{"id":47667213,"url":"https://github.com/caaatto/rede","last_synced_at":"2026-06-09T22:00:42.832Z","repository":{"id":346669599,"uuid":"1189944668","full_name":"caaatto/rede","owner":"caaatto","description":"Secure anonymous E2EE messenger -- Avalonia desktop GUI, X3DH + Double Ratchet, sealed sender, E2EE voice calls, I2P/Tor/WSS transport","archived":false,"fork":false,"pushed_at":"2026-06-06T16:19:38.000Z","size":1354,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-06T16:21:47.020Z","etag":null,"topics":["anonymous","avalonia","chat","csharp","desktop-app","dotnet","double-ratchet","e2ee","end-to-end-encryption","i2p","messenger","privacy","sealed-sender","secure-messaging","signal-protocol","srtp","tor","voice-call","websocket","x3dh"],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/caaatto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-23T20:24:55.000Z","updated_at":"2026-06-06T16:19:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"d2a8ac49-c881-4329-9f01-08ad094c109e","html_url":"https://github.com/caaatto/rede","commit_stats":null,"previous_names":["caaatto/rede"],"tags_count":109,"template":false,"template_full_name":null,"purl":"pkg:github/caaatto/rede","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caaatto%2Frede","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caaatto%2Frede/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caaatto%2Frede/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caaatto%2Frede/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/caaatto","download_url":"https://codeload.github.com/caaatto/rede/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caaatto%2Frede/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34127345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymous","avalonia","chat","csharp","desktop-app","dotnet","double-ratchet","e2ee","end-to-end-encryption","i2p","messenger","privacy","sealed-sender","secure-messaging","signal-protocol","srtp","tor","voice-call","websocket","x3dh"],"created_at":"2026-04-02T12:01:26.564Z","updated_at":"2026-06-09T22:00:42.810Z","avatar_url":"https://github.com/caaatto.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rede\n\nRede is an end-to-end encrypted messenger.\nNo phone number. No email. No metadata. Just keys.\n\nAll messages are encrypted on your device and decrypted on the recipient's\ndevice. The server never sees plaintext, never knows who is talking to whom,\nand stores nothing it doesn't have to.\n\n\n## download\n\nGrab the latest release for your platform:\n\n**[Download for Linux / Windows](https://github.com/caaatto/rede/releases)**\n\nNo runtime or SDK required - the app is fully self-contained and\nauto-updates when a new version is published.\n\n\n## linux installation\n\n**Quick start** - download and run:\n```bash\nchmod +x REDE\n./REDE\n```\n\n**AppImage** - portable, double-click to run, no install needed. Grab\n`REDE-x86_64.AppImage` from the release:\n```bash\nchmod +x REDE-x86_64.AppImage\n./REDE-x86_64.AppImage\n```\nIt integrates into your app menu on first run and auto-updates itself in place.\n\n**System-wide install** (optional):\n```bash\nsudo cp REDE /usr/local/bin/REDE\nsudo chmod 755 /usr/local/bin/REDE\n```\n\n**Install script** (recommended) - one command does everything: installs all\nsystem dependencies (GUI, voice, hardware-key support) via your package manager\n(apt/dnf/pacman/zypper), downloads the latest prebuilt binary, **verifies its\nEd25519 signature**, and registers a `rede` launcher, app icon and `.desktop`\nentry. No SDK or build step:\n```bash\ncurl -sSL https://raw.githubusercontent.com/caaatto/rede/main/scripts/install.sh | bash\n```\nThe dependency step needs `sudo` (you'll be prompted). `REDE` itself installs\nto `~/.local/bin` — user-writable, so the app **auto-updates itself in place,\nexactly like the Windows build**, with no further package-manager involvement.\nRe-run any time to repair the install. Flags:\n\n| Flag | Effect |\n|---|---|\n| `--no-deps` | skip the system-dependency step |\n| `--with-tor` / `--with-i2p` | also install the Tor / i2pd daemon for anonymous transport |\n| `--uninstall` | remove the app (keeps your profile and system packages) |\n| `--no-verify` | skip the signature check (not recommended) |\n\nWhen piped, pass flags after `-s --`, e.g.\n`curl -sSL … | bash -s -- --with-tor`.\n\nIf `~/.local/bin` is not in your `PATH`, add it:\n```bash\nexport PATH=\"$HOME/.local/bin:$PATH\"\n```\nTo build from source instead (requires the .NET 8 SDK + git), use\n`scripts/install-from-source.sh`.\n\n**Desktop entry** - if you placed the binary manually and want an app\nlauncher, create `~/.local/share/applications/rede.desktop`:\n```ini\n[Desktop Entry]\nName=REDE\nGenericName=Secure Messenger\nComment=Secure, anonymous E2EE messenger\nExec=/path/to/REDE\nIcon=rede\nTerminal=false\nType=Application\nCategories=Network;Chat;InstantMessaging;\n```\n\n**Windows:**\nDouble-click `REDE.exe`.\n\n\n## updating\n\nRede updates itself - you never re-clone, re-run the installer, or `git pull`.\n\n1. On launch, the app checks GitHub for a newer release.\n2. If one exists, the login screen shows **\"Update available: vX.Y.Z - click to install\"**.\n3. Click it. Rede downloads the new build, **verifies its Ed25519 signature and\n   checksum**, and swaps the binary in place.\n4. Restart the app. Done.\n\nNo package manager, and no `sudo` when installed to `~/.local/bin` (the installer's\ndefault) - exactly like the Windows build, which swaps `REDE.exe`. The AppImage\nupdates itself the same way.\n\nThe `curl | … | bash` installer is a one-time bootstrap. The only reason to run it\nagain is if a future release needs a brand-new system library - the self-updater\nswaps only the app binary, not its OS dependencies.\n\n\n## features\n\n- **End-to-end encryption** - PQXDH (X25519 + ML-KEM-768 hybrid post-quantum) + Double Ratchet, XSalsa20-Poly1305. Quantum-resistant against \"harvest now, decrypt later\" attacks.\n- **Sealed sender** - the server can't see who sent a message\n- **Groups** - Sender Keys for group PFS, Ed25519 signed\n- **Places** - Discord-like servers with channels, customizable profile (icon, accent color). All metadata is E2EE\n- **Voice calls** - E2EE audio via SRTP (AES-128-CM + HMAC-SHA1-80), Opus 96kbps, RNNoise suppression, AGC, echo cancellation\n- **Group calls** - LiveKit SFU for Places/Groups, E2EE via SFrame (key never leaves client), up to 25 participants, 1080p60 video\n- **Profile customization** - accent colors, avatar images (PNG/GIF/JPEG), shared with contacts\n- **Multi-device** - each device has its own keys, messages delivered to all devices\n- **Hardware security keys (FIDO2)** - require a physical key (Thetis, YubiKey, etc.) plus your passphrase to unlock your profile, with optional server-side 2FA. Multiple keys + recovery code supported\n- **Anonymous transport** - connect via I2P or Tor to hide your IP from the server\n- **Message padding** - fixed-size buckets prevent traffic analysis\n- **Self-destructing messages** - TTL-based auto-delete\n- **No tracking** - no phone number, no email, no analytics, no ads\n\n\n## getting started\n\n1. Download and launch Rede\n2. Choose a display name and a strong passphrase (min 12 characters)\n3. Enter the server address and an invite code from the server admin\n4. Click **Register**\n\nYour user ID will be `displayname#tag` (e.g. `alice#a3f1`).\nThe passphrase encrypts your profile locally - there is no recovery if you lose it.\n\n\n## transport options\n\nRede supports three connection modes. Select your transport on the login screen.\n\n| Transport | Latency | IP hidden | How |\n|---|---|---|---|\n| Direct (WSS) | ~50-100ms | No | Connect via `wss://` |\n| I2P | ~500-2000ms | Yes | Garlic routed via i2pd |\n| Tor | ~300-1000ms | Yes | Onion routed via Tor |\n\nYour messages are always E2EE regardless of transport.\nOther users never see your IP in any mode.\n\nFor I2P or Tor, you need the respective daemon running locally.\nThe desktop client picks up proxy settings from the `.env` file or\nenvironment variables:\n\n```\nREDE_SERVER=ws://address.i2p\nREDE_TRANSPORT=i2p\nREDE_I2P_PROXY=socks5h://127.0.0.1:4447\nREDE_TOR_PROXY=socks5h://127.0.0.1:9050\n```\n\n\n## commands\n\nType these in the message input box.\n\n```\n/add \u003cuser#id\u003e              add a contact\n/remove \u003cuser#id\u003e           delete a contact\n/confirm \u003cuser#id\u003e          accept a key change\n/fingerprint [user]         show identity fingerprint\n/group \u003cname\u003e               create a group\n/ginvite \u003cgroup\u003e \u003cuser\u003e     invite someone to a group\n/kick \u003cgroup\u003e \u003cuser\u003e        remove someone from a group\n/rekey \u003cgroup\u003e              rotate the group key\n/place \u003cname\u003e               create a place (server with channels)\n/pchannel \u003cplace\u003e \u003cname\u003e    add a channel to a place\n/pinvite \u003cplace\u003e \u003cuser\u003e     invite someone to a place\n/pkick \u003cplace\u003e \u003cuser\u003e       remove someone from a place\n/pleave \u003cplace\u003e             leave a place\n/prekey \u003cplace\u003e             rotate the place metadata key\n/ttl \u003cdays\u003e                 auto-delete messages after N days (0 = off)\n/call \u003cuser#id\u003e             start a 1:1 voice call\n/call                       start a group call in the current place/group\n/hangup                     end the call\n/mute                       toggle microphone\n/link                       generate a device link code\n/devices                    show linked devices\n/settings                   open settings\n/help                       show help\n```\n\n**Keyboard shortcuts:**\n```\nEnter ......... send message\nEscape ........ toggle sidebar\nCtrl+Q ........ quit\n```\n\nRight-click contacts to invite them to groups/places, view fingerprints, or delete.\nRight-click groups and places for management options (invite, kick, rotate key).\n\n\n## voice calls\n\nAudio is encrypted with SRTP at 96kbps Opus (above Discord standard).\nThe call transport matches your connection - if you're on I2P, your call\nis anonymous. SRTP keys are exchanged over your existing Double Ratchet\nsession, so the server never has access to audio.\n\nCalls appear as an overlay in the chat area with accept/decline, mute, and\nhang up controls.\n\n**Group calls** (Places/Groups) use a LiveKit SFU for media routing, but\naudio and video are still end-to-end encrypted with SFrame. The SFrame key\nis derived from the Place's metadata key (or Group's shared key) via HKDF\nwith domain separation - neither the Rede server nor the LiveKit SFU ever\nsee it. Up to 25 participants per call, 1080p60 video, Opus audio.\n\n\n## places\n\nPlaces work like Discord servers - a place has channels, members, and roles.\nUnlike Discord, all metadata (names, topics, icons, colors) is end-to-end\nencrypted. The server only sees opaque IDs.\n\nEach place has its own profile - accent color and icon - visible in the\nsidebar. Right-click a place to manage members, channels, keys, and the\nplace profile. Only the creator can edit the profile, kick members, or\ndelete channels.\n\n\n## profile\n\nCustomize your profile in Settings:\n- **Accent color** - 12 preset colors, visible to your contacts in chat\n- **Avatar** - upload a PNG, JPEG, or GIF (max 256KB)\n\nChanges are previewed locally. Click **Apply** to save and share with contacts.\nProfile updates ride on the regular chat channel: an avatar/accent edit is\nbroadcast to all contacts on apply, and lazily re-synced via the next chat\nmessage in either direction whenever the broadcast missed an offline peer.\n\n\n## multi-device\n\nLink additional devices to receive messages on all of them.\n\n1. On your existing device: `/link` (generates a code, valid for 5 minutes)\n2. On the new device: enter the link code during setup\n\nEach device has its own cryptographic identity.\n\n\n## security keys (FIDO2)\n\nOptionally require a physical FIDO2/WebAuthn security key (Thetis, YubiKey, etc.)\nto unlock your profile. Enroll one under **Settings → Security → Security Keys**.\n\nOnce enrolled, your profile can only be opened with **your passphrase plus the\nhardware key** - a stolen laptop and a cracked passphrase are no longer enough.\nHow it works:\n\n- A random Profile Master Secret is mixed into your profile's encryption key.\n  It is never stored in the clear - only wrapped by the key's `hmac-secret`\n  output (and by a recovery code). Passphrase alone can no longer decrypt.\n- **Multiple keys** can be enrolled (a main key + a backup), and a one-time\n  **recovery code** is generated so you are never locked out if a key is lost.\n- **Server-side 2FA** (optional): the same key also gates login at the server,\n  so your account can't be used from another machine even with your identity keys.\n- **Platforms**: Windows uses the built-in WebAuthn API (no extra install);\n  Linux uses `libfido2` (`sudo apt install libfido2-1`).\n\nProfiles without an enrolled key are unchanged - this is fully opt-in.\n\n\n## privacy\n\n```\nmessage content ........... never visible to server (E2EE)\nsender identity ........... hidden (sealed sender)\nrecipient identity ........ visible (server must route)\nmessage size .............. hidden (fixed-size padding)\ngroup/place membership .... visible (server manages roster)\nchannel names/place profile  hidden (E2EE metadata)\nvoice audio ............... never visible (SRTP, blind relay)\ngroup call media .......... never visible (SFrame, SFU blind forward)\ncall participants ......... visible (server routes signaling)\nyour IP address ........... hidden with I2P/Tor, visible with direct WSS\n```\n\nYour profile (keys, contacts, chat history) is stored locally in `~/.rede/`,\nencrypted with your passphrase using scrypt + NaCl secretbox.\nThere is no recovery mechanism - do not lose your passphrase.\n\n\n## security\n\n- Post-quantum hybrid handshake: PQXDH (X25519 + ML-KEM-768) per Signal spec — defends against \"harvest now, decrypt later\" attacks even if quantum computers break X25519\n- Forward secrecy: past messages stay safe if current keys are compromised\n- Post-compromise security: new key exchange heals after compromise\n- TOFU pinning: server certificate and signing key pinned on first contact\n- Backward-compatible PQ fallback: peers without PQ keys still get classical X3DH (security regression flagged in logs)\n- Server signatures: all server responses signed with Ed25519\n- Voice E2EE: SRTP keys never leave the Double Ratchet session (inherits PQ protection from session bootstrap)\n- Optional hardware second factor: FIDO2 security key (`hmac-secret`) bound into the at-rest profile key, with optional server-side WebAuthn 2FA\n\n\n## license\n\nAGPL-3.0 -- see [LICENSE](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaaatto%2Frede","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaaatto%2Frede","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaaatto%2Frede/lists"}