['https://chat-app-one-teal-30.vercel.app/']
- Frontend: React + Vite + Tailwind CSS
- Backend: WhisperBox API (https://whisperbox.koyeb.app)
- Encryption: Web Crypto API
- On register: RSA-OAEP keypair generated on client
- Private key wrapped with AES-GCM derived from password via PBKDF2
- Only wrapped private key + public key sent to server
- On send: message encrypted with random AES-GCM key
- AES key encrypted with recipient RSA public key
- Server stores only ciphertext — never sees plaintext
- Private key: Never leaves the device, stored in IndexedDB
- Public key: Stored on server for key exchange
- Wrapping key: Derived from password using PBKDF2 (100,000 iterations)
- Salt: Randomly generated, stored on server
Client Server ────── ────── Generate RSA keypair Wrap private key (AES-GCM) → Store wrapped key + public key Store encrypted messages Encrypt message (AES-GCM) → Forward ciphertext only Decrypt with private key ← Return ciphertext
- Private key in IndexedDB: Cleared on logout, never in localStorage
- Password-based wrapping: Security depends on password strength
- No perfect forward secrecy (bonus feature)
- Login requires username (not email)
- Private keys lost if browser storage cleared
- No multi-device support
- React + Vite
- Tailwind CSS
- Web Crypto API (native browser)
- IndexedDB for key storage
- WebSocket for real-time messaging
- RSA-OAEP + AES-GCM hybrid encryption