Frontend client for a privacy-first, end-to-end encrypted messaging system powered by the OpenTestudox Protocol.
OpenTestudox Client is responsible for secure user interaction, local cryptographic operations, and device-level identity management. All encryption and decryption occur strictly on the client, ensuring that no plaintext data is ever exposed to the backend or network intermediaries.
npm install
npm run devOpenTestudox follows a strict client-side trust model:
- End-to-end encryption enforced at the client layer
- No plaintext messages leave the device
- Cryptographic keys never leave the client environment
- Backend acts only as a relay, not a trusted entity
The system is built around a cryptography-first design:
- libsodium (WebAssembly) for secure primitives
- Device-based identity system (per-device key pairs)
- Stateless backend communication
- Secure local key storage
- QR-based identity verification
All core encryption logic is implemented inside the E2E/ directory.
This includes:
- Identity creation and secure storage
- Identity loading and decryption
- Signed PreKey generation and rotation
- One-Time PreKey generation and consumption
- X3DH key agreement protocol
- Double Ratchet initialization and message key derivation
- HKDF-based key derivation
All of this logic is written in JavaScript using WebAssembly-backed libsodium, ensuring high-performance and secure cryptographic operations.
👉 You can study the full protocol implementation directly inside the E2E/ folder.
- Ed25519 identity keypair
- Private key encrypted locally using a user-derived storage key
- Prevents identity reset to avoid breaking trust
Reference:
- Decrypts identity using storageKey
- Validates integrity and prevents tampering
- Throws error if corrupted or wrong passphrase
Reference:
- X25519 keypair signed by identity key
- Rotates periodically (~30 days)
- Prevents server-side key substitution attacks
Reference:
- Multiple X25519 keypairs generated
- Each used exactly once
- Deleted immediately after use
Reference: and
- Performs 3–4 Diffie-Hellman operations
- Verifies signed prekey authenticity
- Derives shared secret using HKDF
Reference: and
- Uses HKDF-SHA256
- Separates root keys, chain keys, and message keys
- Prevents key reuse and ensures cryptographic separation
Reference:
- Derives sending and receiving chain keys
- Tracks message counters
- Supports replay protection and out-of-order messages
Reference:
Generate Identity → Store Securely → Share Public Keys
↓
X3DH Handshake → Derive Root Key
↓
Initialize Double Ratchet
↓
Encrypt Messages → Send via Server → Decrypt Locally
- Clearing browser storage will permanently remove identity keys
- Multi-tab usage must be handled carefully to avoid identity mismatch
- Corrupted identity or wrong storageKey will break decryption
Pull requests are welcome. For major changes, open an issue first.
Report vulnerabilities privately:
GNU Affero General Public License v3.0 (AGPLv3) https://www.gnu.org/licenses/agpl-3.0.html
This software includes cryptographic functionality. Users are responsible for complying with local laws regarding encryption usage.