Mute — secure messaging
Go Other
Failed to load latest commit information.
cipher use verb %q instead of %s where appropriate Jan 12, 2016
cmd use verb %q instead of %s where appropriate Jan 12, 2016
configclient no upper-case characters after ':' in errors Jan 4, 2016
contrib/mutt rename mutectrl option --msgid to --msgnum Jan 8, 2016
cryptengine use verb %q instead of %s where appropriate Jan 12, 2016
ctrlengine add login page for `mutectrl app` Feb 28, 2016
def version: bump Jan 4, 2016
doc doc: fix typo Feb 19, 2016
encdb encdb: fix documentation Jan 6, 2016
encode add copyright header Sep 27, 2015
gui gui: remove trailing white spaces Feb 28, 2016
keydb use verb %q instead of %s where appropriate Jan 12, 2016
keyserver hashchain: define length constants Dec 3, 2015
log use verb %q instead of %s where appropriate Jan 12, 2016
mix no upper-case characters after ':' in errors Jan 4, 2016
msg gofmt -s Jan 17, 2016
msgdb use verb %q instead of %s where appropriate Jan 12, 2016
protoengine protoengine: fix typo in logging message Jan 6, 2016
release Revert "release: call mutegenerate.exe on windows" Nov 17, 2015
serviceguard no upper-case characters after ':' in errors Jan 4, 2016
uid use verb %q instead of %s where appropriate Jan 12, 2016
util browser: improve documentation Feb 28, 2016
vendor vendor: update Feb 28, 2016
.gitignore doc: add architecture overview Sep 26, 2015
.travis.yml remove -v flag Feb 3, 2016
LICENSE add LICENSE Sep 26, 2015
Makefile fix test target Feb 3, 2016 add license badge Feb 3, 2016 add script Sep 26, 2015

Mute — secure messaging — α release GoDoc Build Status License

This is an alpha release of Mute — use at your own risk! There are known bugs, all sorts of things might go wrong, and you might not be able to keep registered user IDs. At the moment, you can only play with the command-line interface mutectrl, a graphical user interface will be released at a later stage.


  • End-to-end encryption.
  • Communication with forward secrecy (keys required to decrypt past messages are frequently replaced and destroyed).
  • Establish forward secret communication with first message (no synchronous two-way handshake).
  • Asynchronous communication between peers.
  • Authenticity of the identity-key relationship is established and preserved.
  • Human-readable/human-memorizable identities.
  • Communication with established standards where possible (e.g., using SMTP as the transport protocol).
  • Sending messages and changing the state of one's own identity requires payment by the user to both finance the system and to limit SPAM.
  • Better-than-nothing anonymity: mixing/delaying of messages to prevent simple discovery of sender-recipient relationship by third party passive observer.
  • Both sender and recipient anonymity.
  • Plausible deniability of message content and some deniability of communication relationship.


At the moment, only installation from source is supported. You must have at least Go 1.5 installed (with GOPATH set accordingly and $GOPATH/bin being part of your PATH). The environment variable GO15VENDOREXPERIMENT must be set to 1, to make sure that Mute uses the external dependencies from the vendor/ directory.

To install mutectrl execute the following three commands:

go get -u -v
go generate -v
go get -u -v


Before you can start using mutectrl you have to create your encrypted database files with a passphrase. The following command does just that (and reads the passphrase from stdin):

mutectrl --passphrase-fd stdin db create

This also fetches the necessary configuration settings from our config server and prints your WALLETPUBKEY (you can always print your wallet key with mutectrl wallet pubkey).

To be able to use Mute we have to charge your wallet. For now, this is absolutely free of charge. Just send an email to with your wallet pubkey. The payment tokens you receive are fully blinded before they are used to pay for Mute services, there is no way for us to connect the used tokens to your wallet pubkey!

Example usage

For the following commands you either have to enter your passphrase every time:

exec 3<`tty`; mutectrl ...

Or you can use the interactive mode described below.

To be able to send and receive messages you have to create a unique user ID (UID) for the domain first:

mutectrl uid new --id

To be able to write somebody, you have to add him as a contact first:

mutectrl contact add --id --contact

This automatically fetches all the necessary key material.

Now you can add a message to your friend to the outqueue (without actually sending it)

mutectrl msg add --from --to --file msg.txt

Then send (all) messages from the outqueue:

mutectrl msg send --id

To check if your friend wrote you back already use the following commands:

mutectrl msg fetch --id
mutectrl msg list --id
mutectrl msg read --id --msgid X

(add help to a command to get help).

Messages are delayed and mixed with other messages on the server, so do not be surprised if your message is not delivered instantly.

Interactive mode

You can also use mutectrl in interactive mode:

exec 3<`tty`; mutectrl

help shows you all possible commands and with quit you can leave the interactive mode.

In interactive mode you have an active user ID which is used as the --id argument, if you do not specify it explicitly. Use mutectrl uid switch to switch the active UID.


You can automatically update mutectrl from source:

mutectrl upkeep update

Since this is an alpha release the software is evolving at a very high speed, please update frequently. We enforce an update, if your version is older than two weeks.


mutectrl writes its keys and messages to two encrypted databases in the directory given by option --homedir (default: ~/.config/mute). To backup your keys and messages, backup the following files in this directory:


The *.db files are the database files which are encrypted with a random key stored in the corresponding *.key file. The *.key files are protected by your passphrase. Make sure you keep backups of all four files and do not loose your passphrase!


Specification documents