Secure messaging and username management
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

EveryBit Logo

EveryBit's powerful API gives your web application fully secure encrypted messaging and user management with just a few lines of code.

Currently if you want to provide users with private messaging and file sending you have to rely on external services like Facebook, or build your own system. The same goes for managing usernames and passwords. This means you have to rely on a third party to manage your user's sensitive data. With EveryBit, all private data is encrypted on the client side before sending over the network. For a technical description of our encryption procedures, see the section Crypto. Only your users and their intended recipients can view the original, unencrypted content being sent. No "back door" exists to get in and view the unencrypted content.


We do our development on the develop branch, and only pull to master for our semantically versioned releases.


Setup Instructions

git clone
npm install

Contributors' guide

If you want to contribute to the codebase here at github, please check the issues and/or post a question here before making any changes. This will help avoid duplicate efforts. Happy coding :-)

Please don't edit files on the Master repository. Create a Branch or a Fork. This will help avoid collisions and prevent defects from being introduced from merges and pull requests.

Feature requests, questions, bugs:

License: MIT


Say Alice wants to send a letter to Bob and Charlie, but she doesn't trust the mailman.

Alice creates a fully-formed puff (our data protocol) and converts it into a JSON string (aka the letter). Alice then generates a random 256-bit AES key (aka the message key) and uses it to encrypt the letter content.

She then uses her private ECC key and Bob's public ECC key to generate a shared secret using ECDH. A 256-bit AES key is generated by taking a SHA256 hash of the shared secret. This AES key is used to encrypt the message key, so that Bob can later decrypt the message key and then decrypt the message.

Alice repeats the message key encryption procedure for Charlie, then packages the message and the encrypted keys into a new puff (aka the envelope).

If Alice desires a higher level of privacy she can create a one-time-use anonymous user and have that anonymous user create the envelope instead of doing it herself. Then the letter inside is still signed using her private key via ECDSA, so Bob and Charlie can tell it's actually from Alice once they've decrypted the letter, but the envelope itself has no features which point back to her.

She can also create a second anonymous user as a reply-to address, to prevent information from leaking via the reply chain.