summaryrefslogtreecommitdiffstats
path: root/cmd
diff options
context:
space:
mode:
authorGab Virebent <gabriel1@virebent.art>2026-06-20 01:07:45 +0000
committerGab Virebent <gabriel1@virebent.art>2026-06-20 01:07:45 +0000
commitaa459e3b84cc4c5d908f3781c9253848c18640c3 (patch)
tree8454b956cc0fa027034c8291f39d58ece469e10c /cmd
downloadnymdrop-aa459e3b84cc4c5d908f3781c9253848c18640c3.tar.gz
nymdrop-aa459e3b84cc4c5d908f3781c9253848c18640c3.tar.xz
nymdrop-aa459e3b84cc4c5d908f3781c9253848c18640c3.zip
Initial public release: Nym-native anonymous submission system
End-to-end verified pipeline (browser -> HTTP relay -> Nym mixnet -> reader). Client-side X25519+HKDF+AES-GCM-256, no-log blind relay, AGPL-3.0.
Diffstat (limited to 'cmd')
-rw-r--r--cmd/nymdrop-reader/main.go460
-rw-r--r--cmd/nymdrop-source/main.go257
-rw-r--r--cmd/nymdrop/main.go59
3 files changed, 776 insertions, 0 deletions
diff --git a/cmd/nymdrop-reader/main.go b/cmd/nymdrop-reader/main.go
new file mode 100644
index 0000000..248972e
--- /dev/null
+++ b/cmd/nymdrop-reader/main.go
@@ -0,0 +1,460 @@
+package main
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/ecdh"
+ "crypto/rand"
+ "crypto/sha256"
+
+ "golang.org/x/crypto/hkdf"
+ "embed"
+ "encoding/base64"
+ "encoding/hex"
+ "encoding/json"
+ "flag"
+ "fmt"
+ "io"
+ "io/fs"
+ "os"
+ "os/exec"
+ "os/signal"
+ "path/filepath"
+ "runtime"
+ "strings"
+ "syscall"
+ "time"
+
+ "golang.org/x/net/websocket"
+)
+
+//go:embed bin/nym-client-linux-amd64
+var nymBin embed.FS
+
+func main() {
+ keyFile := flag.String("key", "", "path to X25519 private key file (hex, 32 bytes); generated if missing")
+ inboxID := flag.String("id", "nymdrop-inbox", "nym-client identity id")
+ wsPort := flag.Int("ws-port", 1977, "nym-client websocket port")
+ outDir := flag.String("out", "", "directory to save submissions (default: ~/nymdrop-inbox)")
+ flag.Parse()
+
+ homeDir, _ := os.UserHomeDir()
+ if *outDir == "" {
+ *outDir = filepath.Join(homeDir, "nymdrop-inbox")
+ }
+ if err := os.MkdirAll(*outDir, 0700); err != nil {
+ fatalf("mkdir outDir: %v", err)
+ }
+
+ privKey := loadOrGenKey(*keyFile, homeDir)
+
+ nymBinPath := extractNymClient()
+ defer os.RemoveAll(filepath.Dir(nymBinPath))
+
+ configDir := filepath.Join(homeDir, ".nymdrop-reader")
+ initNymClient(nymBinPath, *inboxID, configDir)
+
+ nymCmd := startNymClient(nymBinPath, *inboxID, configDir, *wsPort)
+ defer nymCmd.Process.Kill()
+
+ wsURL := fmt.Sprintf("ws://127.0.0.1:%d", *wsPort)
+ ws := dialWS(wsURL)
+ defer ws.Close()
+
+ // Print own Nym address so operator knows where to point sources.
+ printSelfAddress(ws)
+
+ fmt.Printf("nymdrop-reader listening — submissions saved to %s\n", *outDir)
+ fmt.Println("Press Ctrl+C to quit.")
+
+ go receiveLoop(ws, privKey, *outDir)
+
+ sig := make(chan os.Signal, 1)
+ signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
+ <-sig
+ fmt.Println("\nShutting down.")
+}
+
+// ── key management ───────────────────────────────────────────────────────────
+
+func loadOrGenKey(keyFile, homeDir string) *ecdh.PrivateKey {
+ if keyFile == "" {
+ keyFile = filepath.Join(homeDir, ".nymdrop-reader", "privkey.hex")
+ }
+ data, err := os.ReadFile(keyFile)
+ if err == nil {
+ raw, err := hex.DecodeString(strings.TrimSpace(string(data)))
+ if err != nil {
+ fatalf("privkey decode: %v", err)
+ }
+ priv, err := ecdh.X25519().NewPrivateKey(raw)
+ if err != nil {
+ fatalf("privkey load: %v", err)
+ }
+ fmt.Printf("Loaded private key from %s\n", keyFile)
+ pubHex := hex.EncodeToString(priv.PublicKey().Bytes())
+ fmt.Printf("Public key (deploy in nymdrop-server): %s\n", pubHex)
+ return priv
+ }
+
+ // Generate new key.
+ rawPriv := make([]byte, 32)
+ if _, err := rand.Read(rawPriv); err != nil {
+ fatalf("keygen rand: %v", err)
+ }
+ priv, err := ecdh.X25519().NewPrivateKey(rawPriv)
+ if err != nil {
+ fatalf("keygen: %v", err)
+ }
+ if err := os.MkdirAll(filepath.Dir(keyFile), 0700); err != nil {
+ fatalf("mkdir keydir: %v", err)
+ }
+ if err := os.WriteFile(keyFile, []byte(hex.EncodeToString(rawPriv)+"\n"), 0600); err != nil {
+ fatalf("write privkey: %v", err)
+ }
+ pubHex := hex.EncodeToString(priv.PublicKey().Bytes())
+ fmt.Printf("Generated new private key → %s\n", keyFile)
+ fmt.Printf("Public key (deploy in nymdrop-server): %s\n\n", pubHex)
+ fmt.Println(" Set NYMDROP_PUBKEY_PLACEHOLDER to the public key above in static/crypto.js")
+ fmt.Println(" and rebuild the server before accepting submissions.")
+ return priv
+}
+
+// ── nym-client lifecycle ─────────────────────────────────────────────────────
+
+func extractNymClient() string {
+ tmpDir, err := os.MkdirTemp("", "nymdrop-reader-*")
+ if err != nil {
+ fatalf("mktemp: %v", err)
+ }
+ binName := "nym-client"
+ if runtime.GOOS == "windows" {
+ binName += ".exe"
+ }
+ binPath := filepath.Join(tmpDir, binName)
+
+ srcName := "bin/nym-client-linux-amd64"
+ data, err := fs.ReadFile(nymBin, srcName)
+ if err != nil {
+ fatalf("embedded nym-client not found: %v", err)
+ }
+ if err := os.WriteFile(binPath, data, 0700); err != nil {
+ fatalf("extract nym-client: %v", err)
+ }
+ return binPath
+}
+
+func initNymClient(binPath, id, configDir string) {
+ // --home removed: nym-client v1.1.76+ uses ~/.nym/ fixed path
+ cmd := exec.Command(binPath, "init", "--id", id)
+ cmd.Stdout = os.Stdout
+ cmd.Stderr = os.Stderr
+ _ = cmd.Run()
+}
+
+func startNymClient(binPath, id, configDir string, wsPort int) *exec.Cmd {
+ cmd := exec.Command(binPath, "run",
+ "--id", id,
+ "--port", fmt.Sprintf("%d", wsPort),
+ )
+ cmd.Stdout = os.Stdout
+ cmd.Stderr = os.Stderr
+ if err := cmd.Start(); err != nil {
+ fatalf("nym-client start: %v", err)
+ }
+ return cmd
+}
+
+// dialWS waits for the nym-client WebSocket to be ready, then returns the
+// open connection. Reusing the probe connection avoids the duplicate-connection
+// panic in nym-client (which rejects a second WS on the same port).
+func dialWS(wsURL string) *websocket.Conn {
+ fmt.Print("Connecting to Nym mixnet")
+ for i := 0; i < 120; i++ {
+ ws, err := websocket.Dial(wsURL, "", "http://localhost/")
+ if err == nil {
+ fmt.Println(" ready.")
+ return ws
+ }
+ fmt.Print(".")
+ time.Sleep(500 * time.Millisecond)
+ }
+ fatalf("nym-client websocket did not start in time")
+ return nil
+}
+
+// ── websocket message types ───────────────────────────────────────────────────
+
+type wsReceived struct {
+ Type string `json:"type"`
+ Message json.RawMessage `json:"message"`
+ SenderTag string `json:"senderTag"`
+}
+
+type wsSelfAddress struct {
+ Type string `json:"type"`
+ Address string `json:"address"`
+}
+
+func printSelfAddress(ws *websocket.Conn) {
+ req := map[string]string{"type": "selfAddress"}
+ if err := websocket.JSON.Send(ws, req); err != nil {
+ fmt.Fprintf(os.Stderr, "selfAddress send: %v\n", err)
+ return
+ }
+ var resp wsSelfAddress
+ if err := websocket.JSON.Receive(ws, &resp); err != nil {
+ fmt.Fprintf(os.Stderr, "selfAddress recv: %v\n", err)
+ return
+ }
+ fmt.Printf("Nym inbox address: %s\n\n", resp.Address)
+}
+
+// ── receive loop ──────────────────────────────────────────────────────────────
+
+func receiveLoop(ws *websocket.Conn, privKey *ecdh.PrivateKey, outDir string) {
+ debug := os.Getenv("NYMDROP_DEBUG") != ""
+ for {
+ // Read the raw frame regardless of opcode. websocket.Message.Receive
+ // copies the payload of both text and binary frames into the []byte,
+ // whereas websocket.JSON.Receive silently drops anything that is not a
+ // well-formed JSON text frame — which is exactly how earlier received
+ // messages were being lost.
+ var frame []byte
+ if err := websocket.Message.Receive(ws, &frame); err != nil {
+ if err == io.EOF || strings.Contains(err.Error(), "use of closed network connection") {
+ return
+ }
+ fmt.Fprintf(os.Stderr, "ws recv: %v\n", err)
+ time.Sleep(500 * time.Millisecond)
+ continue
+ }
+ if len(frame) == 0 {
+ continue
+ }
+ if debug {
+ preview := frame
+ if len(preview) > 200 {
+ preview = preview[:200]
+ }
+ fmt.Fprintf(os.Stderr, "[debug] frame: %d bytes, lead=0x%02x: %q\n",
+ len(frame), frame[0], preview)
+ }
+
+ dataB64, ok := extractMessageB64(frame)
+ if !ok {
+ continue
+ }
+
+ plaintext, err := decryptMessage(dataB64, privKey)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "decrypt failed: %v\n", err)
+ continue
+ }
+
+ saveSubmission(outDir, plaintext)
+ }
+}
+
+// extractMessageB64 pulls the base64 payload string out of a nym-client
+// "received" frame. It tolerates the two encodings nym-client uses across
+// versions: text/JSON (the common case) and the native binary protocol.
+func extractMessageB64(frame []byte) (string, bool) {
+ // Text/JSON frame: {"type":"received","message":"<base64>","senderTag":...}
+ if frame[0] == '{' {
+ var msg wsReceived
+ if err := json.Unmarshal(frame, &msg); err != nil || msg.Type != "received" {
+ return "", false
+ }
+ // message is normally a JSON string; tolerate the legacy
+ // {"data":"<base64>"} object shape just in case.
+ var s string
+ if err := json.Unmarshal(msg.Message, &s); err == nil {
+ return s, true
+ }
+ var obj struct {
+ Data string `json:"data"`
+ }
+ if err := json.Unmarshal(msg.Message, &obj); err == nil && obj.Data != "" {
+ return obj.Data, true
+ }
+ return "", false
+ }
+
+ // Binary frame (nym native binary protocol):
+ // 0x01 (Received tag) | senderTag flag(1) | [senderTag 16 bytes] | message
+ // The message bytes are exactly what the sender transmitted — for nymdrop
+ // that is the base64 ASCII string produced by the server.
+ if frame[0] == 0x01 {
+ buf := frame[1:]
+ if len(buf) < 1 {
+ return "", false
+ }
+ hasTag := buf[0]
+ buf = buf[1:]
+ if hasTag == 1 {
+ if len(buf) < 16 {
+ return "", false
+ }
+ buf = buf[16:]
+ }
+ if len(buf) == 0 {
+ return "", false
+ }
+ return string(buf), true
+ }
+
+ return "", false
+}
+
+// ── decryption ────────────────────────────────────────────────────────────────
+
+// decryptMessage decrypts a base64-encoded packet from the relay.
+//
+// Wire format from relay:
+// nonce_hex(32 ASCII chars) + ":" + ephemeral_x25519_pub(32) + iv(12) + ciphertext+tag
+//
+// The nonce prefix is stripped; it exists only to make identical submissions
+// look different on the Nym wire. It is not used in decryption.
+func decryptMessage(dataB64 string, privKey *ecdh.PrivateKey) (string, error) {
+ raw, err := base64.StdEncoding.DecodeString(dataB64)
+ if err != nil {
+ return "", fmt.Errorf("base64: %w", err)
+ }
+
+ // Strip relay nonce prefix: 32 hex chars + ':'
+ const noncePrefix = 32 + 1 // "deadbeef...:" = 33 bytes
+ if len(raw) < noncePrefix+32+12+1 {
+ return "", fmt.Errorf("packet too short (%d bytes)", len(raw))
+ }
+ raw = raw[noncePrefix:]
+
+ // Extract ephemeral public key (32 bytes X25519)
+ ephPubBytes := raw[:32]
+ iv := raw[32:44]
+ ciphertext := raw[44:]
+
+ ephPub, err := ecdh.X25519().NewPublicKey(ephPubBytes)
+ if err != nil {
+ return "", fmt.Errorf("ephemeral pubkey: %w", err)
+ }
+
+ // ECDH
+ sharedSecret, err := privKey.ECDH(ephPub)
+ if err != nil {
+ return "", fmt.Errorf("ecdh: %w", err)
+ }
+ defer zeroBytes(sharedSecret)
+
+ // HKDF-SHA-256
+ aesKey := make([]byte, 32)
+ hkdfR := hkdf.New(sha256.New, sharedSecret, make([]byte, 32), []byte("nymdrop-v1"))
+ if _, err := io.ReadFull(hkdfR, aesKey); err != nil {
+ return "", fmt.Errorf("hkdf: %w", err)
+ }
+ defer zeroBytes(aesKey)
+
+ // AES-GCM-256 decrypt
+ block, err := aes.NewCipher(aesKey)
+ if err != nil {
+ return "", fmt.Errorf("aes: %w", err)
+ }
+ gcm, err := cipher.NewGCM(block)
+ if err != nil {
+ return "", fmt.Errorf("gcm: %w", err)
+ }
+ plaintext, err := gcm.Open(nil, iv, ciphertext, nil)
+ if err != nil {
+ return "", fmt.Errorf("gcm open: %w", err)
+ }
+
+ return string(plaintext), nil
+}
+
+// ── storage ───────────────────────────────────────────────────────────────────
+
+func saveSubmission(outDir, plaintext string) {
+ ts := time.Now().UTC().Format("20060102-150405")
+ path := filepath.Join(outDir, ts+".txt")
+
+ // Avoid collision on rapid submissions.
+ for i := 1; ; i++ {
+ if _, err := os.Stat(path); os.IsNotExist(err) {
+ break
+ }
+ path = filepath.Join(outDir, fmt.Sprintf("%s-%d.txt", ts, i))
+ }
+
+ // Separate embedded files from text body.
+ body := plaintext
+ fileSection := ""
+ if idx := strings.Index(plaintext, "\n---FILE:"); idx != -1 {
+ body = plaintext[:idx]
+ fileSection = plaintext[idx+1:]
+ }
+
+ if err := os.WriteFile(path, []byte(body), 0600); err != nil {
+ fmt.Fprintf(os.Stderr, "save submission: %v\n", err)
+ return
+ }
+ fmt.Printf("\n[%s] New submission → %s\n", ts, path)
+ preview := body
+ if len(preview) > 200 {
+ preview = preview[:200] + "..."
+ }
+ fmt.Printf(" %s\n", strings.ReplaceAll(strings.TrimSpace(preview), "\n", "\n "))
+
+ // Save attached files.
+ if fileSection != "" {
+ saveAttachments(outDir, ts, fileSection)
+ }
+}
+
+func saveAttachments(outDir, ts, fileSection string) {
+ lines := strings.Split(fileSection, "\n")
+ var currentName string
+ var currentData strings.Builder
+
+ flush := func() {
+ if currentName == "" {
+ return
+ }
+ raw, err := base64.StdEncoding.DecodeString(strings.TrimSpace(currentData.String()))
+ if err != nil {
+ fmt.Fprintf(os.Stderr, " attachment decode %q: %v\n", currentName, err)
+ return
+ }
+ safeName := filepath.Base(filepath.Clean(currentName))
+ attPath := filepath.Join(outDir, ts+"-"+safeName)
+ if err := os.WriteFile(attPath, raw, 0600); err != nil {
+ fmt.Fprintf(os.Stderr, " save attachment %q: %v\n", currentName, err)
+ return
+ }
+ fmt.Printf(" attachment → %s (%d bytes)\n", attPath, len(raw))
+ currentName = ""
+ currentData.Reset()
+ }
+
+ for _, line := range lines {
+ if strings.HasPrefix(line, "---FILE:") && strings.HasSuffix(line, "---") {
+ flush()
+ currentName = strings.TrimSuffix(strings.TrimPrefix(line, "---FILE:"), "---")
+ } else if currentName != "" {
+ currentData.WriteString(line)
+ }
+ }
+ flush()
+}
+
+// ── helpers ───────────────────────────────────────────────────────────────────
+
+func zeroBytes(b []byte) {
+ for i := range b {
+ b[i] = 0
+ }
+}
+
+func fatalf(format string, args ...any) {
+ fmt.Fprintf(os.Stderr, "nymdrop-reader: "+format+"\n", args...)
+ os.Exit(1)
+}
diff --git a/cmd/nymdrop-source/main.go b/cmd/nymdrop-source/main.go
new file mode 100644
index 0000000..a9ff0f5
--- /dev/null
+++ b/cmd/nymdrop-source/main.go
@@ -0,0 +1,257 @@
+package main
+
+import (
+ "embed"
+ "fmt"
+ "io"
+ "io/fs"
+ "net"
+ "net/http"
+ "os"
+ "os/exec"
+ "os/signal"
+ "path/filepath"
+ "runtime"
+ "syscall"
+ "time"
+
+ "golang.org/x/net/proxy"
+)
+
+//go:embed bin/nym-socks5-client-linux-amd64
+var nymBin embed.FS
+
+// nymdropProviderAddr is the Nym network requester — set at build time via -ldflags
+var nymdropProviderAddr = "NYMDROP_PROVIDER_ADDR_PLACEHOLDER"
+
+// nymdropInboxAddr is the Nym address of the nymdrop-server SP — set at build time via -ldflags
+var nymdropInboxAddr = "NYMDROP_INBOX_ADDR_PLACEHOLDER"
+
+func main() {
+ // Extract nym-socks5-client binary to temp dir
+ tmpDir, err := os.MkdirTemp("", "nymdrop-*")
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "error: %v\n", err)
+ os.Exit(1)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ nymBinName := "nym-socks5-client"
+ if runtime.GOOS == "windows" {
+ nymBinName += ".exe"
+ }
+ nymBinPath := filepath.Join(tmpDir, nymBinName)
+
+ srcName := "bin/nym-socks5-client-linux-amd64"
+ data, err := fs.ReadFile(nymBin, srcName)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "embedded binary not found: %v\n", err)
+ os.Exit(1)
+ }
+ if err := os.WriteFile(nymBinPath, data, 0700); err != nil {
+ fmt.Fprintf(os.Stderr, "extract binary: %v\n", err)
+ os.Exit(1)
+ }
+
+ // Init nym client config if not already done
+ homeDir, _ := os.UserHomeDir()
+ configDir := filepath.Join(homeDir, ".nymdrop-source")
+ initCmd := exec.Command(nymBinPath, "init", "--id", "nymdrop-source",
+ "--provider", nymdropProviderAddr,
+ "--home", configDir)
+ initCmd.Stdout = os.Stdout
+ initCmd.Stderr = os.Stderr
+ _ = initCmd.Run() // ignore error if already initialised
+
+ // Start nym-socks5-client
+ nymCmd := exec.Command(nymBinPath, "run", "--id", "nymdrop-source",
+ "--home", configDir,
+ "--port", "11080")
+ nymCmd.Stdout = os.Stdout
+ nymCmd.Stderr = os.Stderr
+ if err := nymCmd.Start(); err != nil {
+ fmt.Fprintf(os.Stderr, "nym start: %v\n", err)
+ os.Exit(1)
+ }
+ defer nymCmd.Process.Kill()
+
+ // Wait for SOCKS5 to be ready
+ fmt.Println("Connecting to Nym mixnet...")
+ for i := 0; i < 30; i++ {
+ conn, err := net.DialTimeout("tcp", "127.0.0.1:11080", 300*time.Millisecond)
+ if err == nil {
+ conn.Close()
+ break
+ }
+ time.Sleep(500 * time.Millisecond)
+ }
+
+ // Serve submission form locally
+ mux := http.NewServeMux()
+ mux.HandleFunc("/", serveForm)
+ mux.HandleFunc("/submit", handleSubmit)
+
+ srv := &http.Server{Addr: "127.0.0.1:18080", Handler: mux}
+ go srv.ListenAndServe()
+
+ // Open browser
+ openBrowser("http://127.0.0.1:18080")
+ fmt.Println("NymDrop ready — http://127.0.0.1:18080")
+
+ // Wait for interrupt
+ sig := make(chan os.Signal, 1)
+ signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
+ <-sig
+ fmt.Println("\nShutting down.")
+}
+
+func openBrowser(url string) {
+ switch runtime.GOOS {
+ case "linux":
+ exec.Command("xdg-open", url).Start()
+ case "darwin":
+ exec.Command("open", url).Start()
+ case "windows":
+ exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
+ }
+}
+
+func serveForm(w http.ResponseWriter, r *http.Request) {
+ w.Header().Set("Content-Type", "text/html; charset=utf-8")
+ w.Header().Set("Cache-Control", "no-store")
+ fmt.Fprint(w, submissionForm)
+}
+
+func handleSubmit(w http.ResponseWriter, r *http.Request) {
+ if r.Method != http.MethodPost {
+ http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
+ return
+ }
+ r.Body = http.MaxBytesReader(w, r.Body, 10*1024*1024)
+ defer r.Body.Close()
+
+ payload, err := io.ReadAll(r.Body)
+ if err != nil {
+ http.Error(w, "read error", http.StatusBadRequest)
+ return
+ }
+ defer func() {
+ for i := range payload {
+ payload[i] = 0
+ }
+ }()
+
+ if len(payload) == 0 {
+ http.Error(w, "empty payload", http.StatusBadRequest)
+ return
+ }
+
+ dialer, err := proxy.SOCKS5("tcp", "127.0.0.1:11080", nil, proxy.Direct)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "socks5 dialer: %v\n", err)
+ http.Error(w, "internal error", http.StatusInternalServerError)
+ return
+ }
+
+ conn, err := dialer.Dial("tcp", nymdropInboxAddr)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "nym dial: %v\n", err)
+ http.Error(w, "delivery failed", http.StatusBadGateway)
+ return
+ }
+ defer conn.Close()
+
+ if _, err := conn.Write(payload); err != nil {
+ fmt.Fprintf(os.Stderr, "nym send: %v\n", err)
+ http.Error(w, "delivery failed", http.StatusBadGateway)
+ return
+ }
+
+ w.WriteHeader(http.StatusOK)
+ w.Write([]byte("ok"))
+}
+
+const submissionForm = `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>NymDrop — Secure Submission</title>
+<style>
+*{box-sizing:border-box;margin:0;padding:0}
+body{background:#0d1117;color:#c9d1d9;font-family:'Courier New',monospace;min-height:100vh;display:flex;flex-direction:column;align-items:center;justify-content:center;padding:2rem 1rem}
+.card{background:#161b22;border:1px solid #21262d;border-radius:8px;padding:2.5rem 2rem;width:100%;max-width:580px}
+h1{font-size:1.4rem;color:#e6edf3;letter-spacing:.15em;margin-bottom:.3rem}
+.sub{font-size:.72rem;color:#484f58;margin-bottom:1.5rem}
+.badges{display:flex;gap:.5rem;margin-bottom:1.8rem;flex-wrap:wrap}
+.badge{font-size:.65rem;padding:.2rem .6rem;border-radius:20px;font-weight:bold}
+.bg{background:rgba(0,255,160,.08);color:#00ffa0;border:1px solid rgba(0,255,160,.2)}
+.bb{background:rgba(0,128,255,.08);color:#58a6ff;border:1px solid rgba(0,128,255,.2)}
+.bn{background:rgba(255,255,255,.04);color:#8b949e;border:1px solid #30363d}
+label{display:block;font-size:.72rem;color:#8b949e;margin-bottom:.4rem;text-transform:uppercase;letter-spacing:.08em}
+textarea{width:100%;height:160px;background:#0d1117;border:1px solid #30363d;border-radius:6px;color:#c9d1d9;font-family:'Courier New',monospace;font-size:.88rem;padding:.9rem;resize:vertical;margin-bottom:1.4rem;outline:none}
+textarea:focus{border-color:#00ffa0}
+.fl{margin-bottom:1.8rem}
+.fl-btn{display:inline-block;background:#21262d;border:1px solid #30363d;border-radius:6px;color:#8b949e;font-size:.78rem;padding:.5rem 1rem;cursor:pointer}
+#file{display:none}
+#fn{font-size:.72rem;color:#58a6ff;margin-left:.6rem}
+button{width:100%;background:linear-gradient(135deg,#00ffa0,#0080ff);border:none;border-radius:6px;color:#0d1117;font-family:'Courier New',monospace;font-size:.9rem;font-weight:bold;letter-spacing:.1em;padding:.85rem;cursor:pointer;text-transform:uppercase}
+#st{margin-top:1rem;font-size:.78rem;text-align:center;color:#00ffa0;min-height:1.2rem}
+hr{border:none;border-top:1px solid #21262d;margin:2rem 0 1.2rem}
+.note{font-size:.68rem;color:#3d444d;line-height:1.7}
+</style>
+</head>
+<body>
+<div class="card">
+<h1>⬡ NYMDROP</h1>
+<p class="sub">Anonymous submission — encrypted in your browser, delivered over Nym mixnet.</p>
+<div class="badges">
+<span class="badge bg">END-TO-END ENCRYPTED</span>
+<span class="badge bb">NYM MIXNET</span>
+<span class="badge bn">NO LOGS</span>
+<span class="badge bn">NO METADATA</span>
+</div>
+<form id="f">
+<label for="msg">Message</label>
+<textarea id="msg" placeholder="Write your message here..."></textarea>
+<div class="fl">
+<label>Attachment (optional)</label>
+<label class="fl-btn" for="file">📎 Choose file</label>
+<input type="file" id="file">
+<span id="fn"></span>
+</div>
+<button type="submit">🔒 Submit securely</button>
+</form>
+<div id="st"></div>
+<hr>
+<p class="note">Your submission is encrypted before leaving your device. The server keeps no logs. Once delivered over Nym, no record exists on this server.</p>
+</div>
+<script>
+document.getElementById('file').onchange=function(){document.getElementById('fn').textContent=this.files.length?this.files[0].name:''};
+const PUB='NYMDROP_PUBKEY_PLACEHOLDER';
+async function h2b(h){const b=new Uint8Array(h.length/2);for(let i=0;i<h.length;i+=2)b[i/2]=parseInt(h.substr(i,2),16);return b}
+document.getElementById('f').onsubmit=async function(e){
+e.preventDefault();
+const st=document.getElementById('st');
+st.className='';st.textContent='Encrypting...';
+try{
+let pt=document.getElementById('msg').value;
+const fi=document.getElementById('file');
+if(fi.files.length){const fb=await fi.files[0].arrayBuffer();pt+='\n---FILE:'+fi.files[0].name+'---\n'+btoa(String.fromCharCode(...new Uint8Array(fb)))}
+const sk=await crypto.subtle.importKey('raw',await h2b(PUB),{name:'ECDH',namedCurve:'X25519'},false,[]);
+const ep=await crypto.subtle.generateKey({name:'ECDH',namedCurve:'X25519'},true,['deriveKey','deriveBits']);
+const sb=await crypto.subtle.deriveBits({name:'ECDH',public:sk},ep.privateKey,256);
+const hk=await crypto.subtle.importKey('raw',sb,'HKDF',false,['deriveKey']);
+const ak=await crypto.subtle.deriveKey({name:'HKDF',hash:'SHA-256',salt:new Uint8Array(32),info:new TextEncoder().encode('nymdrop-v1')},hk,{name:'AES-GCM',length:256},false,['encrypt']);
+const iv=crypto.getRandomValues(new Uint8Array(12));
+const ct=await crypto.subtle.encrypt({name:'AES-GCM',iv},ak,new TextEncoder().encode(pt));
+const er=await crypto.subtle.exportKey('raw',ep.publicKey);
+const pkt=new Uint8Array(32+12+ct.byteLength);
+pkt.set(new Uint8Array(er),0);pkt.set(iv,32);pkt.set(new Uint8Array(ct),44);
+const r=await fetch('/submit',{method:'POST',headers:{'Content-Type':'application/octet-stream'},body:pkt});
+if(r.ok){document.getElementById('f').reset();document.getElementById('fn').textContent='';st.textContent='Delivered. No record of this submission exists on the server.'}
+else{st.className='error';st.textContent='Delivery failed. Try again.';}
+}catch(err){st.className='error';st.textContent='Encryption failed: '+err.message}};
+</script>
+</body>
+</html>`
diff --git a/cmd/nymdrop/main.go b/cmd/nymdrop/main.go
new file mode 100644
index 0000000..9119b9c
--- /dev/null
+++ b/cmd/nymdrop/main.go
@@ -0,0 +1,59 @@
+package main
+
+import (
+ "embed"
+ "flag"
+ "log"
+ "net/http"
+ "nymdrop/internal/handler"
+ "nymdrop/internal/nolog"
+ "nymdrop/internal/nym"
+ "nymdrop/internal/relay"
+)
+
+//go:embed bin/nym-client-linux-amd64
+var nymBin embed.FS
+
+func main() {
+ listen := flag.String("listen", ":8080", "address to listen on")
+ tlsCert := flag.String("tls-cert", "", "TLS certificate path (optional)")
+ tlsKey := flag.String("tls-key", "", "TLS key path (optional)")
+ journalistAddr := flag.String("journalist", "", "journalist Nym address (required)")
+ staticDir := flag.String("static", "./static", "path to static files")
+ dryRun := flag.Bool("dry-run", false, "skip Nym, log payloads to stdout (testing only)")
+ flag.Parse()
+
+ if *journalistAddr == "" {
+ log.Fatal("--journalist is required")
+ }
+
+ var nymClient *nym.Client
+ if *dryRun {
+ nymClient = nym.NewDryRun(*journalistAddr)
+ } else {
+ nymClient = nym.New(*journalistAddr, nymBin)
+ }
+ if err := nymClient.Start(); err != nil {
+ log.Fatalf("nym client: %v", err)
+ }
+ defer nymClient.Stop()
+
+ r := relay.New(nymClient)
+
+ mux := http.NewServeMux()
+ mux.Handle("/submit", handler.NewSubmit(r))
+ mux.Handle("/", handler.Static(*staticDir))
+
+ srv := &http.Server{
+ Addr: *listen,
+ Handler: nolog.Middleware(mux),
+ }
+
+ if *tlsCert != "" && *tlsKey != "" {
+ log.Printf("nymdrop listening on %s (TLS)", *listen)
+ log.Fatal(srv.ListenAndServeTLS(*tlsCert, *tlsKey))
+ } else {
+ log.Printf("nymdrop listening on %s (plain HTTP — use TLS in production)", *listen)
+ log.Fatal(srv.ListenAndServe())
+ }
+}