Built on the Noise protocol with modern cryptographic frameworks ensuring end-to-end security.
Optimized for speed and efficiency with minimal overhead and maximum throughput.
Fully open source with constant improvements and community-driven development.
At server startup, a PSK* is generated for communications that use this mode, with the goal of preventing Man-in-the-Middle (MITM) attacks. This PSK is derived from a seed built by concatenating a randomly generated server_id and two strings hardcoded in the server (only one of which is known to the client). A salt is also used to introduce variation and strengthen the derivation. In the project, around one hundred salt values are hardcoded into a shared array between the server and the client. The value is selected using a salt_index, which is another random integer generated at server startup. The final PSK is then derived from this seed and salt using PBKDF2, iterated N times (10,000 by default, but this can be changed).
⚠️ Warning: it is your responsibility to change the hardcoded security values such as the salt array and the two strings if you plan to use this system in production. Otherwise, you expose yourself to PSK reversal and thus to MITM attacks, even if the traffic is encrypted using the Noise functions.
When the client starts, it initiates a first connection using the XX pattern of the Noise protocol. In this mode, neither the client nor the server possesses the other party’s public key — which is expected, as it is the first connection between them. Additionally, this initial exchange does not use a pre-shared key (PSK), since the client cannot know the PSK at this stage.Upon receiving this connection, the server inspects the Noise pattern and identifies that it is an XX handshake. Based on the curve specified in the JSON payload sent by the client (either Curve25519 or Curve448), the server proceeds accordingly.
The server then sends all the data the client needs to establish a secure connection. This includes the random values generated at server startup (the server_id and salt_index), as well as a hardcoded string known only to the server. The server’s public key, stored in a .pub file, is also transmitted. After this initial exchange, the server closes the connection, as only one handshake is allowed in the Noise_XX pattern. The client then uses the received information to locally generate the same PSK using the previously described method. A new session is initiated using Noise_NK (since the client now has the server’s public key), allowing secure ongoing communication. Messages are exchanged in JSON format, each containing an endpoint key (indicating which endpoint is being called) and a content field (representing the data sent for processing).