Skip to content
/ CipherChat Public

E2E Messaging app using AES-256 based custom Multi-layer Symmetric Encryption. Secure, Private, Serverless, Decentralized, Open Source.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ProCoder1199X/CipherChat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

CipherChat πŸ”

  • Encrypted Messaging App using AES-256 Based Multi-Layer Symmetric Encryption* Secure. Private. Serverless. Open Source.

More secure C++ version is avaliable here

🧠 What is CipherChat?

CipherChat is a Progressive Web App (PWA) designed to provide the highest level of end-to-end encrypted messaging, using a custom AES-256 based symmetric encryption model. The chat session is temporary and peer-to-peer (via WebSocket), with no message storage, and no account sign-ups.

  • πŸ’¬ Real-time encrypted chat
  • πŸ›‘οΈ AES-256 Multi-layer Encryption
  • πŸ”‘ No accounts or passwords
  • πŸ”’ No messages stored on server
  • πŸ“± Mobile & desktop support (PWA)
  • 🚫 Zero Ads, Zero Tracking

πŸ” How Encryption Works

CipherChat uses symmetric encryption based on AES-256 with multiple cryptographic layers and transformations.

Step-by-Step Encryption Flow:

  1. Session Key Generation:

    • The host (user 1) creates a temporary chat session token, which acts as the secret key.

  2. Encryption of Messages:

    • Every message is:
      • Padded and base64-encoded.
      • Encrypted using AES-256 (CBC mode).
      • Hashed + Salted to produce integrity checksum.
      • Then encoded again for transmission.

  3. Decryption on Recipient Side:

    • The same session key (shared securely via QR/token) decrypts the message on the client side.

  4. WebSocket Transport:

    • All encrypted messages are transmitted via secure WebSocket (WSS), never stored on disk or server.

❗ Session Key is never stored or sent to the server. If a user closes the session or deletes the token, the chat becomes inaccessible.

πŸ” Security Breakdown

Layer Security Feature
πŸ”‘ AES-256 Military-grade encryption
πŸ§‚ Salting Prevents dictionary attacks
πŸ” Multi-layer cipher steps Adds noise and entropy
πŸ§ͺ Integrity Hash Detects tampering
🌐 WSS Secure network layer
❌ No message logging Eliminates backend leaks

⚠️ How Secure Is This?

CipherChat uses symmetric AES-256 β€” the standard used by governments, militaries, and banks. Combined with:

  • No user data collection
  • No cloud message storage
  • No login metadata
  • Temporary sessions

…this makes it one of the most secure and lightweight encrypted messaging apps available.

Even if a server is compromised, messages can't be decrypted without the session key.

πŸ“¦ Tech Stack

🧩 Future Plans

  • πŸ”„ True P2P with NAT traversal (like TOR)

  • πŸ” Add voice & file encryption

  • πŸ’Ό Pro version for business users

🀝 License

  • MIT License β€” Free and open-source forever.

πŸ“£ Developed By

DheerajKumar

About

E2E Messaging app using AES-256 based custom Multi-layer Symmetric Encryption. Secure, Private, Serverless, Decentralized, Open Source.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published