What does Gurzu specialize in?

Gurzu specializes in custom software development including web applications, mobile apps, IoT systems, AI integration, DevOps, cloud engineering, and QA automation for global clients.

How does Gurzu's engagement model work?

Gurzu offers three flexible engagement models: Fixed Scope Development for well-defined projects, Team Augmentation for scaling your existing team, and Rescue Mission for recovering troubled projects.

How long does it take to build a software product with Gurzu?

Timelines vary depending on scope and complexity. A typical MVP takes 8–16 weeks. Gurzu begins with a discovery call to scope your project and provide a realistic timeline estimate.

What industries does Gurzu serve?

Gurzu has deep expertise in IoT, Travel Tech, FinTech, Computer Vision, and AdTech, as well as general SaaS and platform development across multiple industries worldwide.

Where is Gurzu located?

Gurzu is headquartered in Lalitpur, Nepal, and works with clients globally across the US, Australia, UK, and Southeast Asia.

What technologies does Gurzu use?

Gurzu's team is experienced in Ruby on Rails, Node.js, React Native, Elixir, Python, JavaScript, PostgreSQL, MySQL, MongoDB, AWS, Docker, and Cypress, among others.

Magic of Wormhole: Secure Peer-to-Peer File Transfer Guide

Skip cloud storage, emailing yourself files, and uploading gigabytes to servers you’ll never fully trust. Wormhole is different, a file transfer tool that works more like physics than software.

Built by Brian Warner at Mozilla and later evolved into the open-source project magic-wormhole, it lets you beam a file directly from one machine to another, securely, ephemerally, with nothing stored in between. No account. No cloud. No trace.

1. Core System Architecture

Magic Wormhole is fundamentally protocol designed to solve the structural cryptographic Introduction Problem:

At its core, Wormhole is peer-to-peer file transfer secured by a cryptographic handshake called PAKE, Password-Authenticated Key Exchange.

Magic of Wormhole

Similar to how encrypted secrets management helps protect sensitive credentials in software systems, Wormhole derives shared encryption keys without ever transmitting the key itself.

A relay server helps the two machines find each other, but it never sees your file. Once connected, the data flows directly between sender and receiver, encrypted end-to-end.

The four-step handshake

Generate code: Sender runs the command; a short code like eg: 7-crossword-eclipse appears.
Share Verbally: Speak it aloud or type it in a chat. No link needed.
Receiver enters code: They type the same code on their end. The handshake begins.
Direct transfer: File flows encrypted. Once done, the wormhole closes. Nothing stored.

The flow of a file transfer execution is a state divided into three high-level execution phases:

Phase A: Discovery & Handshake

i. Nameplate Allocation: The sender allocates a dynamic channel identifier called a ‘nameplate’ from the Mailbox Server.\ ii. Password Synthesis: The software matches numerical channel with randomized, phonetically optimal word vectors.\ iii. Key Derivation: Endpoints connect to the matching nameplate and exchange SPAKE2 values. Both parties derive the exact same symmetric encryption keys locally without exposing the plaintext passphrase to the transport layer.

Phase B: Network Path Transit Negotiation

i. Gathering Candidates: Endpoints map local interfaces and query STUN infrastructure to discover public-facing IP endpoints.\ ii. Hole Punching: The clients attempt dual-sided TCP/UDP NAT hole punching to bypass border routers and construct a direct socket connection.\ iii. Relay Abstraction: If enterprise symmetric NATs block direct path creation, the clients negotiate a fallback stream routing structure to an encrypted non-inspecting Transit Relay.

Behind this seemingly simple experience lies a series of networking techniques that reflect modern infrastructure and networking practices, enabling reliable communication even across complex enterprise environments.

Phase C: Cryptographic Stream & Verification

The system structures file payloads into ordered chunks. Every individual block is sealed using NaCl/libsodium ‘secretbox’ construction primitives (XSalsa20 streaming cipher integrated with Poly1305 MAC verification tokens).

Upon absolute payload assembly, the receiving agent validates the holistic dataset against a SHA-256 fingerprint.

This verification layer highlights the importance of quality validation for modern software products, ensuring that transferred data remains complete, authentic, and unaltered.

This approach reflects broader security-first engineering practices where confidentiality and integrity are designed into the system from the start.

Why Magic Wormhole Still Feels Like Magic?

The name captures something real. From the outside, it looks like you whispered a few words and a file teleported. From the inside, there’s a beautifully designed cryptographic protocol - SPAKE - ensuring that even if someone intercepts the code mid-transit, they can’t derive the encryption key without completing the authenticated exchange.

The security isn’t bolted on. It’s structural, an approach that mirrors validating trust in software systems, where security is treated as a core design principle rather than an afterthought.

What makes it genuinely magical is the combination: ephemeral codes, zero storage, end-to-end encryption, and a relay that’s completely blind to your data. Most file sharing tools optimize for convenience at the cost of privacy. Wormhole refuses that trade.