Skip to content

VESvault

Real end-to-end encryption — with a way back in.

VESvault gives developers true end-to-end encryption and a realistic recovery path after a lost device — without the service ever being able to read your keys or your data. New keys are post-quantum by default (ML-KEM / FIPS 203).

Why VES is different

  • Zero-knowledge server. It stores only public keys, encrypted private keys, and encrypted vault entries. It never sees a VESkey or a decrypted private key — every decryption happens client-side.
  • Recovery without a backdoor. Total device loss is handled by threshold secret sharing among recovery contacts you choose in advance (Shamir over GF(256), scheme SSS1). No single party — and no coalition of contacts — can recover your keys alone: each share is stored encrypted to its contact's key, so the server can't read any share; contacts never receive your encrypted keys; and recovery is time-delay protected and visible to the owner.
  • Open source. The client libraries and the ves CLI are Apache-2.0.

Projects

Encryption libraries

📦 libVES.c End-to-end encryption for data at rest — C library + ves CLI
📦 libVES End-to-end encryption for the browser & Node — JavaScript (npm: libves)
📝 VESpost Reference app — e2ee collaborative sticky notes in ~300 lines of libVES.subtle (live demo)

Apps & services

✉️ VESmail End-to-end encrypted email via a local proxy (Android · Apple · Windows)
🔐 VESlocker Hardware-grade PIN security API
🌐 SNIF End-to-end TLS trust for IoT

Docs & install

Community

Questions, integration help, ideas, and design scrutiny are all welcome in Discussions. We built VES to be examined — hard questions about the threat model are exactly what we want.

Security issues: please report vulnerabilities privately — see our security policy — not in a public Discussion or issue.

Popular repositories Loading

  1. libVES.c libVES.c Public

    End-to-end encryption for data at rest: a C library and CLI with recoverable keys, post-quantum (ML-KEM) key exchange, and user-to-user sharing

    C 40 9

  2. snif snif Public

    Public, browser-trusted HTTPS for any device behind NAT — the device keeps its private key, the relay forwards SNI-routed ciphertext and can't read the traffic. Relay + connector + CA proxy; IETF d…

    C 16 1

  3. VESlocker VESlocker Public

    Hardware-enclave PIN security without the hardware: the key is split between the user's PIN and a rate-throttled key server, eliminating offline brute-force — wrong guesses hit a lifetime cap, like…

    JavaScript 12 1

  4. VESmail VESmail Public

    Transparent IMAP/SMTP proxy that end-to-end encrypts outgoing and decrypts incoming email — existing mail clients and providers keep working unchanged. Key exchange and recovery through the VESvaul…

    C 11 1

  5. libVES libVES Public

    End-to-end encryption for the browser and Node: a JavaScript library (npm: libves) with recoverable keys, post-quantum (ML-KEM) key exchange, and user-to-user sharing

    JavaScript 10 1

  6. VESmail-android VESmail-android Public

    VESmail Local Proxy for Android

    Kotlin 3 1

Repositories

Showing 10 of 17 repositories

Top languages

Loading…

Most used topics

Loading…