CHATCRYPT The Secure Channel

Welcome to ChatCrypt

A real end-to-end encrypted group chat which does not store anything in the cloud. No databases, no accounts, no chat logs.

Aimed for those who want to be sure that their conversations kept private and prefers increased security over fancy features. It does not try to replace popular messaging applications, but to provide an alternate secure channel for confidential discussions.

OPEN CHAT CLIENT

Introduction

Our goal was to create an anonymous chat platform which can be safely used over inspected infrastructures and conversations cannot be recovered even if the server is being seized or someone got interrogated.

We have ended up with a unique solution which does not require any sort of data storage and assures that messages cannot be decrypted even with the complete knowledge of the server contents, network traffic, and provided secret passwords.

Highlights

Triple encryption - Messages are protected by two additional security layers on top of the standard TLS protocol.

Outstanding privacy - Conversations happen without providing any personal detail or account.

Real-time messaging - Every data exchanged immediately between the parties, nothing is queued or stored even for a single second.

How it works

The client application establishes a WebSocket (over TLS) connection with the chat server then they create an additional encrypted layer using ECDH for key exchange and AES-256 for ciphering. During key exchange messages from the server are RSA signed and being verified by the client to make sure it is not connecting to a forged destination. This second layer also prevents transparent proxies (with own CA certificates installed on the client) from inspecting their communication.

Once the server connection is secured it joins the given channel and starts building up end-to-end encrypted layers with each individual member using ECDH for key exchange and ChaCha20-Poly1305 for ciphering. Shared ECDH keys are combined with the provided channel passwords which results in unique and one-time encryption keys between the parties. These keys cannot be reconstructed even with the knowledge of the second layers decrypted network traffic and the secret passwords. Additionally, this method ensures that members entering the same channel with a different password cannot communicate with each other.

Worth mentioning that the channel password never leaves the client, the username is only transmitted over the third layer among the members, and the channel name is received by the server in an SHA-256 hashed form through the second layer.

Source code

We may provide the source code of the server and client application upon a well-founded request (e.g. educational use, security audit).

Privacy policy

The privacy of our visitors is of extreme importance to us. This section outlines the types of personal information is received and collected by this website and how it is used.

This website makes use of web server log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track user's movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

We also use cookies provided by trusted third parties. This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

Data retention

Web server log files are deleted after 90 days.

Google Analytics on this website is set to store data that is associated with cookies, user identifiers, or advertising identifiers for up to 14 months (currently the lowest option).

If you require any more information or have any questions about our privacy policy, please feel free to contact us.

Terms of use

Be advised that ChatCrypt is a hobby project and provided "as is", without warranty of any kind.

However, there were no complaints so far.

Contact us

Email: contact@chatcrypt.com

Please feel free to contact us with any questions or suggestions.