Libsodium on Whistleblowing Softwarehttps://whistleblowing-software.pages.dev/tags/libsodium/Recent content in Libsodium on Whistleblowing SoftwareHugoen-usMon, 13 Apr 2026 00:00:00 +0000Voice Hotline Intake: STT Pipeline for Sapin II Compliancehttps://whistleblowing-software.pages.dev/posts/voice-hotline-intake-stt-pipeline-sapin-ii-compliance/Fri, 13 Mar 2026 00:00:00 +0000https://whistleblowing-software.pages.dev/posts/voice-hotline-intake-stt-pipeline-sapin-ii-compliance/<p>A compliant voice hotline intake under France&rsquo;s <a href="https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000045388745">Loi Waserman</a>, the act that modernised Sapin II to transpose <a href="https://eur-lex.europa.eu/eli/dir/2019/1937/oj/eng">EU Directive 2019/1937</a>, is one pipeline, not three. Capture audio in the browser via the <a href="https://developer.mozilla.org/en-US/docs/Web/API/MediaRecorder">MediaRecorder API</a>, encrypt and upload it into the same report bundle as the text fields using libsodium <a href="https://doc.libsodium.org/public-key_cryptography/sealed_boxes">SealedBox</a> to the recipient&rsquo;s Curve25519 public key, produce a draft transcript on the recipient side using a self-hosted STT model, and let the reporter verify, rectify, and approve through an anonymous one-time receipt code (never an email or phone re-prompt). The same five-stage pipeline satisfies Article 9(2) and Article 18 of the directive, France&rsquo;s verify/rectify/approve cycle, and Italy&rsquo;s <a href="https://www.gazzettaufficiale.it/eli/id/2023/03/15/23G00032/sg">D.lgs. 24/2023</a> oral-report rule. The only deltas across regimes are the consent UX wording and the retention period.</p>Encrypting Whistleblower Reports: Receipts, SealedBox, SecretBoxhttps://whistleblowing-software.pages.dev/posts/encrypting-whistleblower-reports-receipts-sealedbox-secretbox/Sun, 20 Jul 2025 00:00:00 +0000https://whistleblowing-software.pages.dev/posts/encrypting-whistleblower-reports-receipts-sealedbox-secretbox/<p>A whistleblower report needs a complete encryption protocol, not a checkbox that says &ldquo;AES-256&rdquo;. A reference design that has converged across mature open-source whistleblowing platforms pairs three primitives in a way every serious system should recognise: a 16-digit random receipt code (stored on the server only as a SHA-256 hash, shaped like a phone number so the reporter can hide it among contacts), libsodium <a href="https://pynacl.readthedocs.io/en/latest/public/#nacl.public.SealedBox">SealedBox</a> (Curve25519 + XSalsa20 + Poly1305) to wrap a per-submission data key to each authorised recipient&rsquo;s public key, and libsodium <a href="https://pynacl.readthedocs.io/en/latest/secret/#nacl.secret.SecretBox">SecretBox</a> (XSalsa20 + Poly1305) to encrypt the submission body and attachments under that data key. Each recipient&rsquo;s Curve25519 private key sits on the server encrypted under a symmetric key derived from the recipient&rsquo;s password via Argon2ID tuned to 128 MB of memory and roughly one second of computation per login. As of April 2026, this is the protocol that production deployments serving anti-corruption activists, corporate compliance teams, and investigative newsrooms actually run.</p>