End-to-end encrypted messaging secured by your device's hardware keys. No accounts. No metadata. No server-side storage.
Private keys live in your Mac's Secure Enclave. They never leave the chip — not even the OS can extract them.
Secure Enclave ML-KEM-1024 (NIST FIPS 203) layered on SE P-256 ECDH. Both keys in hardware, protected against quantum attacks today.
Every message uses a unique ephemeral key. Compromising one message reveals nothing about any other.
No sign-ups, no phone numbers, no contact lists stored anywhere. Just a public key and a relay.
The relay is a stateless WebSocket forwarder. It cannot read, store, or correlate messages. Run your own in one command.
A proper CLI with ANSI colors, timestamps, and styled output. Works over SSH, in tmux, everywhere a terminal runs.
┌────────────────────────────────────────────────────┐ │ 121 — Secure Chat │ ├────────────────────────────────────────────────────┤ │ relay wss://krypter.info/s │ │ you A8Fa..Ohl- │ │ peer A2iq..p-B │ └────────────────────────────────────────────────────┘ 14:32:01 waiting for peer... 14:32:03 connected — PQ handshake complete 14:32:03 verify a3f1 0b7c 92d4 e8f0 14:32:15 you > hey, is this thing working? 14:32:18 peer > loud and clear. fully encrypted. 14:32:24 you > nice. no accounts, no trace. > _
A P-256 key pair is created inside your device's Secure Enclave — the private key never leaves the chip. Your compressed public key is your identity.
Share your base64url public key with your peer through any channel. That's the only setup needed.
Both peers connect to the same WebSocket relay. A shared room code is derived from the key pair — only matching peers join the same room.
Secure Enclave ML-KEM-1024 (NIST FIPS 203, highest security level) is layered over SE P-256 ECDH. Both keys live in hardware. The combined shared secret resists classical and quantum attacks — even if one primitive breaks, the other still protects you.
Each message is encrypted with AES-256-GCM using a unique ephemeral key derived via HKDF, providing perfect forward secrecy. The relay sees only opaque ciphertext.
Zero knowledge relay. The server is a dumb pipe. It forwards encrypted bytes between two WebSocket connections. It holds no keys, no history, no user data.
Keys never leave hardware. Secure Enclave keys are non-exportable by design. Signing and key agreement happen inside the chip.
No trust required. You don't trust the relay, the network, or us. Security comes from math and hardware, not promises.
Ephemeral by default. Chat history lives only in your terminal scrollback. Close the window and it's gone.
Run your own relay. Self-hosting takes one command. Your traffic never needs to touch infrastructure you don't control. Relay source code →