1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
# π‘οΈ nofuture.go β Ephemeral Post-Quantum Text Encryption
[](./LICENSE)
[](https://golang.org)
[](#)
[](#)
**nofuture.go** is a secure, ephemeral text encryption application designed to facilitate private communication β even across untrusted platforms β using post-quantum cryptography, memory-hard key management, and a local virtual keyboard for anti-keylogger defense.
Its core purpose is simple but powerful:
> π¬ **Encrypt sensitive text, exchange it via any mainstream chat, and make the keys disappear forever.**
---
## π¦ Project Structure
- `cmd/` β CLI and runtime entry points
- `internal/crypto` β Kyber, Dilithium, Argon2, BLAKE2b, XChaCha
- `internal/memory` β memguard-backed key handling
- `assets/` β frontend static files (keyboard UI, etc.)
- `USAGE.md` β basic usage guide
---
## π Documentation
- β
[How it works](#session-flow)
- β
[Cryptographic primitives](#cryptographic-primitives)
- β
[Memory protection](#key-generation--memory-protection)
- β
[Virtual keyboard](#virtual-keyboard-anti-keylogger)
- β
[Usage example](USAGE.md)
---
## π Cryptographic Primitives
- **Kyber1024-90s** (Post-Quantum Key Encapsulation - KEM)
> Used to establish a shared session key between users.
- **Dilithium5-AES** (Post-Quantum Digital Signature - PQDS)
> Used for optional mutual authentication and message verification.
- **BLAKE2b-512**
> Used in session binding and secure hash-based key derivation.
- **XChaCha20-Poly1305**
> Used for symmetric encryption of the actual message content.
- **argon2id** with OWASP-recommended parameters
> Memory-hard key derivation used for passphrases and session binding.
---
## π§ Key Generation & Memory Protection
- All cryptographic keys are generated **in volatile memory (RAM)**.
- Sensitive buffers (session keys, private keys, derived secrets) are stored using [`memguard`](https://github.com/awnumar/memguard), a secure memory management library for Go.
- `memguard`:
- Locks memory pages (`mlock`) to prevent swapping.
- Encrypts memory buffers while in RAM.
- Prevents access from other users β including the root user or malware.
- Performs secure erasure when buffers are destroyed or on crash.
> β
**No key material ever touches the disk or garbage-collected heap.**
---
## π±οΈ Virtual Keyboard (Anti-Keylogger)
To protect local input from keyloggers or spyware, `nofuture.go` integrates an **optional on-screen virtual keyboard** with randomized key layout.
- Protects against keyloggers reading `/dev/input` or `stdin`.
- No physical keypress events are generated.
- Layout is randomized per session.
- Optional use, recommended for high-security environments.
---
## π Session Flow
Encrypted communication is based on shared **Session IDs**, which encapsulate the cryptographic context between two users.
### πΈ Phase 1: Create Session
- Generate a key pair using Kyber KEM.
- Derive a session key and unique **Session ID**.
- All key material is held in memory and locked by `memguard`.
### πΈ Phase 2: Share Session ID
- Copy the Session ID and send it to your contact using **any chat platform**.
- Session IDs **do not contain sensitive data**.
- Transmission over unencrypted channels (chat, email) is acceptable, but encrypted ones are recommended.
### πΈ Phase 3: Synchronize Session
- Your contact imports the Session ID into their instance of `nofuture.go`.
- The app performs a key agreement and mutual validation (using Dilithium signatures if enabled).
- Once both sides are synchronized, they can start exchanging encrypted text.
---
## π₯ End Session = Total Key Destruction
When you end the session:
- All keys are securely wiped using `memguard.Purge()`.
- Session memory is sanitized according to [NIST SP 800-88](https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final).
- No forensic recovery is possible β not even with root access or RAM snapshots.
- The ciphertext remains in your chat app, but **can never be decrypted again**.
> π One conversation. One key. One chance to read. No future access.
---
## π Usage Example
See [USAGE.md](USAGE.md) for a full guide on how to use `nofuture.go` alongside a browser-based chat client.
---
## π License
MIT License β see [`LICENSE`](./LICENSE)
---
## β Built with love and defiance
Because **privacy isnβt a feature** β itβs a human right.
|