msg2future - Sending Messages into the Future

🌐 Visit the Project Website

msg2future is a secure messaging application that allows users to send messages (or large files) which can only be decrypted after a specific release date in the future.

👉 In short: it's a digital time capsule powered by modern cryptography (OPAQUE, ECIES + AES-GCM, Ed25519, BLAKE2b, Argon2id).

⚠️ Disclaimer

This is a personal project to explore modern cryptography and its integration into a development stack.
It is intended for learning and experimentation, not production use.

Security-critical systems require professional audits, formal analysis, and extensive hardening.

✨ Features

• 🔑 OPAQUE authentication → login without ever revealing the password to the server
• 🗝️ Hybrid encryption (ECIES + AES-GCM-256) → a per-message key K is encapsulated via ECIES (ECDH P-256 + HKDF) to produce Ck
• ✍️ Digital signatures (Ed25519) → authenticity & non-repudiation, signatures over (H || Ck || T)
• ⏳ Time-locked decryption → server enforces release time T, holds Ck until due
• 📂 Large files → 64 MB chunking, streaming/resume, per-chunk BLAKE2b-512 verification
• 🔄 Secure password change → update password without losing access to past messages
• 🕵️ Server privacy → only encrypted blobs are stored. Private keys remain client-side, protected with Argon2id
• 🌍 Scalable architecture → crypto heavy-lifting runs on clients. Backend stays lightweight and horizontally scalable

⏳ Time-locked Flow (overview)

1. OPAQUE login → derive a session key (password never leaves client)
2. Encrypt content with fresh K (AES-GCM-256), split into chunks C, compute BLAKE2b-512 per chunk → hash H
3. Encapsulate K via ECIES (ECDH P-256 + HKDF) → Ck
4. Sign metadata with Ed25519 over (H || Ck || T)
5. Unlock at T → server releases Ck iff now ≥ T. Client verifies, decapsulates to recover K, then decrypts chunks C

🛠️ Tech Stack

Frontend

• TypeScript, React, Vite
• Tailwind CSS, Radix UI
• Zustand (state), Zod (validation)

Backend

• TypeScript, Node.js, Fastify
• Prisma ORM + SQLite
• Docker Compose for local dev & deployment

Cryptography libraries

• libsodium / libsodium-wrappers → Ed25519, Argon2id, BLAKE2b, optional ECIES over Curve25519
• Web Crypto API → ECIES (P-256 + HKDF), AES-GCM
• serenity-kit/opaque → OPAQUE PAKE (Ristretto255)

🚀 Getting Started

1. Clone the repo

git clone https://github.com/hadrylouis/msg2future
cd msg2future

2. Build images

docker compose build

Builds two Docker images:

• frontend (React/Vite app on port 5173)
• backend (Fastify API on port 3000)

3. Start everything

docker compose up -d

• Frontend → http://localhost:5173
• Backend API → http://localhost:3000

📂 Folder Structure

frontend/         # React + Vite + Tailwind + Radix UI + Zustand + crypto
  └── src/
      ├── components/   # UI components
      ├── crypto/       # ECIES, Ed25519, AES-GCM, Argon2id, HKDF
      ├── services/     # API per feature (auth, messages…)
      ├── stores/       # Zustand stores (session, uploads…)
      └── ...

backend/          # Fastify + Prisma + OPAQUE + libsodium
  └── src/
      ├── crypto/       # hkdf.ts, session-crypto.ts (AES-GCM over session_key)
      ├── routes/       # auth.ts, login.ts, message.ts, user.ts
      ├── server.ts     # Fastify bootstrap
      └── ...

report/           # Full cryptography report (design & analysis)
  └── msg2future.pdf

📖 Documentation

The report/ folder contains the full cryptographic design and analysis.

• Choice of algorithms and key sizes
• Key management and derivation schema
• Time-lock decryption protocol design
• Scalability considerations for millions of users
• Implementation details (frontend crypto, backend OPAQUE, chunk-based files)
• Possible improvements (e.g. replay protection)

📜 License

Licensed under the GNU General Public License v3.0 (GPL-3.0). You may use, modify, and redistribute under the same terms.