Spaces:
Sleeping
Sleeping
SecureChat π
A real-time, end-to-end encrypted chat application with 1-on-1 DMs and group chats. Deployable as a Hugging Face Space via Docker.
Features
- End-to-End Encryption (E2EE) β RSA-OAEP for DMs, AES-GCM + RSA key wrapping for group chats. Server never sees plaintext.
- Authentication β Username/password + Google OAuth
- Direct Messages β 1-on-1 encrypted conversations
- Group Chats β Encrypted group messaging with per-member AES key wrapping
- Display Name β Change your display name anytime in Settings
- Real-time β WebSocket-based, instant message delivery
- Typing Indicators β See when someone is typing
Deployment on Hugging Face Spaces
- Create a new Space on huggingface.co/spaces
- Choose Docker as the SDK
- Push this repository to the Space
Environment Variables (Space Secrets)
Set these in your Space settings β Repository Secrets:
| Variable | Description | Required |
|---|---|---|
SECRET_KEY |
JWT signing key (random 32+ char string) | Yes |
GOOGLE_CLIENT_ID |
Google OAuth Client ID | Optional |
GOOGLE_CLIENT_SECRET |
Google OAuth Client Secret | Optional |
GOOGLE_REDIRECT_URI |
https://YOUR-SPACE.hf.space/api/auth/google/callback |
If using Google |
Setting up Google OAuth (Optional)
- Go to Google Cloud Console
- Create OAuth 2.0 credentials
- Add your Space URL as an authorized redirect URI:
https://YOUR-SPACE.hf.space/api/auth/google/callback - Set the credentials as Space secrets
Local Development
pip install -r requirements.txt
mkdir -p data
uvicorn main:app --reload --port 7860
Open http://localhost:7860
Security Notes
- Private keys never leave the browser β stored in localStorage as JWK
- RSA-2048 OAEP with SHA-256 for DM message encryption
- AES-256-GCM for group message content (per-message random IV)
- RSA-OAEP used to wrap the AES key for each group member
- Passwords hashed with bcrypt
- JWT tokens with 7-day expiry
- All transport over HTTPS (on HF Spaces)