TempChat — Service Closed

The Vision

Group chat for the moment — gone when it's over.

TempChat was designed to be a zero-knowledge encrypted group chat for real-world moments. Scan a QR, chat, gone.

Security & Privacy

We genuinely could not read your messages

Not "we won't" — we literally couldn't. Here's why.

🔐

Encrypted before it leaves your device

Your messages were locked using AES-256 encryption directly in your browser before being transmitted. The encryption key was embedded in the room link and never sent to our servers.

🙈

Our servers were completely blind

We stored only scrambled ciphertext. There was no master key, no admin backdoor, no way to decrypt what we held. Even a full server breach would have exposed nothing readable.

💥

Automatic self-destruction

When a room expired, every key, message, and metadata entry was permanently purged from our servers. There was no backup, no archive, no recovery.

For The Curious

The cryptographic architecture

🔬 Zero-Knowledge Encryption Flow ▼

The room URL hash contains the privateKey — it is never parsed by the server (hashes aren't sent in HTTP requests). All cryptographic operations happen entirely in the browser via the Web Crypto API.

① Browser (Room Creator)

ECDSA P-384
keypair generated locally

↓

privateKey never leaves
→ embedded in URL #hash

↓

publicKey
→ sent to server once
(JWK, verify-only)

→

② Key Derivation (Client-Side)

HKDF-SHA-384
salt: 16-byte zeros
info: "aes-encryption-layer"

↓

AES-256-GCM key
derived deterministically
from privateKey — never sent

↓

AES-GCM encrypt
plaintext → ciphertext
(messages, display names)

↓

ECDSA P-384 sign
{ rid, uid, ts } claims
→ authToken header

→

③ Server

publicKey
verify ECDSA signature

↓

stores ciphertext only
opaque blobs in Redis
TTL → auto-purged

↓

returns ciphertext
receiver uses privateKey
from their URL to decrypt