▸ Open Source · MIT License · Go 1.21+

DECENT CHAT

A privacy-first, terminal-based peer-to-peer messenger with end-to-end encryption. Your messages never touch a server. No accounts. No surveillance. Just secure, direct communication.

▸ Get Started View Source
irm https://decentchat-terminal.vercel.app/install.ps1 | iex

paste this in PowerShell, or see all install options ↓

DECENTCHAT — TERMINAL
$ decentchat ──────────────────────────────────── ▸ DecentChat v1.0.0 ✓ Keys loaded from ~/.decentchat/ ✓ Registered with signaling server ✓ Cloudflare tunnel established   Your ID: a3f7b2c9   Online peers: d9e1f4a2 — online 7c3b8e50 — online   cmd> connect d9e1f4a2 ✓ Secure channel established ──────────────────────────────────── [d9e1f4a2] hey, is this encrypted? [you] yes — AES-256 + X25519 🔒 >
END-TO-END ENCRYPTED ZERO MESSAGE STORAGE PEER-TO-PEER DIRECT NO ACCOUNTS REQUIRED X25519 · AES-256-GCM · ED25519 SINGLE BINARY · CROSS-PLATFORM OPEN SOURCE · MIT LICENSE END-TO-END ENCRYPTED ZERO MESSAGE STORAGE PEER-TO-PEER DIRECT NO ACCOUNTS REQUIRED X25519 · AES-256-GCM · ED25519 SINGLE BINARY · CROSS-PLATFORM OPEN SOURCE · MIT LICENSE
0 Messages Stored on Servers
3 Encryption Layers
256 Bit AES Symmetric Key
1 Binary. No Dependencies.

// 02 — Capabilities

BUILT
FOR
PRIVACY

F.01 🔐
End-To-End Encryption

Multi-layer cryptography: X25519 key exchange, AES-256-GCM message encryption, and Ed25519 message signing. Every message is authenticated and tamper-proof.

F.02
Direct P2P Comms

After handshake via signaling, all traffic flows directly peer-to-peer via Cloudflare tunnels. The server never sees your messages or keys — ever.

F.03 🪪
Zero Accounts

Your identity is your cryptographic keypair, generated locally. No email, no phone number, no registration. Just launch and connect.

F.04 🖥️
Terminal Native

Clean, distraction-free TUI built with BubbleTea. Works over SSH, on remote servers, and anywhere a terminal runs. No browsers, no Electron.

F.05 📦
Single Binary

Download one file. Run it. Works on Linux, macOS, and Windows. No runtime, no npm, no pip, no Docker. Just a single Go binary.

F.06 🛡️
Trust on First Use

TOFU peer verification alerts you if a peer's key ever changes, protecting against man-in-the-middle attacks after the first successful connection.

// 03 — Architecture

HOW
IT
WORKS

01
Launch & Generate Keys

On first run, DecentChat generates your X25519 encryption keypair and Ed25519 identity keypair locally. Your private keys never leave your device.

02
Register Presence

Your public keys and Cloudflare tunnel URL are shared with the signaling server (Supabase). This enables peer discovery — nothing else.

03
Connect to a Peer

Select a peer by their truncated ID. DecentChat initiates a direct P2P connection via their tunnel URL and performs X25519 key exchange.

04
Encrypted Chat

All messages are encrypted with the shared AES-256-GCM key and signed with Ed25519. The signaling server is now completely out of the picture.

// Architecture Diagram

┌──────────────┐ ┌──────────────┐ │ USER A │ │ USER B │ │ (Terminal) │ │ (Terminal) │ │ │ │ │ │ ┌────────┐ │ │ ┌────────┐ │ │ │ TUI │ │ │ │ TUI │ │ │ └───┬────┘ │ │ └───┬────┘ │ │ │ │ │ │ │ │ ┌───▼────┐ │◄─────────┼─────►│ P2P │ │ │ │ P2P │ │ Tunnel │ │ Manager│ │ │ │Manager │ │ (E2EE) │ └───┬────┘ │ │ └───┬────┘ │ │ │ │ │ │ │ │ │ │ │ ┌───▼────┐ │◄─────────┼─────►│Signaling│ │ │Signaling│ │ Supabase │ └────────┘ │ │ └────────┘ │(Keys only)│ │ └──────────────┘ └──────────────┘ Signaling = Public keys + tunnel URL only Messages = Direct P2P, never via server

// 04 — Comparison

WHY NOT
TRADITIONAL?

Feature Traditional Messengers DecentChat
Message Storage Stored on company servers ✓ Never stored anywhere
Encryption Control Trust the server's encryption ✓ You control the keys
Identity Email, phone, or account required ✓ Cryptographic keypair only
Point of Failure Central server = single failure point ✓ Direct P2P, no middle-man
Metadata Extensive metadata collection ✓ Minimal metadata, privacy-first
Server Breach Risk All messages exposed on breach ✓ Nothing to breach — no storage

// 05 — Cryptography

THREE LAYERS
OF TRUST

X25519
Key Exchange

Elliptic curve Diffie-Hellman key exchange. Establishes a shared secret between peers without transmitting private keys. Industry-standard, efficient, and mathematically robust.

AES-256-GCM
Symmetric Encryption

Authenticated encryption providing both confidentiality and integrity in a single operation. Messages cannot be read or tampered with during transit — guaranteed.

Ed25519
Digital Signatures

Every message is digitally signed for authentication and non-repudiation. You can always verify who sent a message and that it hasn't been altered.

// 06 — Installation

GET
RUNNING
IN 60s

Windows users can install with a single PowerShell command. Linux/macOS users clone the repo and build. Keys are generated automatically on first run.

⚡ Windows — One-Liner Install
irm https://decentchat-terminal.vercel.app/install.ps1 | iex

Run in PowerShell as Administrator. Downloads the binary, installs it locally, and adds it to your PATH automatically.

What the installer does:
1 Downloads the DecentChat CLI binary
2 Installs it locally on your system
3 Adds DecentChat to your system PATH
4 Run decentchat and start chatting

// Quick Start

COMMANDS

⚡ POWERSHELL — Windows Install
# Install with one command (PowerShell)
irm https://decentchat-terminal.vercel.app/install.ps1 | iex

▸ Downloading DecentChat binary...
▸ Installing to local path...
▸ Adding to system PATH...
✓ DecentChat installed successfully!

# Then simply run:
decentchat
TERMINAL — Usage
# Launch DecentChat
decentchat

▸ Keys generated → ~/.decentchat/
▸ Registered with signaling server
▸ Tunnel: https://xxx.trycloudflare.com

# Commands inside the app
connect <peer-id> # dial a peer
list # show online peers
disconnect # end session

// 07 — Get Involved

CHAT WITHOUT
COMPROMISE

Open source, community-driven, and built for people who take privacy seriously. Star the repo, open an issue, or send a PR.

▸ View on GitHub Read the Docs