DWAG.
Back to Overview

Solun

Solun is an end-to-end encrypted platform for secure data exchange and email communication with multi-layered security architecture and zero-knowledge principle.

07 May, 2023
WebsiteGitHub

Project Overview

Solun is a platform for secure data exchange based on the principle of end-to-end encryption. The project was developed with the goal of creating a user-friendly alternative to existing services like Privnote, while implementing the highest security standards. Over the course of development, the concept was expanded to include secure email functionality.

Security Architecture

Solun's security architecture is based on several key concepts:

Multi-layered Encryption

Solun implements a multi-layered encryption system with the following components:

  • Client-side AES-256-GCM encryption for messages and files
  • RSA-2048 for asymmetric key pairs in email communication
  • Argon2id for secure password hashing and key derivation
  • TLS 1.3 for transport encryption

Security Options

A central feature of Solun is the ability to choose different security levels:

  • Standard Security: Optimized for user-friendliness with automatic key management
  • Advanced Security: With additional authentication steps and access controls
  • Maximum Security: Implements zero-knowledge principles with complete client-side encryption and key management

Zero-Knowledge Architecture

At the highest security level, Solun implements a complete zero-knowledge architecture:

  • Encryption keys are exclusively generated and managed client-side
  • The server never has access to unencrypted data or keys
  • Metadata is minimized and anonymized where possible
  • Optional self-destruction of messages after reading

Technical Implementation

The platform was developed using modern web technologies:

Frontend

  • NextJS for server-side rendering and optimized performance
  • Web Crypto API for cryptographic operations in the browser
  • Progressive enhancement for functionality even without JavaScript
  • Responsive design for optimal use on all devices

Backend

  • ExpressJS for the REST API with structured middleware architecture
  • MongoDB for data persistence with automatic data encryption
  • Integration with Mailcow for email functionality
  • Docker for containerization and easy deployment

Email Integration

Solun's email functionality was implemented based on Mailcow and enhanced with the following security features:

  • End-to-end encryption for emails between Solun users
  • Automatic PGP integration for communication with external email services
  • Secure key management with optional hardware token support
  • Anti-phishing measures and advanced spam filtering

Privacy and Anonymity

Solun was developed with a strong focus on privacy:

  • Minimal data collection without tracking or user profiling
  • Automatic deletion of temporary data after a defined period
  • Transparent privacy policies and open-source code for trustworthiness
  • Optional Tor integration for anonymous access

Technologies Used

  • NextJS for the frontend
  • ExpressJS for the backend
  • MongoDB for data persistence
  • Docker for containerization and deployment
  • Mailcow for email functionality
  • Web Crypto API for cryptographic operations

Visual Representation

Message transmission with security options and encryption settings Secure file transfer with access controls and expiration options Registration process with security notes and key generation User dashboard with overview of sent messages and security status Email management with encryption options and security settings

Back to Overview