Quick Start Guide
From zero to encrypted messaging in under 5 minutes.
Step 1: Download RVNT
Download the appropriate package for your platform from the download page. Every release binary is signed with our GPG release key and includes a SHA-256 checksum.
| Platform | Package | Architecture |
|---|---|---|
| macOS | RVNT-x.x.x-arm64.dmg | Apple Silicon (M1/M2/M3/M4) |
| macOS | RVNT-x.x.x-x64.dmg | Intel |
| Linux | RVNT-x.x.x-amd64.AppImage | x86_64 |
| Linux | RVNT-x.x.x-amd64.deb | x86_64 (Debian/Ubuntu) |
| Windows | RVNT-x.x.x-x64.msi | x86_64 |
Verify before you run. Always verify the GPG signature and SHA-256 checksum before installing. See Verify Binary for instructions. If you prefer maximum assurance, build from source.
Step 2: Install
macOS
# Open the DMG and drag RVNT to Applications
open RVNT-x.x.x-arm64.dmg
# Homebrew support available after launch
# brew install --cask rvnt
# First launch: macOS will warn about unidentified developer.
# Go to System Settings > Privacy & Security > Open Anyway
# This is because RVNT is not signed with an Apple Developer ID.
# We refuse to give Apple a veto over your security software.Linux
# AppImage (any distro)
chmod +x RVNT-x.x.x-amd64.AppImage
./RVNT-x.x.x-amd64.AppImage
# Debian/Ubuntu
sudo dpkg -i RVNT-x.x.x-amd64.deb
sudo apt-get install -f # resolve dependencies if needed
# Arch Linux (AUR) — check rvntos.io/download for latest
# yay -S rvntWindows
# Run the MSI installer
# Double-click RVNT-x.x.x-x64.msi
# Follow the installation wizard
# RVNT will be available in the Start menu
# Windows SmartScreen may warn about an unrecognized app.
# Click "More info" > "Run anyway"Step 3: Create Your Identity
When you launch RVNT for the first time, the app generates your cryptographic identity locally on your device. No data is sent to any server during this process.
What happens during identity creation:
1. Generate Ed25519 identity keypair (signing)
2. Derive X25519 identity keypair (key exchange)
3. Generate ML-KEM-768 keypair (post-quantum)
4. Generate signed prekey (X25519, Ed25519 signature)
5. Generate 100 one-time prekeys (X25519)
6. Prompt for username (3-32 chars, alphanumeric + underscore)
7. Compute proof-of-work for username registration
8. Set device PIN (6+ digits)
9. Derive storage encryption key via Argon2id
10. Initialize encrypted SQLCipher database
11. Upload public key bundle to identity server (via Tor)You will be asked to:
- Choose a username: 3-32 characters. Alphanumeric and underscores only. This is your public identifier. Choose carefully -- it cannot be changed without creating a new identity.
- Set a PIN: 6 or more digits. This PIN derives the encryption key for your local database via Argon2id. There is no "forgot PIN" recovery. If you forget your PIN, your data is gone. This is by design.
- Optional: Set a duress PIN: A secondary PIN that, when entered, silently triggers panic mode and presents a decoy state. See PIN & Duress Mode.
No recovery. RVNT does not have a password reset, account recovery, or "forgot PIN" feature. Your PIN derives the encryption key. If you lose it, your data is permanently inaccessible. Write it down and store it securely, or accept the risk.
Step 4: Add Your First Contact
There are several ways to add a contact in RVNT:
Option A: Username Search
1. Tap the "+" icon in the conversation list
2. Select "Add by Username"
3. Enter the contact's RVNT username
4. RVNT fetches their public key bundle from the identity server
5. Verify the safety number (see below)
6. Contact is addedOption B: QR Code (Recommended)
1. Meet your contact in person
2. One person taps "+" > "Show My QR Code"
3. The other person taps "+" > "Scan QR Code"
4. The QR code contains:
- Username
- Ed25519 public key
- X25519 public key fingerprint
5. Scanning automatically verifies the key fingerprint
6. No MITM attack is possible with in-person QR exchangeOption C: Direct Connect (Advanced)
1. Tap "+" > "Direct Connect"
2. Enter the contact's libp2p multiaddr or .onion address
3. RVNT connects directly without using the identity server
4. You must still verify the safety number Verify safety numbers. After adding a contact via username search, compare safety numbers out-of-band (in person, over a verified phone call, etc.). If you skip this step, you are vulnerable to a MITM attack during initial key exchange. QR code exchange in person is the most secure option.
Step 5: Send Your First Message
Tap on the contact you just added. Type your message. Press send. That is it.
Behind the scenes, RVNT performs the following on your first message to a new contact:
1. Fetch recipient's prekey bundle (if not cached)
2. Perform hybrid X3DH key exchange:
a. DH1 = DH(your_identity_key, their_signed_prekey)
b. DH2 = DH(your_ephemeral_key, their_identity_key)
c. DH3 = DH(your_ephemeral_key, their_signed_prekey)
d. DH4 = DH(your_ephemeral_key, their_one_time_prekey)
e. PQ = ML-KEM-768 Encapsulate(their_pq_prekey)
f. SK = HKDF-SHA256(DH1 || DH2 || DH3 || DH4 || PQ_SS)
3. Initialize Double Ratchet with session key SK
4. Encrypt message with AES-256-GCM (ratchet-derived key)
5. Wrap in sealed sender envelope
6. Pad to fixed size
7. Route through Tor circuit
8. Deliver to peer via libp2pSubsequent messages skip step 2 (the key exchange is already established) and proceed directly with the Double Ratchet.
Step 6: Verify Your Setup
After sending your first message, verify that everything is working correctly:
- Message status shows "Delivered": The message reached the recipient's device.
- Tor indicator is active: Check the status bar for the Tor circuit indicator (onion icon). Green means connected.
- Safety number matches: Go to the contact's profile and compare the safety number with your contact's display. They should be identical.
What to Read Next
- How It Works -- Full technical walkthrough of the message pipeline
- PIN & Duress Mode -- Configure your security settings
- Panic Mode -- Understand the emergency data destruction system
- Protocol Specification -- Deep dive into the cryptography