # Message types and wire format
│ ├── crypto.rs # Cryptographic operations
│ ├── message.rs # Message handling
│ ├── transport.rs # QUIC transport layer
│ └── bin/
│ ├── bridge.rs # Bridge server binary
│ └── remote.rs # Remote client binary
└── tests/
└── integration_test.rs # Security test suite
cargo test --releaseTest coverage includes:
- Full handshake and message exchange
- Replay protection
- HMAC tampering detection
- Signature verification
- Message expiration
- Trusted device persistence
- Perfect forward secrecy
cargo doc --openRUST_LOG: Set logging level (e.g.,info,debug)
- Identity Keys:
~/.local/share/kaiju-secure-messaging/device_keys/ - Trust Database:
~/.local/share/kaiju-secure-messaging/trusted_devices.json
- Always use passphrase protection for identity keys
- Verify fingerprints when approving new devices
- Run bridge on trusted network or use VPN
- Regular key rotation - Delete old identity keys periodically
-
Protects Against:
- Eavesdropping (AES-256-GCM)
- Man-in-the-middle (Ed25519 signatures)
- Replay attacks (Message ID cache)
- Identity spoofing (Persistent keys + TOFU)
- Session hijacking (PFS with ephemeral keys)
-
Does Not Protect Against:
- Compromised endpoints
- Physical access to device
- Traffic analysis (use Tor for anonymity)
- Denial of service
Contributions are welcome! Please ensure:
- All tests pass
- Security features maintained
- No emojis in code
- Clean, commented code
- Update documentation
Unlicense, do what you want with it. No warranty at all, or promises made, verify all information yourself.
Built with:
- Quinn - QUIC implementation
- Ring - Cryptographic operations
- Tokio - Async runtime
- Ed25519-dalek - Digital signatures
For issues, questions, or suggestions, please open an issue on GitHub.