An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol.

MLS is a new IETF end-to-end encryption standard that is designed to provide transport agnostic, asynchronous, and highly performant communication between a group of clients.

• Multi-party E2EE group evolution via a propose-then-commit mechanism.
• Asynchronous by design with pre-computed key packages, allowing members to be added to a group while offline.
• Customizable credential system with built in support for X.509 certificates.
• Extension system allowing for application specific data to be negotiated via the protocol.
• Strong forward secrecy and post compromise security.
• Crypto agility via support for multiple cipher suites.
• Pre-shared key support.
• Subgroup branching.
• Group reinitialization for breaking changes such as protocol upgrades.

• Easy to use client interface that can manage multiple MLS identities and groups.
• 100% RFC 9420 conformance with support for all default credential, proposal, and extension types.
• Support for WASM builds.
• Configurable storage for key packages, secrets and group state via traits along with provided "in memory" and SQLite implementations.
• Support for custom user proposal and extension types.
• Ability to create user defined credentials with custom validation routines that can bridge to existing credential schemes.
• OpenSSL and Rust Crypto based cipher suite implementations.
• Crypto agility with support for user defined cipher suite.
• Extensive test suite including security and interop focused tests against pre-computed test vectors.

For cipher suite descriptions see the RFC documentation here

This library has been validated for conformance to the RFC 9420 specification but has not yet received a full security audit by a 3rd party.

This library is licensed under the Apache-2.0 or the MIT License.