-
Notifications
You must be signed in to change notification settings - Fork 4
FAQ
This page answers common questions about QuietDrop, its features, and how to use it.
QuietDrop is an end-to-end encrypted messaging application built in Rust, focusing on privacy, security, and performance. It uses modern cryptographic libraries to ensure your messages remain confidential.
Yes, QuietDrop is an open-source project released under the MIT License, which means it's free to use, modify, and distribute.
QuietDrop is a cross-platform application that supports:
- Desktop: Windows, macOS, Linux
- Mobile: Android, iOS (in development)
All platforms use the same codebase and security model, providing a consistent experience across devices.
QuietDrop is built with:
- Rust for the core library and business logic
- Tauri 2.0 for cross-platform application development
- Yew (a Rust framework) for the frontend UI
- WebAssembly for compiling Rust to run in WebView
- Sodiumoxide for cryptographic operations
QuietDrop is currently in early development and not yet recommended for production use or sensitive communications. Check our roadmap for development status.
QuietDrop implements end-to-end encryption using established cryptographic libraries (sodiumoxide/libsodium). Messages are encrypted on the sender's device and can only be decrypted by the intended recipient.
No. With end-to-end encryption, messages are encrypted before they leave your device and can only be decrypted by the intended recipient. The server only handles encrypted data it cannot read.
Not yet. QuietDrop is in early development and has not undergone a formal security audit. We plan to conduct an audit as the project matures.
QuietDrop uses:
- X25519 for key exchange
- XSalsa20 stream cipher for encryption
- Poly1305 for message authentication
- Argon2id for password hashing
In the current implementation, messages are not persistently stored. We're working on implementing a SQLite database with sqlx for secure local storage of encrypted messages in upcoming versions.
Yes. Both mobile and desktop versions use the same encryption library and security model. All messages are encrypted and decrypted locally on your device.
See our Getting Started guide for installation and usage instructions for both desktop and mobile platforms.
Android users can download the APK from the Releases page. iOS users will need to wait for App Store availability or build from source using Xcode.
Yes, QuietDrop's encryption is designed to protect your messages even on untrusted networks. However, remember that the current version is still in development.
Multi-device support is planned but not yet implemented. In the current version, each device has its own identity and key pair.
Group chat functionality is under development but not yet available in the current version.
File transfer functionality is planned but not yet implemented in the current version.
The current version does not include delivery receipts. This feature is planned for future releases.
Rust was chosen for its combination of performance, memory safety, and security. These properties are especially important for cryptographic applications where security bugs can have serious consequences.
Tauri provides several advantages:
- Cross-platform support for desktop and mobile from a single codebase
- Native performance and small bundle size
- Security through process isolation
- Ability to use Rust throughout the entire stack (with Yew/WebAssembly)
Yes, QuietDrop is designed to allow you to run your own server. See the Getting Started guide for instructions on running the server component.
The current version does not include a key backup mechanism. This feature will be added in future versions. For now, make sure to keep the generated key files safe.
No, QuietDrop currently uses its own protocol and is not interoperable with other messaging applications.
QuietDrop has minimal system requirements:
Desktop:
- Modern operating system (Windows 10+, macOS 10.15+, or Linux with WebKit2GTK)
- Internet connection
- Approximately 50MB of disk space
- Minimal RAM usage (~50MB)
Mobile:
- Android 8.0+ or iOS 13.0+
- Approximately 30MB of storage
- Standard connectivity and hardware
Currently, QuietDrop requires an internet connection for messaging. Offline support with message queuing is planned for future releases.
Signed commits are commits that have been cryptographically verified to come from a trusted contributor. QuietDrop requires signed commits for all contributions to the master branch for these reasons:
- Authenticity verification: Confirms that commits actually come from the claimed author
- Security assurance: Prevents attackers from pushing malicious code if they gain access to a contributor's GitHub account
- Chain of custody: Establishes a verifiable chain of code changes
- Integrity: Aligns with our security-focused approach to development
You can set up commit signing using either GPG or SSH keys:
-
Using GPG (recommended):
# Generate a GPG key if you don't have one gpg --full-generate-key # Configure Git to use your key git config --global user.signingkey YOUR_KEY_ID git config --global commit.gpgsign true # Add your public key to GitHub gpg --armor --export YOUR_KEY_ID # Copy output and add to GitHub Settings → SSH and GPG keys
-
Using SSH:
# Configure Git to use SSH signing git config --global gpg.format ssh git config --global user.signingkey ~/.ssh/id_ed25519.pub git config --global commit.gpgsign true
See the GitHub guide on signing commits for detailed instructions.
This usually happens for one of these reasons:
- You haven't added your public key to your GitHub account
- The email in your commit doesn't match the email associated with your GPG key
- Your GPG key has expired
To fix this, verify that the email in your Git configuration matches the one in your GPG key:
git config --global user.email "[email protected]"If your PR contains unsigned commits, you have a few options:
-
Amend the commits: You can use
git commit --amend --no-edit -Sand force push - Create a new branch with signed commits: Create a new branch, cherry-pick your changes with signing, and create a new PR
- Ask for a squash merge: A repository maintainer can squash and sign your commits during the merge
For detailed instructions, see our Contributing Guide.
We welcome contributions! See our Contributing Guide for details on how to get involved.
See our Development Guide for detailed instructions on building from source for desktop and mobile platforms.
For Android:
cd quietdrop-tauri
cargo tauri android buildFor iOS:
cd quietdrop-tauri
cargo tauri ios buildSee our Development Guide for detailed prerequisites and instructions.
QuietDrop's API is still evolving. You can find current documentation in the API.md file.
Check out the Architecture wiki page for details on how QuietDrop is designed, or the Tauri Architecture document for information specific to the Tauri implementation.
No. QuietDrop's frontend is built with Yew, a Rust framework that compiles to WebAssembly. You can contribute to the frontend using Rust without needing JavaScript knowledge.
If your question isn't answered here:
- Search GitHub Discussions to see if it's been addressed previously
- Start a new discussion in the Q&A category
- For potential bugs or features, check GitHub Issues
QuietDrop Wiki | Home | Getting Started | FAQ | Security Model | Architecture | Development Guide
Main Repository | Report Issues | Contributing
© 2023-2025 QuietDrop Contributors | MIT License
Last updated: April 2025