1
0
Fork
You've already forked reach
0
An end-to-end encrypted communication platform designed for collaborative groups who wish to let anonymous individuals reach out to them with information and/or requests.
  • Rust 84.7%
  • Gleam 5.5%
  • Just 4.8%
  • Python 1.6%
  • Nix 1.2%
  • Other 2.2%
2025年02月01日 13:04:17 -05:00
.githooks fix(githooks): Remove accidental addition of shell=True 2025年02月01日 13:04:17 -05:00
assets docs(assets): Add project logo 2024年03月22日 14:52:48 -04:00
attestant feat(reachable-app): Make reachable-app use same backend communication format as reaching-app 2025年01月15日 21:37:58 +01:00
common Remove shell=True, but oci_run_command does not add -it 2025年02月01日 11:46:24 -05:00
documentation docs: Update and fix docs 2025年01月16日 14:11:21 +01:00
LICENSES chore: Change project license to EUPL-1.2 2024年11月27日 13:22:21 -05:00
misc chore: Move utils.py to common, add comments to scripts 2025年01月13日 16:23:07 +01:00
node feat(reachable-app): Make reachable-app use same backend communication format as reaching-app 2025年01月15日 21:37:58 +01:00
reachable-app docs: Update and fix docs 2025年01月16日 14:11:21 +01:00
reaching-app refactor: Move more Gleam code into shared modules when they're useful in multiple places 2025年01月16日 12:29:17 +01:00
secrets feat(reachable-app): Make reachable-app use same backend communication format as reaching-app 2025年01月15日 21:37:58 +01:00
tests feat(core,attestant): Even sign salts that aren't changing over time 2024年12月18日 17:42:34 +01:00
.gitignore ci: Use just recipes to build projects in CI 2025年01月16日 15:32:04 +01:00
.taurignore feat(reachable-app): Introduce Lustre + Tauri based app, with hot realoading for Rust and Gleam 2025年01月14日 19:08:14 +01:00
.woodpecker.yaml ci: Use just recipes to build projects in CI 2025年01月16日 15:32:04 +01:00
Cargo.lock chore: Bump Rust dependencies and toolchain 2025年01月10日 15:16:54 +01:00
Cargo.toml feat(reachable-app): Make reachable-app use same backend communication format as reaching-app 2025年01月15日 21:37:58 +01:00
CONTRIBUTING.md docs: Change documentation host, include API docs, include README and CONTRIBUTING 2025年01月12日 17:26:50 +01:00
flake.lock chore: Bump Rust dependencies and toolchain 2025年01月10日 15:16:54 +01:00
flake.nix chore(devshell): Add bun JavaScript runtime to test Gleam projects 2025年01月10日 13:38:36 +01:00
justfile Remove shell=True, but oci_run_command does not add -it 2025年02月01日 11:46:24 -05:00
README.md docs: Update and fix docs 2025年01月16日 14:11:21 +01:00
REUSE.toml feat(reachable-app): Introduce Lustre + Tauri based app, with hot realoading for Rust and Gleam 2025年01月14日 19:08:14 +01:00
rust-toolchain.toml chore: Bump Rust dependencies and toolchain 2025年01月10日 15:16:54 +01:00

Reach

Reach is an end-to-end encrypted communication platform designed for collaborative groups who wish to let anonymous individuals reach out to them with information and/or requests. It is engineered for the unique challenges posed by the needs of organisations and collectives that want to protect themselves as much as the people who contact them.

As a project, it aims to expand usefulness of patterns commonly associated with whistleblowing systems, to which it is closely related. It's origins lie in SecureDrop's end-to-end encryption research (in which it also participated by contributing key insights), however its target audience is broader than that of GlobaLeaks but has a harder threat model than accommodated by Hush Line.

Warning

Reach is pre-alpha! Code in this repository is far from ready for deployment, and neither its underlying protocol nor its code have been independently reviewed. Documentation is currently aimed at developers. To keep an eye on the project, you can follow @reach@floss.social and read about its progress.

What's what?

Reach's architecture tries to anticipate a variety of usage scenarios, so even at an early stage it consists of many parts.

  • attestant/ : Reach Attestant, a command line tool that helps with some administrative tasks including preparing deployment and onboard/offboard reachable peers.

  • common/aliases/ : Type aliases (and wrapper types) used by all other components.

  • common/core/gleam/ : Types and functions used by multiple Gleam based frontends.

  • common/core/rust/ : Shared data structures and functionality, used by most other crates.

  • common/derive/ : Derive macros, which generate code for data structures fundamental to Reach.

  • common/ecdh-omr/ : ECDH based Oblivious Message Retrieval implementation, a key component to the protocol used by Reach. A generic package reusable by other projects.

  • common/encryption/ : Encryption related functionality, used by Reach Attestant, Reaching Link, Reachable Server Node, and Reachable Secrets.

  • common/harness/ : Test harness used by multiple components' tests.

  • common/passphrase/ : Word lists from which passphrases are generated, which in turn are used for deterministic key generation.

  • common/signatures/ : Signing and verifying related generic trait implementations.

  • common/ui/ : Shared Lustre UI components used by the Reachable and Reaching Apps.

  • common/visual-key-identity/ : Instead of asking users to compare alpha-numeric hashes for manual verification, Reach uses an emoji mapping to make visual comparisons more user friendly.

  • node/ : Reachable Nodes are the central communication hub. Hosts code for Server Nodes which are exposed by Tor Onion Services and Peer Nodes which are only accessible to other onboarded reachable peers via authenticated Onion Services.

  • reachable-app/ : The Reachable Application is a Tauri and Lustre based desktop app for reachable peers to check and respond to messages.

  • reaching-app/ : A browser based single-page application powered by Gleam and Lustre and Wasm (aka. Reaching Link) which allows anonymous individuals to contact the reachable peers.

  • secrets/ : Reachable Secrets is a service that handles all key generation, encryption key signing, as well as encryption and decryption of envelopes/message vaults for reachable peers.

  • tests/ : Integration tests for the Rust portion of the project.

Development

This project uses a Nix flakes based development shell to help developers share a predictable environment with all the prerequisite tooling installed to get right to work. To use it, we recommend to install the (delicious) Lix implementation of the Nix package manager. Lix provides install and upgrade instructions for your respective configuration.

To enable flakes, add the following line to your nix.conf (found in /etc/nix/ or ~/.config/nix/):

experimental-features = nix-command flakes

The Nix flake will set up all the tools Reach relies on (in no particular order): Rust, Gleam, just, wasm-pack, REUSE, protoc, etc.

Note

For Nix sceptics and the impatient, we also provide a container based setup (compatible with Podman and Docker) that can be used by installing just and running $ just containerized help.

Getting Started

Once you installed Nix, you can enter the development shell by running the following command in the root directory of the repository:

$ nix develop .

It's strongly encouraged for you to run just repo-config as a next step to set up and configure Git hooks that are also managed by the repository itself.

If you already installed just through your regular package manager, you can also run just develop from anywhere in the repository, which will trigger the repo-config recipe before dropping you into the development shell.

Running just help will give you an overview of which recipes exist and what they do:

$ just help
Welcome to Reach's development justfile 👋
Don’t forget to read CONTRIBUTING.md before you start ✨
Available recipes:
Available recipes:
 audit # 🧐 Check if any of this project's dependencies have advisories on rustsec.org
 build # 🚀 Build everything
 build-attestant # 🖋️ Build reach-attestant and reach-core with the attestant feature enabled
[...]

Contributing

If you would like to contribute to Reach (❤️) please refer to the CONTRIBUTING.md document to get familiar with the conventions that are expected by the project. Thank you for taking the time!

Credits

Reach was originally derived from and contributed to research into the Next Generation End-to-End Encrypted Design of SecureDrop by Giulio B. of Freedom of the Press Foundation, @smaury and Davide @TheZero of Shielder as well as the SecureDrop Team. Additional credits go to Olivia M. for pointing out and insisting on the the inevitability of Asymmetric Forward/Backward Secrecy, and @redshiftzero for prior art, as well as countless of people who provided us with feedback. This list will expand.

Early contributors (❤️) to Reach include:

Reach was initiated by @eaon