Scorpio-Net

A Simple, Secure, Speedy Messaging Platform for Privacy-Minded Users

View on GitHub

Scorpio Net

A Simple, Secure, Speedy Messaging Platform for Privacy-Minded Users

CI

About

Scorpio Net is an end-to-end encrypted messaging application built with Flutter. It uses the Signal Protocol (X3DH + Double Ratchet) to ensure that only you and your recipient can read your messages — not servers, not corporations, not governments.

Security Architecture

Layer Technology
E2E Encryption Signal Protocol (X3DH + Double Ratchet)
Symmetric Cipher AES-256-GCM (authenticated encryption)
Key Exchange X25519 Diffie-Hellman
Signatures Ed25519
Password Hashing Argon2id (64 MiB, 3 iter, 2 lanes)
Key Derivation HKDF-SHA-512
Key Storage iOS Keychain / Android Keystore
Transport TLS 1.3 + WSS + certificate pinning
Local DB SQLite (encrypted)
RNG Platform CSPRNG

See SECURITY.md for the full security policy and vulnerability reporting process.

Project Structure

lib/
├── main.dart                        # Entry point
├── app.dart                         # Root widget + providers
├── core/
│   ├── constants/                   # App, crypto, and compliance constants
│   ├── config/                      # App, security, and network config
│   ├── errors/                      # Exceptions and failure types
│   ├── utils/                       # Logger, validators, input sanitizer
│   └── security/                    # Secure storage, random, jailbreak detection
├── crypto/
│   ├── encryption/                  # AES-256-GCM, HKDF, HMAC-SHA-512
│   ├── key_management/              # Key pair generation and secure storage
│   └── signal_protocol/             # X3DH, Double Ratchet, pre-key bundles
├── domain/
│   └── entities/                    # Message, User, Conversation entities
└── presentation/
    ├── providers/                   # Auth, Chat, Encryption, Connectivity
    ├── screens/                     # Login, ConversationList, Chat screens
    └── widgets/                     # MessageBubble and shared UI components

Getting Started

flutter pub get
flutter run

For production deployment, set the following --dart-define variables:

flutter run \
  --dart-define=API_BASE_URL=https://your-api.example.com/v1 \
  --dart-define=WS_BASE_URL=wss://your-ws.example.com/v1

Running Tests

flutter test

Compliance

See COMPLIANCE.md for NIST SP 800-53, HIPAA, GDPR, and FERPA control mappings.

Privacy

See PRIVACY.md for the privacy policy.

License

See LICENSE.