AESend

Overview

AESend is an end-to-end encrypted messaging platform. There are no accounts or passwords — just cryptographic keys. You register a username and generate an RSA key pair in your browser. Your public key is uploaded to the server; your private key never leaves your device. Anyone can send you encrypted messages that only you can read.

Architecture

All cryptography is performed client-side via the Web Crypto API. AESend uses a hybrid encryption scheme: each message is encrypted with a fresh symmetric key, which is itself encrypted under the recipient’s public key.

Let $(pk, sk)$ denote the recipient’s 4096-bit RSA-OAEP public key, secret key pair. To send a message $m$ , the sender’s browser:

Fetches $pk$ from the server.
Samples a fresh key $k \in \{0,1\}^{256}$ and initialization vector $iv \in \{0,1\}^{96}$ .
Finds $c = \texttt{AES-256-GCM}.\texttt{Enc}(k,\; iv,\; m)$ .
Computes $w = \texttt{RSA-OAEP}.\texttt{Wrap}(pk,\; k)$ .

The tuple $(c, w, iv)$ is sent to the server. Since GCM provides authenticated encryption, $c$ guarantees both confidentiality and integrity of $m$ . Without $sk$ , none of the transmitted values reveal anything about the plaintext.

To decrypt, the recipient computes:

$k = \texttt{RSA-OAEP}.\texttt{Unwrap}(sk,\; w)$
$m = \texttt{AES-256-GCM}.\texttt{Dec}(k,\; iv,\; c)$

The private key $sk$ never leaves the recipient’s device. The server stores only opaque ciphertext.

Stack: Web Crypto API $\cdot$ FastAPI $\cdot$ SQLite