Quantum is a Better Discord plugin offering enhanced privacy through message encryption.
Disclaimer: Please note that while this messaging system offers enhanced security measures, it does not provide absolute security. We also cannot be held responsible for any misuse of this software or any consequences resulting from its use.

Note: this project is under development but for the moment the two of us do not have enough time for new features or bug fixes. Please be patient, we will continue for sure!

As mentioned above, this plugin serves as an additional layer of security rather than an absolute safeguard. It facilitates secure encryption and decryption of messages and keys across different channels. However, it's important to note that there are no fail-safes like 2FA or similar measures in place.

All encryption methods employed in this project utilize widely recognized and trusted libraries. We opted against the risky endeavor of developing proprietary cryptography algorithms. For transparency, you can review the libraries and packages used in our project here.

For messages we use the XChaCha20-Poly1305 encryption technique. It uses a 256-bit (32-byte) key and a 192-bit nonce. XChaCha20 is a variant of the ChaCha20 stream cipher, designed for high-speed secure encryption. Poly1305 is a cryptographic message authentication code (MAC) used alongside to ensure data integrity and authenticity.
For secure key exchange between channels, we use the Ed25519 signature scheme.

• git | or clone this repo via GitHub
• Node.js & npm | or any other node package manager and js runtime
• BetterDiscord

Clone the project:

git clone https://github.com/imnaK/quantum.git

Go to the project directory:

cd ./quantum

Install dependencies:

npm install

Currently the secret key is still imported at build time, so a corresponding json file with the 32 byte key must be created:

node -e "require('fs').writeFileSync('.secret.json',JSON.stringify({key:require('crypto').randomBytes(32).toString('hex')}));"

Disclaimer: Please note that anyone possessing the secret key has the ability to decrypt the messages!

Build the project:

npm run build

Build a production ready minified file:

npm run build:production

The corresponding file build\Quantum.plugin.js or build\Quantum.min.plugin.js will be created.

Afterwards, the plugin will be automatically copied to the BetterDiscord plugin directory.

Format using the project standard.

npm run format

As this project continues to evolve, it's possible that some features listed here may be pending development. Rest assured, they are on their way.

• Message Encryption and Decryption:
  • Implement encryption and decryption mechanisms for messages exchanged in direct message chats.
  • Ensure that sensitive information remains protected during transmission and storage on Discord.
  • Continuously enhance security measures, acknowledging our ongoing investigation into potential vulnerabilities, such as transmissions to Discord during typing.
• Key Exchange:
  • Establish a method for securely exchanging encryption keys between users in direct message chats.
• Key Storage in "quantum" Directory:
  • Store encryption keys per user account in a directory named "quantum."
  • Ensure that the "quantum" directory is located as a sibling to the plugins directory.
  • Implement security measures to protect keys stored in the "quantum" directory.

When you launch Quantum for the first time, a popup will appear, prompting you to enter a master password. This password protects your chat encryption keys, ensuring their security. You'll need to enter this password each time you restart Discord, Quantum, or switch between accounts. While the encrypted file is highly secure and resistant to brute force attacks, it's crucial to choose a strong password for added protection.

If you want to en-/decrypt messages in a direct message chat you first need to exchange a key:

The procedure for the key exchange is still in development. Check back later too see if this line of text is gone. :)

After a key is exchanged you can use the prefix q: to write encrypted messages and decrypt them by right clicking -> "Decrypt Message".
Example:

At this point of development there is not much of contributing to this project. If you still have interest in contributing, contact us on our Discord.

This software is licensed under the GPL v3 license included here.