Skip to content
All posts

Tamper-Proof Encrypted Communication Channel Backed by immudb Vault

Communication has always had a significant impact on our daily routine no matter what we do or who we are. Unfortunately living in nowadays fast-phased environment in-person conversations are quite exclusive and are less preferred compared to network-connected solutions.

Despite the fact that emails, online meetings, and messengers are not something new, challenges still arise to ensure transparent security and integrity.

You can also read more about the importance to combine tamper-proof solutions with encryption here:


There are two parts that characterize trust in communication where the first one is ensuring that the information was delivered unchanged and the second to ensure that no one else saw the message during the transit.

By combining encryption and integrity we present a simple proof-of-concept tool ensuring a tamper-proof encrypted communication channel between two external parties. The tool is backed by immudb Vault that ensures integrity by mathematically proved algorithms and is intended to be used for exchanging information between external parties. On top of that by your choice, the tool provides encryption of messages by either symmetric AES encryption or by use of a PGP public/private key infrastructure.

Immuch is a tool written in Golang and requires just a few steps to get your trusted messaging started.

What you need to fire it up

  1. Register at and get your API key
  2. Exchange your API key with the other party
  3. (Optional but recommended) Generate your AES or PGP keys for message encryption. There is a step-by-step guide for generating the keys provided in the project's
  4. Get the Immuch by building it from the source or getting an already compiled binary

Once the prerequisites are done you can fire it up by setting your minimal environment with immudb Vault API key, your preferred encryption method, and optionally with your identity in case you would not like to stay anonymous.

./immuch setup \
--vault-key <your-vault-key> \
--enc-aes <aes-key-here> \
--enc-pgp-pub ~/.gnupg/pubkey.asc \
--enc-pgp-priv ~/.gnupg/private.gpg \
--enc-pgp-passphrase <your-private-key-passphrase-here> \
--identity kristaps


Note that setting either of the encryption keys are optional but strongly encouraged so ensure full trust within the channel.

Completing the setup will generate a config file in your home directory ~/.immuch.yaml with all of the parameters you've set during the setup so you don't need to worry about them again. Of course, you may update any of them whenever there is a need.

enc_key_aes: <aes-key>
enc_key_pgp_passphrase: <encrypted>
enc_key_pgp_priv: /home/u/.gnupg/private.gpg
enc_key_pgp_pub: /home/u/.gnupg/pubkey.asc
identity: kristaps
seckey: <sec-key>
vault_key: <immudb-vault-api-key>

How it looks in action

Use of the tool is straightforward. All you need to do is to set your message and encryption to be used.

To receive it back all it takes is to use the receive command. It will automatically recognize the type of encryption and perform the decryption as long as you have your key configured on the receiving end.

All dispatched messages are stored and can be accessed via a user interface of immudb Vault.

Let's take a look at sending out and receiving messages with both encryption mechanisms.

AES encrypted message 

Sending it out

/immuch send "Hi there encrypted with AES" --encrypt-aes
Using config file: /home/u/.immuch.yaml
Wednesday, 12-Jul-23 11:14:30 EEST sent: kristaps ---> Hi there encrypted with AES


Receiving it at the other end

./immuch receive
Using config file: /home/u/.immuch.yaml
Wednesday, 12-Jul-23 11:14:30 EEST received: kristaps ---> Hi there encrypted with AES


Message encrypted with public/private key infrastructure


Sending it out

./immuch send "hi pgp encrypted 1" --encrypt-pgp
Using config file: /home/u/.immuch.yaml
Wednesday, 12-Jul-23 11:26:53 EEST sent: kristaps ---> Hi! This is PGP encrypted


Receiving it at the other end

./immuch receive
Using config file: /home/u/.immuch.yaml
Wednesday, 12-Jul-23 11:26:53 EEST received: kristaps ---> Hi! This is PGP encrypted


The future of digital communication lies in the preservation of trust, security, and integrity, something that immudb's Immuch tool seeks to provide. By enabling a tamper-proof encrypted communication channel, we're not only advancing in technological development but also ensuring that our digital conversations remain private and secure. The application of immudb Vault's mathematically proven algorithms combined with either AES or PGP encryption gives us a practical and robust solution for secure messaging. 

Although the setting up might seem slightly technical at first, once you go through the process, it is a relatively straightforward affair. You have the freedom to choose your preferred encryption method and the identity you wish to communicate with. All these parameters are easily customizable according to the level of security you desire.

Furthermore, the added advantage of being able to access all dispatched messages via the user interface of immudb Vault increases transparency and accessibility for the user. This tool, written in Golang, is not just an application; it's a pathway toward a more secure and trusted digital world. So why wait? Get your trusted messaging started with Immuch today, and step into the future of secure, encrypted communication.

Sign Up today for immudb Vault