Enchat logo
🔐 End-to-end encrypted terminal chatsystem

Enchat. End-to-end encrypted communication. No accounts, no servers, no traces.

Every message is encrypted on your machine, delivered peer-to-peer, and erased without a footprint. There are no accounts to register, no metadata to collect, no logs to exploit. Enchat runs entirely under your control — private by design, invisible by intent. Because what’s yours should stay yours.

01

Zero credentials

Rooms spin up with passphrases, not email addresses.

02

Audit-friendly

Encrypted transcripts & file drops with zero metadata leaks.

Terminal-native Python 3.6+ Zero-knowledge
why enchat()

Minimal overhead, maximum privacy.

Enchat is built for those who value privacy, discretion, and control.

A fully encrypted, zero-trust chat system that runs quietly in your terminal. No accounts, no servers, no traces. Whether you’re collaborating securely or staying off the grid, Enchat keeps your conversations yours.

privacy.byDesign

Zero surface area

Data stays local, invites are single-use, and telemetry simply doesn't exist.

config.tracking = "disabled"
history.ephemeral

No history

Chats exist only in real time. Once you leave the room, everything disappears.

history.wipe()
architecture.zeroTrust

Defense by default

Ephemeral keys, blind relays, and double encryption keep everything sealed by design.

encrypt(message).withPFS()
feature set

Everything you need ships in one CLI.

01

Real-time encrypted chat

Low-latency messaging with presence indicators, timestamps and read receipts that never leave the encrypted payload.

02

Secure rooms & file drops

Invite links expire on use and every file chunk ships with AES-256-GCM encryption and checksum validation.

03

Perfect forward secrecy

Ephemeral session keys wipe themselves the moment you disconnect so past transcripts stay sealed forever.

04

Tor-native routing

Flip a flag to route all relay traffic through Tor, adding an extra layer of privacy on top of Enchat's already secure design.

~/enchat status
rooms secure-room
transport tor + ntfy relay
pfs active
ready true
quick start

Install and start in minutes.

Run Enchat in any terminal: locally, on a server, or through a mobile terminal app, it's ready whenever you are.

1

Clone & inspect

Pull the repo, audit the installer script if required.

2

Install globally

Run install.sh to register the CLI on your path.

3

Launch

Run enchat, name your room and invite collaborators.

# Clone the repository

git clone https://github.com/sudodevdante/enchat.git

cd enchat


# Run the installer (feel free to inspect it first)

./install.sh


# Launch

enchat

enchat commands cli palette

enchat

Start an interactive wizard to create or join a room.

enchat join-link <url>

Join directly via a secure invite link.

enchat reset

Reset all stored room configurations.

enchat kill

Securely wipe all Enchat data from your device.

sharing

Invite or join securely in just three simple commands.

1

Generate a link

/share-room --uses 2 --ttl 1h creates a single-use, time-boxed invite.

2

Copy and send

/copy-link keeps the fragment client-side so the relay never sees the key.

3

Join securely

enchat join-link "<url>" fetches the blob and decrypts locally.

file-drop

/share ~/logs.tar.gz encrypts per chunk and verifies via SHA256.

presence

/who shows live participants, /notifications toggles alerts.

commands

A clean, powerful command set built to get the most out of every chat.

Enchat packs a versatile command set that puts you in control with built-in security and smooth, real-time collaboration.

🗄️ rooms

Spin up, invite and tear down secure spaces for sprint-specific conversations.

  • /share-room --ttl 10m --uses 1 Ephemeral invite link
  • /copy-link Copy last generated invite
  • /exit Leave & wipe volatile keys
📦 files

Share artifacts, CI logs and build outputs without detouring to a browser.

  • /share ./build/output.zip Encrypt & send a file
  • /files List available downloads
  • /download a1b2 Fetch a shared artifact
📡 signals

Observe relay health and room activity without exposing metadata.

  • /who Presence overview
  • /server Relay diagnostics
  • /security Current security posture
🛠️ utilities

Quality-of-life helpers for keeping the terminal view tidy and teams aligned.

  • /help Show all available commands
  • /clear Reset terminal view
  • /clean-chat Wipe room history
  • /poll "Ship?" | "Yes" | "Blocker" Quick sentiment poll
security model

Defense-in-depth without ceremony.

E2E encryption

AES-256-GCM across messages and files with authenticated integrity.

Key derivation

PBKDF2-HMAC-SHA256, 100k iterations. Passphrases stay costly to brute-force.

Perfect forward secrecy

Ephemeral session keys zeroed on disconnect so past transcripts stay sealed.

Server blindness

ntfy.sh relays encrypted blobs only—no metadata, no content, no timestamps.

Cleanup

/clean-chat and enchat kill wipe local and remote traces.

flow
client pfs encrypt room encrypt relay room decrypt pfs decrypt peer

Breaking one layer isn't enough—an attacker would need both the room passphrase and the in-memory session key.

🔧 For Developers

Self-Hosting

For maximum security and control, you can self-host your own ntfy.sh message server. While you can configure a server manually, this repository includes an automated script to make it easy.

On a fresh Debian or Ubuntu server, simply run:

~/server ⌁ setup

# Downloads and executes the setup script

~ wget -O - https://raw.githubusercontent.com/sudodevdante/enchat/master/setup-selfhosted-ntfy-server.sh | bash

Note: Even with your own server, Enchat's encryption ensures the relay sees only encrypted blobs. The server cannot read message content, metadata, or participant information—it functions purely as a blind message relay.

what it does
  • Installs Docker
  • Configures ntfy
  • Sets up SSL with Let's Encrypt
  • Hardens server for production

Once complete, just point Enchat to your own domain during the initial setup.

hosting & support

Host it your way or get expert support

Enchat is free to use and fully self-hostable. During setup, you can point Enchat to your own message relay or choose one of our secure relay servers, whichever fits your needs best.

All traffic is end-to-end encrypted, and relays can't read messages, metadata, or participant information. They function purely as blind carriers. You can run your own relay using the provided installer scripts, connect to our managed network, or request a private instance that we deploy and maintain for you.

We also provide consultancy, setup assistance, and technical support to help you build or scale your secure communication setup with confidence.

contact

Contact us at info@enchat.io for more information.

Built for those who take privacy seriously.

Enchat gives you the tools to communicate freely without leaks, metadata, or compromises. Take control of your privacy today.

Download & Install View the code