Seal is an end-to-end encrypted chat application that treats the server as an untrusted relay. It pairs LanceDB, an embedded columnar database, with libsodium’s audited cryptography to store only ciphertext and metadata. This architecture eliminates traditional database servers and separate blob storage, aiming for simple deployment and low operational costs through object storage.

Security relies on each user generating an X25519 key pair in the browser, with private keys never leaving the client. For forward secrecy, every message uses a fresh ephemeral X25519 key pair. A clever workaround ensures senders can read their own sent messages: the system stores a second copy encrypted under the sender’s public key with a special channel marker.

Sending images to multi-user channels uses hybrid encryption. The image is encrypted once with a symmetric key, then only that tiny key is encrypted for each recipient using X25519, avoiding expensive O(N) full encryptions. For device backup, private keys are exported under a password using Argon2id, a memory-hard key derivation function resistant to hardware attacks.

This design demonstrates how modern embedded databases and rigorous cryptography can combine to solve the core tension in E2E systems: the server must handle storage and routing without ever accessing plaintext. The result is a functional stack that prioritizes both security and operational simplicity.