SECURITY PROTOCOL
// Encryption Standards & Data Integrity
End-to-End Encryption (E2EE)
ANON.CHAT uses a zero-knowledge architecture. This means your messages and files are encrypted in your browser before they are ever transmitted to our network.
SENDER
(Plaintext)
(Plaintext)
ENCRYPTION
(Client-Side)
(Client-Side)
SERVER
(Encrypted Blob)
(Encrypted Blob)
RECEIVER
(Decrypted)
(Decrypted)
Fig 1: Secure Data Transmission Flow
The server acts only as a blind relay. Because the decryption keys never leave your device, even if the server was compromised, your conversations would remain unreadable strings of random data.
The Cryptographic Stack
We leverage industry-standard Web Crypto APIs to ensure high-performance, military-grade security.
AES-GCM 256-bit
The Gold Standard of symmetric encryption. Provides both confidentiality and integrity (it detects
if data was tampered with).
PBKDF2 Derivation
Your Secret Key is transformed into a cryptographic key using 100,000 iterations and a per-room salt
to prevent brute-force attacks.
SHA-256 Handshake
A verification hash ensures that only people with the correct key can even enter the relay room at
the server level.
Visual Overview
Fig 2: End-to-End Encryption Logic Flow
Ephemeral Design
Security is not just about encryption; it's about what you don't store.
- No Database: No messages are stored on any disk. Once everyone leaves a room, the data is gone forever.
- Session Based: Keys are kept in memory only. Refreshing your browser clears the session keys.
- Server Logs: Our logs only show Metadata and the Encrypted Blobs. We cannot "see" what was said.
// ANON.CHAT Security Whitepaper — Ajun Ravi