CipherChat
A full-stack secure messaging application built from scratch using React Native (Expo) and a minimal Node.js WebSocket server. Messages are encrypted on-device using X25519 + XSalsa20 and never stored or readable on the server, ensuring true end-to-end privacy.
The Challenge
Designing a messaging system where the server never has access to plaintext messages required building encryption, key exchange, and message delivery logic entirely on the client while keeping real-time communication reliable.
The Solution
Implemented end-to-end encryption using X25519 key exchange and XSalsa20-Poly1305 via tweetnacl. Built a lightweight WebSocket signaling server that only routes ciphertext and maintains in-memory state for connections and offline queues, with no database or message storage.
Key Outcomes
- True end-to-end encryption with zero plaintext exposure on server
- Real-time messaging with delivery receipts and typing indicators
- Offline message queuing with automatic delivery on reconnect
- Secure local storage using SQLite with encrypted payloads
- Minimal backend (~200 lines) with no database and reduced attack surface