Skip to content

How to Send a VaultX Message (Drop Client)

This guide explains how to send an anonymous message or file using the VaultX Drop Client. The Drop Client is a standalone web app that lets anyone send encrypted payloads to a Receive Address without creating a Safe. It is built for first-contact and high-risk disclosure workflows where identity exposure is unacceptable.

VaultX uses client-side encryption (ML-KEM-1024 + AES-256-GCM) and hashes the Receive Address before sending it to the server.

Why Use the VaultX Drop Client?

  • Anonymous first contact: no account or login required.
  • Post-quantum security: ML-KEM-1024 + AES-256-GCM protect the payload.
  • Address privacy: the server never sees the raw Receive Address.
  • Optional Tor access: use Tor Browser for extra network privacy.

Security Note

Always verify the Receive Address or shareable link provided by the recipient. If you are in a high-risk environment, use a trusted device and consider Tor.

Prerequisites

  • Receive Address or shareable URL from the recipient.
  • Modern browser with JavaScript enabled.

Step-by-Step: Send a VaultX Drop

  1. Open the Drop Client Use the shareable URL from the recipient, or visit the VaultX Drop Client from the UnoLock website.

  2. Confirm the Receive Address If you opened a shareable URL, the address will be prefilled and a sender message may appear. Review any usage limits or attachment rules shown in the client.

  3. Compose your message Add a subject and message content.

  4. Add attachments (optional) Attach files if the address allows attachments. If attachments are disabled, the Drop Client will block file uploads.

  5. Send the drop The Drop Client encrypts locally and uploads the sealed payload.

  6. Save the address (optional) You can store frequently used Receive Addresses in a local, password-encrypted address book.

Troubleshooting

  • Invalid address: re-check the Receive Address or link.
  • Throttled: the address is rate-limited; try again later.
  • Usage exhausted: the address has hit its usage limit.
  • Attachments blocked: the recipient disabled attachments for this address.

What Happens Next

The recipient receives the message in their Safe inbox under the corresponding Receive Address. Decryption occurs client-side, and no account is required for the sender.

If you are a recipient and want to manage Receive Addresses, see Using VaultX Receive Addresses.