diff options
| author | Gab <24553253+gabrix73@users.noreply.github.com> | 2025-06-06 13:45:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-06 13:45:25 +0200 |
| commit | 7887624068a9f5307d2efc8c33fa7dca4205b0aa (patch) | |
| tree | 0673f4d4aec7558f978881d6ae06bfa23d91103a | |
| parent | d360bd4366505c0163f18fa76fb5612464b3896e (diff) | |
| download | nofuture-go-memguard-7887624068a9f5307d2efc8c33fa7dca4205b0aa.tar.gz nofuture-go-memguard-7887624068a9f5307d2efc8c33fa7dca4205b0aa.tar.xz nofuture-go-memguard-7887624068a9f5307d2efc8c33fa7dca4205b0aa.zip | |
Update README.md
| -rw-r--r-- | README.md | 88 |
1 files changed, 88 insertions, 0 deletions
@@ -33,6 +33,93 @@ Its core purpose is simple but powerful: --- +## π Cryptographic Primitives + +- **Kyber1024-90s** (Post-Quantum Key Encapsulation - KEM) + > Used to establish a shared session key between users. + +- **Dilithium5-AES** (Post-Quantum Digital Signature - PQDS) + > Used for optional mutual authentication and message verification. + +- **BLAKE2b-512** + > Used in session binding and secure hash-based key derivation. + +- **XChaCha20-Poly1305** + > Used for symmetric encryption of the actual message content. + +- **argon2id** with OWASP-recommended parameters + > Memory-hard key derivation used for passphrases and session binding. + +--- + +## π§ Key Generation & Memory Protection + +- All cryptographic keys are generated **in volatile memory (RAM)**. +- Sensitive buffers (session keys, private keys, derived secrets) are stored using [`memguard`](https://github.com/awnumar/memguard), a secure memory management library for Go. +- `memguard`: + - Locks memory pages (`mlock`) to prevent swapping. + - Encrypts memory buffers while in RAM. + - Prevents access from other users β including the root user or malware. + - Performs secure erasure when buffers are destroyed or on crash. + +> β
**No key material ever touches the disk or garbage-collected heap.** + +--- + +## π±οΈ Virtual Keyboard (Anti-Keylogger) + +To protect local input from keyloggers or spyware, `nofuture.go` integrates an **optional on-screen virtual keyboard** with randomized key layout. + +- Protects against keyloggers reading `/dev/input` or `stdin`. +- No physical keypress events are generated. +- Layout is randomized per session. +- Optional use, recommended for high-security environments. + +--- + +## π Session Flow + +Encrypted communication is based on shared **Session IDs**, which encapsulate the cryptographic context between two users. + +### πΈ Phase 1: Create Session + +- Generate a key pair using Kyber KEM. +- Derive a session key and unique **Session ID**. +- All key material is held in memory and locked by `memguard`. + +### πΈ Phase 2: Share Session ID + +- Copy the Session ID and send it to your contact using **any chat platform**. +- Session IDs **do not contain sensitive data**. +- Transmission over unencrypted channels (chat, email) is acceptable, but encrypted ones are recommended. + +### πΈ Phase 3: Synchronize Session + +- Your contact imports the Session ID into their instance of `nofuture.go`. +- The app performs a key agreement and mutual validation (using Dilithium signatures if enabled). +- Once both sides are synchronized, they can start exchanging encrypted text. + +--- + +## π₯ End Session = Total Key Destruction + +When you end the session: + +- All keys are securely wiped using `memguard.Purge()`. +- Session memory is sanitized according to [NIST SP 800-88](https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final). +- No forensic recovery is possible β not even with root access or RAM snapshots. +- The ciphertext remains in your chat app, but **can never be decrypted again**. + +> π One conversation. One key. One chance to read. No future access. + +--- + +## π Usage Example + +See [USAGE.md](USAGE.md) for a full guide on how to use `nofuture.go` alongside a browser-based chat client. + +--- + ## π License MIT License β see [`LICENSE`](./LICENSE) @@ -44,3 +131,4 @@ Because **privacy isnβt a feature** β itβs a human right. + |
