A fast, modern and secure data transfer system

Built on top of the Noise protocol with modern cryptographic frameworks. Open source, constantly improved, and designed for the future.

About Jossnet

Secured

Built on the Noise protocol with modern cryptographic frameworks ensuring end-to-end security.

Fast

Optimized for speed and efficiency with minimal overhead and maximum throughput.

Open source

Fully open source with constant improvements and community-driven development.

Documentation

Jossnet Core Quick Start

MacOSLinux

Get started quickly with Jossnet Core, the modern secure data transfer system.

Jossnet Core Setup

Learn how to set up and configure the Jossnet Core environment on your system.

Technical overview

Understand the secure connection process between Jossnet client and server

Step 1 – Server startup

At server startup, a PSK* is generated for communications that use this mode, with the goal of preventing Man-in-the-Middle (MITM) attacks. This PSK is derived from a seed built by concatenating a randomly generated server_id and two strings hardcoded in the server (only one of which is known to the client). A salt is also used to introduce variation and strengthen the derivation. In the project, around one hundred salt values are hardcoded into a shared array between the server and the client. The value is selected using a salt_index, which is another random integer generated at server startup. The final PSK is then derived from this seed and salt using PBKDF2, iterated N times (10,000 by default, but this can be changed).

⚠️ Warning: it is your responsibility to change the hardcoded security values such as the salt array and the two strings if you plan to use this system in production. Otherwise, you expose yourself to PSK reversal and thus to MITM attacks, even if the traffic is encrypted using the Noise functions.

Step 2 – Initial Connection

Step 1: Client connects to Jossnet server

When the client starts, it initiates a first connection using the XX pattern of the Noise protocol. In this mode, neither the client nor the server possesses the other party’s public key — which is expected, as it is the first connection between them. Additionally, this initial exchange does not use a pre-shared key (PSK), since the client cannot know the PSK at this stage.Upon receiving this connection, the server inspects the Noise pattern and identifies that it is an XX handshake. Based on the curve specified in the JSON payload sent by the client (either Curve25519 or Curve448), the server proceeds accordingly.

Step 3 – Server response

The server then sends all the data the client needs to establish a secure connection. This includes the random values generated at server startup (the server_id and salt_index), as well as a hardcoded string known only to the server. The server’s public key, stored in a .pub file, is also transmitted. After this initial exchange, the server closes the connection, as only one handshake is allowed in the Noise_XX pattern. The client then uses the received information to locally generate the same PSK using the previously described method. A new session is initiated using Noise_NK (since the client now has the server’s public key), allowing secure ongoing communication. Messages are exchanged in JSON format, each containing an endpoint key (indicating which endpoint is being called) and a content field (representing the data sent for processing).