Overview

DropOnAir provides secure, real-time messaging infrastructure as a service. Your backend is the authentication source of truth — it issues short-lived SDK tokens that your client SDK uses to connect. DropOnAir never stores encryption keys or message plaintext.

Architecture

🔐
Client SDK

Generates X25519 keypairs locally. Encrypts with AES-256-GCM before sending.

🏗️
Your Backend

Authenticates users, signs HMAC requests, exchanges tokens, and serves public keys.

📡
DropOnAir Relay

Blind relay — routes encrypted blobs, queues offline messages, issues delivery receipts.

Cryptographic primitives

  • ✓  X25519 ECDH — Key agreement for per-conversation shared secrets
  • ✓  HKDF-SHA256 — Derives AES-256 symmetric key from shared secret
  • ✓  AES-256-GCM — Authenticated encryption with 96-bit nonce, 128-bit auth tag
  • ✓  AAD binding — messageId, senderId, recipientId, timestamp bound to ciphertext