Skip to content

alsultaneo/v2v

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
api.php
api.php
 
 
chat.js
chat.js
 
 
config.php
config.php
 
 
crypto.js
crypto.js
 
 
index.php
index.php
 
 
main.css
main.css
 
 
main.php
main.php
 
 
room.css
room.css
 
 
room.php
room.php
 
 
server.php
server.php
 
 

Repository files navigation

v2v — Zero-Knowledge Encrypted Chat

Private encrypted chat rooms that self-destruct in 24 hours. No accounts. No logs. No trace.

Live demo: v2v.site

How it works

  1. Open the site — click Create Encrypted Room
  2. Share the 6-digit room code with whoever you want
  3. Chat with text, voice messages, and photos
  4. Everything auto-deletes after 24 hours

No registration. No email. No phone number.

Encryption

All encryption happens in the browser using the Web Crypto API. The server never sees plaintext.

  • Algorithm: AES-256-GCM
  • Key derivation: SHA-256 of room ID + salt, derived client-side
  • Files: Encrypted as binary blobs before upload — server stores only ciphertext
  • Participants: Nicknames are encrypted before being sent to the server
  • Key transport: The room key never leaves the browser. Share rooms via the "Copy Secure Link" button which embeds the key in the URL fragment (#key=...) — fragments are never sent in HTTP requests

What the server sees

Data What server stores
Messages AES-256-GCM ciphertext only
Files Encrypted binary blob
Nicknames Encrypted
IP address SHA-256 hashed (salted, not reversible)
Room key Never — key stays in browser

Features

  • Text messages, emoji
  • Voice messages (recorded in browser, encrypted before upload)
  • Photo sharing (encrypted before upload)
  • Participant list (encrypted nicknames)
  • Delete individual messages
  • Drag & drop file upload
  • Paste images from clipboard
  • Mobile-first design (iOS & Android optimized)
  • Long-poll real-time delivery
  • Auto-delete rooms after 24h of inactivity

Self-hosting

Requirements: PHP 7.4+, Apache or Nginx, write permissions on the project directory.

git clone https://github.com/YOUR_USERNAME/v2v.git
cd v2v
chmod 755 .

Point your web server document root to the project folder. No database needed — rooms are stored as JSON files.

Apache — make sure mod_rewrite is enabled. The project works without .htaccess changes.

Nginx example:

server {
    root /var/www/v2v;
    index index.php;
    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Configure in config.php:

define('ETH_ADDRESS', 'your_eth_address');  // donation address
define('ROOM_TTL',    86400);               // 24h in seconds
define('RATE_LIMIT_MAX', 80);              // requests per minute per IP
define('MAX_FILE_SIZE', 10 * 1024 * 1024); // 10 MB

Project structure

v2v/
├── index.php          # Entry point — routing
├── api.php            # All API endpoints + form handlers
├── server.php         # Core functions: logging, rate limiting, cleanup
├── config.php         # Configuration constants
├── views/
│   ├── main.php       # Landing page HTML
│   └── room.php       # Chat room HTML
└── assets/
    ├── crypto.js      # AES-256-GCM encryption engine (Web Crypto API)
    ├── chat.js        # Chat logic: send, poll, render, voice, files
    ├── main.css       # Landing page styles
    └── room.css       # Chat room styles

Directories created automatically at runtime:

rooms/      — room JSON files
uploads/    — encrypted file blobs
admin/      — analytics (server-side only)
ratelimit/  — rate limit counters
v2v/        — action logs (hashed IPs only)

API

The API is fully documented at runtime:

GET /index.php?api=1&action=api_schema
Endpoint Description
POST ?api=1&action=create_room Create a new room
POST ?api=1&action=send_message&room=ID Send encrypted message
GET ?api=1&action=get_messages&room=ID&last_id=0 Long-poll for new messages
GET ?api=1&action=get_history&room=ID Last 100 messages
POST ?api=1&action=upload_file&room=ID Upload encrypted file
POST ?api=1&action=add_participant&room=ID Register encrypted nickname
GET ?api=1&action=get_participants&room=ID Active participants
GET ?api=1&action=room_info&room=ID Room metadata
POST ?api=1&action=ping&room=ID Keepalive

Security notes

  • Room IDs are 6-digit numeric codes — not a secret, just a rendezvous point
  • The actual encryption key is derived from the room ID in the browser; sharing the room ID with someone means they can read the messages
  • For higher security, use "Copy Secure Link" which includes a randomly generated key in the fragment
  • Rate limiting: 80 requests per minute per IP
  • File size limit: 10 MB per file
  • Maximum 500 messages stored per room
  • Rooms auto-expire after 24h of inactivity

License

MIT — free to use, modify, and self-host.

Built because I was tired of messengers that know too much.

About

Zero-knowledge encrypted chat. AES-256-GCM. No accounts. Auto-deletes in 24h.

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages