About

G-Whisper is a PHP and Javascript based chat with end-to-end encryption. The database will only contain your encrypted messages, and will have no knowledge of the decryption key. Usernames are also encrypted in the database. Encryption is provided using 256-bit AES-GCM.

Usage

Create a chatroom, copy the URL of the chatroom and send it to your friend.

How it works

When you create a chatroom with a custom password, the encryption key will be derived with pbkdf2. The generated room ID will be used as a salt for pbkdf2. If no custom password is entered, the key will be randomly generated. When the chatroom is created with a random key, the key will be stored in the URL itself. It will look something like this;

whisper.glitcher.me/chatroom.php?id=27SJrBVkQCsQFaCnjU94#1BZX3QOXF78qq0r9HgZk1AeZK-sKkX3VZVKf40VdE6A

The purple part is the key itself encoded with base64. Green part is the room ID. The room ID will always be present, however the encryption key will be in the URL only when using a random key. When using a custom password, users will be required to enter the password upon joining a chatroom. The URL has a hashtag before the key so it won't be sent to the server. Even if you have access log enabled on the web server, only the room ID will be seen in the logs.