summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGab <24553253+gabrix73@users.noreply.github.com>2025-06-06 13:45:25 +0200
committerGitHub <noreply@github.com>2025-06-06 13:45:25 +0200
commit7887624068a9f5307d2efc8c33fa7dca4205b0aa (patch)
tree0673f4d4aec7558f978881d6ae06bfa23d91103a
parentd360bd4366505c0163f18fa76fb5612464b3896e (diff)
downloadnofuture-go-memguard-7887624068a9f5307d2efc8c33fa7dca4205b0aa.tar.gz
nofuture-go-memguard-7887624068a9f5307d2efc8c33fa7dca4205b0aa.tar.xz
nofuture-go-memguard-7887624068a9f5307d2efc8c33fa7dca4205b0aa.zip
Update README.md
-rw-r--r--README.md88
1 files changed, 88 insertions, 0 deletions
diff --git a/README.md b/README.md
index 8d32daf..29c8497 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,93 @@ Its core purpose is simple but powerful:
---
+## πŸ” Cryptographic Primitives
+
+- **Kyber1024-90s** (Post-Quantum Key Encapsulation - KEM)
+ > Used to establish a shared session key between users.
+
+- **Dilithium5-AES** (Post-Quantum Digital Signature - PQDS)
+ > Used for optional mutual authentication and message verification.
+
+- **BLAKE2b-512**
+ > Used in session binding and secure hash-based key derivation.
+
+- **XChaCha20-Poly1305**
+ > Used for symmetric encryption of the actual message content.
+
+- **argon2id** with OWASP-recommended parameters
+ > Memory-hard key derivation used for passphrases and session binding.
+
+---
+
+## 🧠 Key Generation & Memory Protection
+
+- All cryptographic keys are generated **in volatile memory (RAM)**.
+- Sensitive buffers (session keys, private keys, derived secrets) are stored using [`memguard`](https://github.com/awnumar/memguard), a secure memory management library for Go.
+- `memguard`:
+ - Locks memory pages (`mlock`) to prevent swapping.
+ - Encrypts memory buffers while in RAM.
+ - Prevents access from other users β€” including the root user or malware.
+ - Performs secure erasure when buffers are destroyed or on crash.
+
+> βœ… **No key material ever touches the disk or garbage-collected heap.**
+
+---
+
+## πŸ–±οΈ Virtual Keyboard (Anti-Keylogger)
+
+To protect local input from keyloggers or spyware, `nofuture.go` integrates an **optional on-screen virtual keyboard** with randomized key layout.
+
+- Protects against keyloggers reading `/dev/input` or `stdin`.
+- No physical keypress events are generated.
+- Layout is randomized per session.
+- Optional use, recommended for high-security environments.
+
+---
+
+## πŸ” Session Flow
+
+Encrypted communication is based on shared **Session IDs**, which encapsulate the cryptographic context between two users.
+
+### πŸ”Έ Phase 1: Create Session
+
+- Generate a key pair using Kyber KEM.
+- Derive a session key and unique **Session ID**.
+- All key material is held in memory and locked by `memguard`.
+
+### πŸ”Έ Phase 2: Share Session ID
+
+- Copy the Session ID and send it to your contact using **any chat platform**.
+- Session IDs **do not contain sensitive data**.
+- Transmission over unencrypted channels (chat, email) is acceptable, but encrypted ones are recommended.
+
+### πŸ”Έ Phase 3: Synchronize Session
+
+- Your contact imports the Session ID into their instance of `nofuture.go`.
+- The app performs a key agreement and mutual validation (using Dilithium signatures if enabled).
+- Once both sides are synchronized, they can start exchanging encrypted text.
+
+---
+
+## πŸ’₯ End Session = Total Key Destruction
+
+When you end the session:
+
+- All keys are securely wiped using `memguard.Purge()`.
+- Session memory is sanitized according to [NIST SP 800-88](https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final).
+- No forensic recovery is possible β€” not even with root access or RAM snapshots.
+- The ciphertext remains in your chat app, but **can never be decrypted again**.
+
+> πŸ” One conversation. One key. One chance to read. No future access.
+
+---
+
+## πŸ“„ Usage Example
+
+See [USAGE.md](USAGE.md) for a full guide on how to use `nofuture.go` alongside a browser-based chat client.
+
+---
+
## πŸ“œ License
MIT License β€” see [`LICENSE`](./LICENSE)
@@ -44,3 +131,4 @@ Because **privacy isn’t a feature** β€” it’s a human right.
+