Initializing secure session
No accounts · No servers after connection · No storage

TERMINAL Encrypted MESSENGER.

Most "secure" messengers still phone home.
DecentChat doesn't. Your keys, your tunnel,
your session — gone when you close it.

decentchat@tty — ~/secure
$ decentchat --init
Scroll
X25519 key agreement AES-256-GCM sealed box Ed25519 signatures TOFU peer pinning Cloudflare Tunnel direct P2P Zero message storage Terminal native TUI Go single binary Perfect forward secrecy X25519 key agreement AES-256-GCM sealed box Ed25519 signatures TOFU peer pinning Cloudflare Tunnel direct P2P Zero message storage Terminal native TUI Go single binary Perfect forward secrecy
00 // ORIGIN
Why this exists

Built because I didn't trust the alternatives.

I got tired of "private" messaging apps that still need your phone number, still run on someone else's servers, still log connection metadata. Every account is a liability. Every server is a target.

DecentChat started as a weekend experiment — can two machines talk directly, end-to-end encrypted, with no persistent infrastructure? It turned into a full P2P layer. The signaling server touches nothing but session descriptions. After handshake, it's gone from the picture entirely.

"If your identity is tied to a phone number, it's not private."
"Servers should not exist after connection."
"Privacy shouldn't require trust."
01 // HOW IT WORKS
Step by step

No magic. Just four steps.

01
Discovery
Both peers connect to a stateless signaling server. It exchanges only encrypted session descriptions and ICE candidates. No messages pass through it — ever.
signaling server
02
Verification
Ed25519 fingerprints are exchanged and pinned (TOFU). If a peer's key ever changes, you get an immediate MITM alert. You trust a key once. After that, it's locked.
Ed25519 · TOFU
03
Tunnel
X25519 ECDH establishes a shared secret. AES-256-GCM encrypts every frame. Cloudflare Tunnel handles NAT traversal — the signaling server is now out of the loop completely.
X25519 · AES-256-GCM
04
Communication
Direct P2P. No server involvement. Session keys are ephemeral — each conversation generates new keys. When the session ends, everything is gone. Nothing persists.
perfect forward secrecy
02 // NETWORK TOPOLOGY
Module 02

Hybrid signaling + direct mesh.

The signaling server does one thing: helps two peers find each other. It sees only encrypted session descriptions — no payloads, no identities, no IPs in plaintext.

Once the Cloudflare tunnel is established, the server is completely excluded. It could go offline mid-session and you'd never notice.

TODO: improve NAT traversal reliability on some campus/corporate networks. Edge case exists.

USER A key: 0x9f3a… USER B key: 0xb771… E2EE TUNNEL SIGNALING RELAY stateless · pubkey exchange only signaling only
03 // TRADEOFFS
Honest assessment

Good for some things. Not for others.

Good for
  • Two devs on the same network talking without internet
  • Journalists exchanging messages without metadata trails
  • Temporary comms that genuinely disappear after the session
  • Anyone who can't or won't hand over a phone number
  • Scripted / automated secure communication pipelines
Not great for
  • Message history — there isn't any, by design
  • Non-technical users — CLI-first, no GUI
  • Unstable network conditions — P2P degrades under packet loss
  • Account recovery — lose your keypair, lose your identity
  • Group chats — currently 1:1 only
04 // DEPLOYMENT
Module 04

One command. Any platform.

Keys are generated locally and never leave your machine. No registration step. Run it, and you have an identity.

PowerShell · Windows
# Run in PowerShell (as Administrator) irm https://chat.teamxebec.xyz/install.ps1 | iex
Downloads the signed binary, verifies the checksum, and adds decentchat to your PATH automatically.
curl · Linux / macOS
curl -LO https://github.com/hiwarkhedeprasad/decentchat-terminal/releases/latest/download/decentchat chmod +x decentchat sudo mv decentchat /usr/local/bin/ # run: decentchat
go build · from source
git clone https://github.com/hiwarkhedeprasad/decentchat-terminal.git cd decentchat-terminal go build -o decentchat . ./decentchat