I built this to learn how encrypted messaging actually works.
You know how Signal and WhatsApp say "end-to-end encrypted"? I always wondered what that actually means. Where does encryption happen? What does the server see? Can the company read my messages?
So I built Kavro to figure it out.
The server never sees your messages. Heres the flow:
- You generate a keypair on your device
- You upload only the public key to server
- When you message someone, you encrypt it with their public key
- Server just stores the encrypted blob
- Recipient decrypts with their private key
Server literally cant read messages even if it wanted to. Thats the whole point.
git clone https://github.com/ashishkrshaw/kavro.git
cd kavro
cp .env.docker.example .env
docker-compose up -d
Open http://localhost:8000/docs
- POST /api/v1/auth/register
- POST /api/v1/auth/login
- POST /api/v1/keys/publish
- GET /api/v1/keys/{user_id}
- POST /api/v1/messages/
- GET /api/v1/messages/inbox
Check client/demo_client.py for working example. See docs/FRONTEND_INTEGRATION.md for how to connect any frontend.
Python, FastAPI, PostgreSQL, Redis, NaCl
25 tests passing. CI with GitHub Actions.
curl -O https://raw.githubusercontent.com/ashishkrshaw/kavro/main/deploy-ec2.sh
sudo ./deploy-ec2.sh
Ashish Kumar Shaw github.com/ashishkrshaw