// SECURE · PRIVATE · SELF-HOSTED

CIPHER//NET

END-TO-END ENCRYPTED CHAT

No servers. No accounts. No tracking.
Your identity is a cryptographic keypair generated in your browser. Messages are encrypted with AES-256-GCM, signed with ML-DSA-65, and DMs use ML-KEM-768 key encapsulation — post-quantum by default. Nothing leaves your device unencrypted.

LAUNCH APP VIEW SOURCE
cipher//net — secure session
>generating ML-DSA-65 keypair [FIPS 204]...
✓ PQ signing keypair ready · fp:a3f8c21d
✓ ML-KEM-768 DM keypair ready [FIPS 203]
>deriving channel key [#general]...
✓ AES-256-GCM active · PBKDF2-SHA256 · 200k iter
>incoming message from fp:7b2e9f14
✓ decrypted · ✓ ML-DSA-65 signature valid ⚛
"the transmission is quantum-resistant"
>status
✓ CIPHER//NET ONLINE · PQ CRYPTO ACTIVE · ZERO SERVERS
ML-DSA-65PQ Signing · FIPS 204
ML-KEM-768PQ Key Exchange · FIPS 203
AES-256-GCMSymmetric Encryption
PBKDF2 · SHA-256Key Derivation
RSA-4096PGP / GPG Export
Web Crypto APIZero Server Dependencies
// capabilities
WHAT IT DOES
[🔑]
Keypair Identity
Your account is a public/private keypair generated entirely in your browser. No email, no password, no server. Your private key is shown once and never stored.
[🔒]
Channel Encryption
All channel messages encrypted with AES-256-GCM. Keys derived via PBKDF2 (200,000 iterations) from a shared passphrase. No key, no read.
[📨]
ECDH Direct Messages
DMs use ECDH P-256 key exchange. Both parties derive the same AES-256-GCM key independently — no key is ever transmitted.
[✍]
Signed Messages
Every message is signed with your private key. Default: ML-DSA-65 (post-quantum, FIPS 204). Classical: ECDSA P-256/P-384 or RSA-PSS. Each message shows ✓ SIGNED or ✗ INVALID.
[⚛]
Post-Quantum Cryptography
Default signing uses ML-DSA-65 (FIPS 204) and DM key exchange uses ML-KEM-768 (FIPS 203) — both NIST-standardised, quantum-computer resistant. Classical algorithms still available for compatibility.
[🐧]
PGP / GPG / Kleopatra
Export an RSA-4096 OpenPGP keypair importable into GPG and Kleopatra. Import existing GPG keys. Encrypt and decrypt PGP messages directly in the app.
[🧅]
OnionShare / Tor Ready
Zero external requests. No CDN. Fully compliant with OnionShare's strict Content Security Policy. Deploy as a .onion site in minutes.
[📱]
Installable PWA
Installs to your home screen on Android and iOS as a Progressive Web App. Runs fullscreen, works offline after first load.
[🛡]
Screen Protection
Text selection and right-click blocked. Screen blanks when window loses focus. PrintScreen triggers a screenshot warning. Keyboard shortcuts for save/print suppressed.
[💾]
Encrypted Key Export
Private keys can be exported AES-256-GCM encrypted with a password (PBKDF2, 300k iterations). Safe to store in notes or cloud. Useless without the password.
READY TO TRANSMIT?
// No account needed. Generate a keypair and you're in.
LAUNCH CIPHER//NET DOWNLOAD ZIP GITHUB REPO
// support the project
DONATE

CIPHER//NET is free, open source, and will always be.
If it's useful to you, a small contribution keeps development going.

Bitcoin (BTC) — Native SegWit
bc1qrr2tcdmz9ktf3ss73gc6g427k7x90zvdn5jd59
// scan QR or copy address · Bitcoin network only