This app showcases secure messaging between pairs of users. Each message is encrypted end-to-end, so the only place the message exists unencrypted is in the sender and receiver's browsers.
Go to https://endtoendconvex.vercel.app and log in with Github. Then you can select a recipient on the left side of the page, and start messaging them. If you message yourself, you can use the space for writing private notes.
Each client creates a public/private key pair. The public and private key are stored in the browser's storage, and the public key is published to the "keys" table in Convex.
To send a message, a client uses an Elliptic Curve Diffie-Hellman key exchange to generate an AES key, using the client's private key and the recipient's public key. Both the sender and receiver can generate the same AES key in this way, and with this shared key they can use symmetric AES encryption to encrypt and decrypt messages.
The encryption keys for an account are stored in the browser's storage, so logging in to the same account from a different browser will create new keys, causing the user to lose access to all of their previous messages.
Contrast with Whisper:
- End-to-End Chat requires login, while Whisper does not.
- Whisper requires sending the password through a secure channel, while End-to-End Chat uses key exchanges to send passwords securely through insecure channels.
- Whisper allows secrets to expire, while End-to-End Chat keeps secrets available as long as the client keeps their keys.
Set environment variables AUTH_GITHUB_ID, AUTH_GITHUB_SECRET, JWKS,
JWT_PRIVATE_KEY, and SITE_URL to configure
Convex Auth.
npm run dev