B.E.Chat — Blind-Edge Messenger

Have them scan you

They point their camera app at this — it opens B.E.Chat with your key filled in.

Why scanning in person is the gold standard

A QR scanned face-to-face hands over your public key with no middleman who could swap it for theirs. Keys here are trusted on first use, so the moment of exchange is what matters. (Public keys are safe to show anyone — they can't be used to read anything.)

or add them

Scan their QR with your camera app, or paste their key below.

Name

Their key

What's on your device

Exactly two things. ① Your identity vault: both private keys and your recovery words, sealed with AES-256-GCM under a key derived from your App Password (PBKDF2, 600,000 rounds) and kept in this browser's localStorage. ② Your message database: conversations, contacts, and groups, stored readable in this browser's IndexedDB — the password protects your keys, not your history. That's the complete list. Nothing about you exists anywhere else.

What the relay sees

The relay is a dumb, blind mailbox. It stores sealed envelopes for at most 24 hours, has no user accounts, and rate-limits per IP. Anyone can run one — it's ~200 lines of open-source code.

Field	Relay receives	What it learns
Message	Padded ciphertext	nothing
Sender	Key hash (SHA-256)	a number, not a name
Recipient	Key hash (SHA-256)	a number, not a name
Timing & size	Timestamps; length padded to 256-byte blocks	approximate traffic patterns
Password	Never sent	nothing
Private keys	Never sent	nothing
Contacts	Never sent	nothing

Show me the actual bytes — the last thing this app sent

Nothing sent yet this session. Send a message, then look again.

If you lose your keys

Your 12 recovery words recreate your exact keys on any device — same address, so contacts can still reach you (ID → Recovery words to view them again). Message history does not come back: it only ever existed on your devices, which is the point — there is no server copy of it for anyone to recover, including you. No words and no backup file means the identity is gone permanently. Nobody can reset it, because nobody else has it.

Burner mode

Don't want permanence? Skip the backup. Use an identity for a session, then Menu → Delete this identity. Fresh keys take five seconds and cost nothing — new address, clean slate. Contacts from the old session can't reach the new you. Disposable identities are a feature here, not an accident.

How the encryption works

Each message gets a fresh ephemeral ECDH P-256 key, run through HKDF into a one-time AES-256-GCM key, and is signed with your long-term ECDSA key — all with the browser's native Web Crypto API, zero libraries. Payloads are padded to 256-byte blocks so length reveals nothing. Replay attacks are rejected with a counter sealed inside the ciphertext.

Groups

Groups use a shared AES-256-GCM key distributed over the existing encrypted 1:1 channels. The relay sees the group as one anonymous address — it doesn't even know it's serving a group. Add or remove a member and the key rotates: removed members can't read anything sent after they left.

Auto-delete

In any conversation, tap Auto-delete to expire messages from your device (1h–7d). The other side keeps their copy until they set their own timer. The relay independently deletes all envelopes after 24 hours.

Honest limitations

Keys are trusted on first use. There are no safety numbers yet. For high-stakes contacts, exchange QR codes in person, or compare your identicons over a channel you trust.
Forward secrecy is sender-side only. If your long-term key leaks, messages previously sent to you that an attacker recorded could be decrypted. (Sent messages stay safe — their ephemeral keys are gone.)
Local history is readable on your device. Use your OS's disk encryption and screen lock; the App Password protects keys, not the message database.
Relays see metadata. Timing, padded sizes, and IPs. The demo relay is shared; run your own to control it.
iOS can evict browser data after ~7 days of disuse. Install to your Home Screen and write down your 12 words.