OneChat

End‑to‑end encrypted messaging

Privacy.
Beautifully sealed.

Your account is a keypair born in your browser. Every message is encrypted on your device before it is sent — the server carries your messages, but it can never read them.

ECDH P‑256 · AES‑256‑GCM · private keys never leave your device unencrypted

How a message gets sealed

  1. 01

    Keys are born in your browser

    When you register, your device forges an ECDH keypair. The public half is published under your username. The private half is encrypted with your password before it is backed up — the server only ever holds a sealed copy.

  2. 02

    Messages are sealed to your contact

    Your key and their key agree on a secret no one else can compute. Each message is sealed with AES‑256‑GCM under that secret, with a fresh nonce every time, before it leaves your device.

  3. 03

    The courier can't read the mail

    The server relays and stores ciphertext only. Flip on Server view in any conversation to see exactly what it sees — and nothing more.

Trust is a fingerprint,
not a promise.

Every keypair has a fingerprint — a short code you can read to a friend over a call. If it matches, you are talking to them and no one in between. If a contact's key ever changes, OneChat warns you before you send another word.