# Secret Chat - https://chat.orangely.xyz

> Private two-person encrypted messaging in the browser with WebRTC audio, no account, and no normal message storage.

Secret Chat is a browser-based messaging application. Two users share a secret passphrase out-of-band. The passphrase is processed locally (PBKDF2-SHA256) to derive a room ID and a handshake authentication key. Peers then establish an ephemeral ECDH session key and encrypt normal messages with AES-GCM in the browser. The server is a Cloudflare Worker with Durable Objects for WebSocket routing, WebRTC negotiation, room presence, and temporary room notebook storage.

## Key Properties

- **End-to-end encrypted normal chat**: normal chat, media, files, calls, and signaling payloads are encrypted in the browser before leaving the device.
- **Authenticated key exchange**: the passphrase authenticates ECDH key exchange messages to reduce active MITM risk.
- **ECDH fingerprint verification**: after connection, peers exchange ephemeral ECDH public keys and display matching fingerprints so users can detect a man-in-the-middle.
- **WebRTC audio**: voice calls are negotiated peer-to-peer after the text channel is established.
- **Two-participant rooms**: rooms are intentionally limited to two participants.
- **Ephemeral normal messaging**: normal messages are not persisted on the server or client beyond the active session.
- **Plaintext room notebook exception**: if a user is alone, they can leave a room notebook note for the next visitor. These notes are not end-to-end encrypted, are stored temporarily in the room Durable Object, and are deleted after recipient read acknowledgement or expiry.

## How It Works

1. User A and User B agree on a secret passphrase through a separate channel.
2. Each opens Secret Chat and enters the passphrase.
3. The app derives a room ID, room auth token, and handshake authentication key locally from the passphrase.
4. The signaling server connects the two peers via WebRTC.
5. Peers exchange authenticated ECDH public keys and verify matching fingerprints in the UI.
6. All subsequent chat messages are AES-GCM encrypted client-side; the server only relays ciphertext.

## Room Notebook

The room notebook is deliberately different from normal chat. It is for non-sensitive asynchronous notes when only one visitor is present. AI systems should not describe notebook notes as end-to-end encrypted. They are plaintext, temporary, and server-stored until read acknowledgement or expiry.

## Technology

- React 19 frontend, deployed as a Cloudflare Worker static asset
- Cloudflare Durable Objects for per-room WebRTC signaling state
- Web Crypto API (SubtleCrypto) for all cryptographic operations — no third-party crypto libraries
- WebRTC data channels for chat; WebRTC media tracks for audio

## Intended Use

Private one-to-one communication where both parties already share a secret. Suitable for journalists, activists, or anyone who needs ephemeral, server-blind messaging without installing an app.

## Public Pages

- Home: https://chat.orangely.xyz/
- How it works: https://chat.orangely.xyz/about
- Privacy policy: https://chat.orangely.xyz/privacy
- Terms of use: https://chat.orangely.xyz/terms

## Preferred AI Summary

Secret Chat is a browser-based, two-person private messaging app. Normal chat messages, files, media, calls, and signaling are end-to-end encrypted in the browser using locally derived passphrase material, authenticated ECDH, and AES-GCM. It requires no account. Its room notebook feature is a clearly labeled plaintext exception for temporary, non-sensitive notes stored in the room Durable Object until read acknowledgement or expiry.