Skip to content

MurungaOwen/ephemeral_chat_app

BranchesTags

Repository files navigation

Ephemeral Chat Application

Overview

This is a secure, anonymous, and ephemeral chat application designed for privacy-focused communication. It features end-to-end encryption where messages are encrypted on the client side before transmission and storage. Messages are automatically deleted from the server immediately after being viewed by the recipient, ensuring no permanent record remains.

Screenshots

Screenshot 1 Screenshot 2 Screenshot 3

Key Features

  • Anonymous Communication: No user accounts, logins, or personal data collection. Users join rooms using shared codes.
  • End-to-End Encryption: Messages are encrypted using AES-256-GCM with keys derived from the room code. The server cannot decrypt messages.
  • Ephemeral Messaging: Messages are permanently deleted from the database once the recipient confirms they have been viewed.
  • Real-Time Updates: Instant message delivery and typing indicators using WebSocket technology.
  • Secure Architecture: Double-layer encryption (client-side and server-side at rest) and secure room code hashing.

Technology Stack

  • Backend: Node.js, Express, WebSocket (ws)
  • Database: PostgreSQL
  • Frontend: HTML, CSS, JavaScript (Web Crypto API)

Architecture

Data Flow

  1. Room Creation: A user generates a room code. The code is hashed (SHA-256) and stored in the database to identify the room.
  2. Key Derivation: The room code is used to derive a symmetric encryption key on the client side using PBKDF2. This key never leaves the client.
  3. Message Sending:
    • The sender encrypts the message content with the derived key.
    • The encrypted payload is sent to the server via WebSocket.
    • The server adds a second layer of encryption (at-rest) and stores it in PostgreSQL.
    • The server broadcasts a notification to other users in the room.
  4. Message Receiving:
    • The recipient receives the notification and requests the message.
    • The server decrypts the at-rest layer and sends the client-encrypted payload.
    • The recipient decrypts the payload using their derived key.
    • Once displayed, a confirmation is sent to the server, triggering immediate deletion of the message record.

Security Model

  • Client-Side Encryption: Ensures the server provider cannot read message contents.
  • At-Rest Encryption: Protects data in case of database compromise.
  • No Logs: The application does not maintain access logs or message history.

Setup and Installation

  1. Prerequisites: Node.js (v14+) and PostgreSQL.
  2. Installation: 
    npm install
  3. Database Setup: Ensure PostgreSQL is running and create a database named ephemeral_chat. 
    CREATE DATABASE ephemeral_chat;
  4. Configuration: Set the following environment variables (optional, defaults provided):
    • PORT: Server port (default: 3000)
    • PGHOST, PGPORT, PGDATABASE, PGUSER, PGPASSWORD: Database connection details.
    • ENCRYPTION_KEY: Server-side encryption key (32 bytes hex).
  5. Running the Application: 
    npm start

Usage

  1. Open the application in a web browser.
  2. Click "Generate New Code" to create a chat room.
  3. Share the generated code with another person securely.
  4. The other person enters the code to join the room.
  5. Messages sent will appear as encrypted cards. Click to decrypt and view.
  6. Messages disappear automatically after viewing.

About

Ephemeral Chat is a privacy-first messaging system where messages are end-to-end protected and automatically deleted once viewed. No message history, no tracking, no permanent storage just secure, temporary communication.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages