Secure
Messaging App
End-to-end encrypted chat built for a cryptography course. AES-GCM encrypts messages, RSA protects the key exchange, and a custom PKI handles user identity. No plaintext leaves the client.
One primitive per concern: AES-GCM for message confidentiality and integrity, RSA for key distribution, Scrypt for passwords at rest, PKI for identity. Each layer does one job and nothing else.
The server ends up with ciphertext, wrapped keys, and signatures. It can't read any of it.
Authenticated symmetric cipher. Encrypts message bodies and detects tampering via the authentication tag.
Asymmetric encryption wraps the AES session key with the recipient's public key. Only they can unwrap it.
Messages are signed with the sender's private key. Recipients verify the signature against the PKI-issued certificate.
A full certificate authority handles user registration, certificate issuance, and lifecycle management.
Register
Create an account and receive a PKI-issued certificate bound to your public key.
Encrypt
A random AES-GCM key encrypts the message body. RSA wraps that key for the recipient.
Transmit
Ciphertext, wrapped key, and digital signature are stored in SQLite.
Decrypt
Recipient verifies the signature, unwraps the AES key with their private key, and decrypts.
PKI, encryption layer, Flask backend, and web UI. All on GitHub.