About

MyCryptoChat is a PHP and Javascript based chat with end-to-end encryption. The database will only contain your encrypted messages, and will have no knowledge of the decryption key. Usernames are also encrypted in the database. Encryption is provided by the Stanford Javascript Crypto Library, using 256-bit AES-GCM.

The source-code for the website is available on GitHub

This is a rework of MyCryptoChat v1.0.4 by HowTommy

Usage

Create a chatroom, copy the URL of the chatroom and send it to your friend.

How it works

When you create a chatroom with a custom password, the encryption key will be derived with pbkdf2. The generated room ID will be used as a salt for pbkdf2. If no custom password is entered, the key will be randomly generated. When the chatroom is created with a random key, the key will be stored in the URL itself. It will look something like this;

mycryptochat.org/chatroom.php?id=27SJrBVkQCsQFaCnjU94#1BZX3QOXF78qq0r9HgZk1AeZK-sKkX3VZVKf40VdE6A

The purple part is the key itself encoded with base64. Green part is the room ID. The room ID will always be present, however the encryption key will be in the URL only when using a random key. When using a custom password, users will be required to enter the password upon joining a chatroom. The URL has a hashtag before the key so it won't be sent to the server. Even if you have access log enabled on the web server, only the room ID will be seen in the logs.

If you want to host MyCryptoChat yourself, and maintain user privacy. I recommend you disable access logs on your web server. You can connect IP addresses to the right rooms if you don't the disable access logs. MyCryptoChat itself does not log or use IP addresses in any way.