EvoE2EE SDK (End-to-End Encryption)

!EvoE2EE Banner

Production-grade End-to-End Encryption (E2EE) SDK for React, Node.js, and Vanilla JS. Built on top of ECDH (P-256), AES-256-GCM, and HKDF.

> [!IMPORTANT]
> This SDK implements a "Signal-Style" double-ratchet inspired flow, ensuring that even if your server is compromised, the messages remain undecipherable.

---

System Architecture

!Architecture Flow

$3

``mermaid sequenceDiagram participant S as Sender participant K as KeyServer (Your DB) participant R as Receiver

Note over S,R: 1. Setup Phase R->>K: Publish Identity & Encryption Public Keys Note over S,R: 2. Encryption Phase S->>K: Fetch Receiver's Public Key S->>S: Generate Ephemeral ECC Key S->>S: ECDH (Ephemeral Priv + Receiver Pub) S->>S: HKDF(SharedSecret) -> AES Session Key S->>S: AES-GCM Encrypt(Message) S->>S: ECDSA Sign(Ciphertext + EphemeralPub)

Note over S,R: 3. Transmission S->>K: Send {ciphertext, ephemeralPub, signature, iv}

Note over S,R: 4. Decryption Phase K->>R: Deliver Payload R->>R: ECDSA Verify(Signature) R->>R: ECDH (Receiver Priv + Ephemeral Pub) R->>R: HKDF(SharedSecret) -> AES Session Key R->>R: AES-GCM Decrypt(Ciphertext)`

---

`Quick Start Guide`

`$3`

bash
npm install evo-e2ee


$3

Initialize the SDK once at the start of your application. It automatically chooses the best crypto provider (Node WebCrypto or Browser SubtleCrypto).

`typescript import { evoE2EE } from "evo-e2ee";

await evoE2EE.init({ appId: "my-secure-app", platform: "react" // or 'node' | 'browser' });`

`$3`


The SDK manages two types of keys for every user:
1. Identity Key: Long-term key used for signing (Authenticity).
2. Encryption Key: Used for ECDH shared secret derivation.

`typescript const { identityKey, encryptionKey } = evoE2EE.getPublicKeys(); // Store these on your server so others can find you!`

---

`Developer Manual`

`$3`


To send a message, you need the recipient's Encryption Public Key.

`typescript const encryptedPayload = await evoE2EE.encrypt( "Secret Message", "RECIPIENT_ENCRYPTION_PUBLIC_KEY_BASE64" );

// encryptedPayload contains: // { cipherText, ephemeralPublicKey, signature, iv, version }`

`$3`


When you receive a payload, you can decrypt it. If you know the sender, pass their Identity Public Key to verify their identity.

`typescript try { const plainText = await evoE2EE.decrypt( encryptedPayload, "SENDER_IDENTITY_PUBLIC_KEY_BASE64" ); console.log("Decrypted:", plainText); } catch (err) { console.error("Decryption failed or Signature invalid!"); }``

---

🛠 Production Safeguards

---

License

Non-Commercial License . Created by Daksha Dubey.

EvoE2EE SDK (End-to-End Encryption)

!EvoE2EE Banner

Production-grade End-to-End Encryption (E2EE) SDK for React, Node.js, and Vanilla JS. Built on top of ECDH (P-256), AES-256-GCM, and HKDF.

> [!IMPORTANT]
> This SDK implements a "Signal-Style" double-ratchet inspired flow, ensuring that even if your server is compromised, the messages remain undecipherable.

---

System Architecture

!Architecture Flow

$3

``mermaid sequenceDiagram participant S as Sender participant K as KeyServer (Your DB) participant R as Receiver

Note over S,R: 3. Transmission S->>K: Send {ciphertext, ephemeralPub, signature, iv}

---

`Quick Start Guide`

`$3`

bash
npm install evo-e2ee


$3

Initialize the SDK once at the start of your application. It automatically chooses the best crypto provider (Node WebCrypto or Browser SubtleCrypto).

`typescript import { evoE2EE } from "evo-e2ee";

await evoE2EE.init({ appId: "my-secure-app", platform: "react" // or 'node' | 'browser' });`

`$3`


The SDK manages two types of keys for every user:
1. Identity Key: Long-term key used for signing (Authenticity).
2. Encryption Key: Used for ECDH shared secret derivation.

`typescript const { identityKey, encryptionKey } = evoE2EE.getPublicKeys(); // Store these on your server so others can find you!`

---

`Developer Manual`

`$3`


To send a message, you need the recipient's Encryption Public Key.

`typescript const encryptedPayload = await evoE2EE.encrypt( "Secret Message", "RECIPIENT_ENCRYPTION_PUBLIC_KEY_BASE64" );

// encryptedPayload contains: // { cipherText, ephemeralPublicKey, signature, iv, version }`

`$3`


When you receive a payload, you can decrypt it. If you know the sender, pass their Identity Public Key to verify their identity.

---

🛠 Production Safeguards

---

License

Non-Commercial License . Created by Daksha Dubey.