{"id":19264919,"url":"https://github.com/merlos/openme","last_synced_at":"2026-04-01T18:56:56.417Z","repository":{"id":181445053,"uuid":"666646894","full_name":"merlos/openme","owner":"merlos","description":"Open your firewall with a single encrypted packet. Nothing else is ever visible.","archived":false,"fork":false,"pushed_at":"2026-03-18T03:56:44.000Z","size":636,"stargazers_count":5,"open_issues_count":4,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-18T09:28:40.263Z","etag":null,"topics":["android","apple-watch","iphone","linux","macos","single-packet-authorization","windows"],"latest_commit_sha":null,"homepage":"https://openme.merlos.org","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/merlos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security/index.qmd","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-15T05:25:34.000Z","updated_at":"2026-03-18T03:56:47.000Z","dependencies_parsed_at":"2026-02-28T15:03:14.773Z","dependency_job_id":null,"html_url":"https://github.com/merlos/openme","commit_stats":null,"previous_names":["merlos/openme"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/merlos/openme","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlos%2Fopenme","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlos%2Fopenme/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlos%2Fopenme/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlos%2Fopenme/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/merlos","download_url":"https://codeload.github.com/merlos/openme/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlos%2Fopenme/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","apple-watch","iphone","linux","macos","single-packet-authorization","windows"],"created_at":"2024-11-09T19:42:49.009Z","updated_at":"2026-04-01T18:56:56.411Z","avatar_url":"https://github.com/merlos.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"# openme\n\n\u003e Open your firewall with a single encrypted packet. Nothing else is ever visible.\n\nopenme is a **Single Packet Authentication (SPA)** tool. To a port scanner, every port is always closed. Only clients holding a valid Ed25519 key can send a knock that temporarily opens a firewall rule — and the knock itself looks like random noise on the wire.\n\n```\nClient                              Server (port always CLOSED to scanners)\n  │                                     │\n  │──── 165 bytes of encrypted UDP ────\u003e│  verify signature\n  │                                     │  decrypt payload\n  │                                     │  open firewall rule for 30s\n  │\u003c══════════ SSH / HTTPS / etc. ══════│\n```\n\n---\n\n## Repository Layout\n\n```\nopenme/\n├── cli/          Go server daemon + cross-platform CLI\n├── apple/\n│   ├── OpenMeKit/      Swift package — shared SPA client library (iOS, macOS, watchOS)\n│   ├── openme-ios/     iOS app (SwiftUI, Profiles, QR/YAML import, knock widget)\n│   ├── openme-macos/   macOS app (SwiftUI menu-bar, Profiles, AppleScript post-knock)\n│   ├── openme-watch/   watchOS app (WatchConnectivity sync from iPhone)\n│   ├── openme-widget/  iOS/macOS WidgetKit widget (one-tap knock from home screen)\n│   └── openme.xcworkspace/\n├── android/\n│   ├── openmekit/      Kotlin library — SPA protocol, profile storage, YAML/QR import\n│   └── app/            Android app (Jetpack Compose, Material 3)\n├── windows/\n│   ├── OpenMeKit/      .NET client library (Kotlin-equivalent)\n│   ├── openme-windows/ WPF system-tray application\n│   └── OpenMeKit.Tests/\n├── c/\n│   └── openmelib/  Pure C99 SPA client library (ESP32, Arduino, Linux, macOS, Windows)\n├── docs/         Quarto documentation site   → openme.merlos.org/docs/\n└── website/      Marketing landing page      → openme.merlos.org\n```\n\n---\n\n## Getting Started with the CLI\n\n### Install\n\n```bash\n# Build from source (requires Go 1.21+)\ngit clone https://github.com/merlos/openme\ncd openme/cli\ngo mod download\ngo build -o openme ./cmd/openme\nsudo mv openme /usr/local/bin/\n```\n\nPre-built binaries for Linux, macOS and Windows are available on the [Releases](https://github.com/merlos/openme/releases) page.\n\n### Server setup\n\n```bash\n# 1. Initialise — generates keys and writes /etc/openme/config.yaml\nsudo openme init --server myserver.example.com\n\n# 2. Register a client\nsudo openme add alice\n\n# 3. Start the server\nsudo openme serve\n```\n\n`openme add alice` prints a ready-to-use client config block and an optional QR code. Copy it to `~/.openme/config.yaml` on the client machine.\n\n### Client usage\n\n```bash\n# Check the server is reachable\nopenme status\n\n# Send a knock (opens firewall for your source IP)\nopenme knock\n\n# Knock a named profile, then SSH automatically\nopenme knock home\n\n# Knock to open for a specific IP instead of your source IP\nopenme knock --ip 10.0.0.5\n```\n\nSee [cli/README.md](cli/README.md) for the full CLI reference, configuration options, and cross-compilation instructions.\n\n---\n\n## Documentation\n\nThe full documentation is published at **[openme.merlos.org/docs](https://openme.merlos.org/docs)**.\n\n| Section | Description |\n|---------|-------------|\n| [Protocol](https://openme.merlos.org/docs/protocol/) | Wire format, cryptographic design, security properties |\n| [Getting Started](https://openme.merlos.org/docs/getting-started/) | Step-by-step server and client setup |\n| [Configuration](https://openme.merlos.org/docs/configuration/) | All config options for server and client |\n| [Security Model](https://openme.merlos.org/docs/security/) | Threat model, what is and isn't protected |\n| [FAQ](https://openme.merlos.org/docs/faq/) | Common questions |\n| [For Developers](https://openme.merlos.org/docs/developer/) | Documentation For developers |\n\nTo build and preview the docs locally:\n\n```bash\ncd docs\nquarto preview\n```\n\n---\n\n## Platform Status\n\n| Platform | Status | Notes |\n|----------|--------|-------|\n| Linux (CLI + server) | ✅ Active | iptables \u0026 nftables |\n| macOS (CLI client) | ✅ Active | Cross-compiled from Go |\n| Windows (CLI client) | ✅ Active | Cross-compiled from Go |\n| Windows GUI | ✅ Active | WPF system-tray app (.NET 8) |\n| macOS GUI | ✅ Active | SwiftUI menu bar app |\n| Android | ✅ Active | Jetpack Compose app |\n| iOS | ✅ Active | SwiftUI app (iPhone/iPad) |\n\n---\n\n## Contributing\n\nEach platform has its own subdirectory, build toolchain and README. Start with the directory most relevant to what you want to work on. All cryptographic protocol changes should be discussed in an issue first.\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmerlos%2Fopenme","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmerlos%2Fopenme","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmerlos%2Fopenme/lists"}