Overview

DropOnAir provides secure, real-time messaging infrastructure as a service. Your backend is the authentication source of truth, it issues short-lived SDK tokens that your client SDK uses to connect. DropOnAir never stores encryption keys or message plaintext.

Architecture

Client SDK

Generates X25519 keypairs locally. Encrypts with AES-256-GCM before sending.

Your Backend

Authenticates users, signs HMAC requests, exchanges tokens, and serves public keys.

DropOnAir Relay

Blind relay, routes encrypted blobs, queues offline messages, issues delivery receipts.

Cryptographic primitives

  • ✓  X25519 ECDH, Key agreement for per-conversation shared secrets
  • ✓  HKDF-SHA256, Derives AES-256 symmetric key from shared secret
  • ✓  AES-256-GCM, Authenticated encryption with 96-bit nonce, 128-bit auth tag
  • ✓  AAD binding, messageId, senderId, recipientId, timestamp bound to ciphertext