Skip to content

secrooq/StealthRelay

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

28 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ”’ StealthRelay

Defend your digital footprint with mathematical immunity.

StealthRelay is a premium, enterprise-grade Zero-Trust Ephemeral Secret Sharing and Encrypted Anonymous Email Relay platform. Engineered for absolute digital sovereignty, it permanently shields identities using high-grade client-side browser cryptography and serverless dynamic relays routed globally through the Cloudflare Edge network.


πŸ›‘οΈ Core Technologies & Security Credentials

Next.js TypeScript Cloudflare Edge Security Model License


⚑ Key Architectural Features

Feature Technical Engine Guarantee
Zero-Knowledge Ephemeral Seals Local AES-256-GCM via Web Crypto API Keys reside in the URL hash fragment; never transmitted to servers.
Edge-Level Rate Limiting Cloudflare D1 + Workers KV sliding window check Prevents brute force scanning and volumetric resource abuse.
RAM-Only EXIF Bleaching Client-side Canvas & Binary sanitization array Complete metadata removal (GPS, camera specs, timestamps) before upload.
Inbound Masking Relays Dynamic outbound email alias shielding Sanitizes web-trackers and cookie beacons, forwarding clean payloads only.

πŸ”’ Cryptographic Architecture & Flow

+-----------------------------------------------------------------+
|                       CLIENT BROWSER                            |
|                                                                 |
|   1. Local RAM: Bleach Image EXIF (Canvas pixel redraft)       |
|                                                                 |
|   2. Generate local symmetric key: AES-256-GCM                  |
|                                                                 |
|   3. Seal file/payload -> Ciphertext + IV                       |
|                                                                 |
|   4. Generate dynamic link:                                     |
|      https://stealthrelay.io/read/[secret_id]#[aes_key]         |
+---------------------------------+-------------------------------+
                                  |
               Payload (Ciphertext only - NO KEY)
                                  v
+-----------------------------------------------------------------+
|                     CLOUDFLARE EDGE NETWORK                     |
|                                                                 |
|   5. Validate rate limit dynamically via Cloudflare D1          |
|                                                                 |
|   6. Store encrypted ciphertext globally inside Edge KV         |
+-----------------------------------------------------------------+

1. Zero-Knowledge Cryptographic Seal

All payloads, passwords, and file packets are locked in client-side volatile memory using standard AES-256-GCM encryption. The cryptographic key is strictly appended to the URL as a hash fragment (#key).

Note

Web browsers do not transmit hash fragments to servers during HTTP requests. The server stores only raw, unreadable ciphertext. Decryption is performed entirely inside the recipient's browser.

2. Client-Side EXIF Bleaching

Unlike typical backends that process files post-upload, StealthRelay redrafts images inside the local client's browser using HTML5 Canvas pixel arrays. It strips:

  • EXIF Geotags (GPS coordinates)
  • Camera make, model, and serial numbers
  • Creation dates and timezone trails

3. Serverless Edge Rate-Limiting

StealthRelay utilizes a sub-millisecond dynamic rate check built on Cloudflare D1 SQL bindings, protecting resource utilization securely without adding bulky database roundtrip latency.


πŸš€ Getting Started

Prerequisites

  • Node.js: v18.x or higher
  • Package Manager: npm (compatible with pnpm)

Local Development Setup

  1. Clone & Enter the Repository:

    git clone https://github.com/secrooq/StealthRelay.git
    cd StealthRelay
  2. Install Core Dependencies:

    npm install
  3. Launch the Development Server:

    npm run dev
  4. Verify Application: Open http://localhost:3000 inside your web browser.


βš–οΈ Open Source Verifiability & Trust

To maintain mathematical verifiability of all zero-knowledge and cryptographic promises, this repository remains entirely open source under the GNU Affero General Public License v3 (AGPL-3.0).

StealthRelay β€” Defend your digital footprint with mathematical immunity.

About

Premium Zero-Trust Ephemeral Sharing and Encrypted Email Relay platform. Engineered for absolute digital sovereignty using local AES-256-GCM client-side cryptography and serverless Cloudflare global network relays.

Topics

Resources

License

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors