SecureBitChat uses a shared Rust-based cryptographic core:
https://github.com/SecureBitChat/securebit-core

This core is used across all platforms (web, desktop, mobile) as a single source of truth for all security-critical logic.

Community review is welcome. Bug reports and security feedback can be submitted via GitHub Issues.

SecureBit Chat native desktop apps are now available for Windows, macOS, and Linux!

• Windows 10/11 - NSIS Installer (x64)
• macOS 11+ - Universal App (Intel + Apple Silicon)
• Linux - AppImage (Universal, amd64)

Status: Public Beta v0.1.0 Available
Technology: Built with Tauri v2 (Rust + Web Technologies)
Coming Q1 2026: Windows Store, Mac App Store, Snap Store

Download Desktop Apps →

All SecureBit applications share the same open-source cryptographic core:

┌─────────────────────────────────────────────────────────────┐
│                    User Applications                        │
├──────────────────┬──────────────────┬──────────────────────┤
│   Web Version    │  Desktop Apps    │   Mobile (Coming)   │
│   (This Repo)    │  (Tauri v2)      │      (Q1 2026)      │
│   Browser PWA    │  Windows/Mac/    │    iOS/Android      │
│   v4.7.56        │     Linux        │   Native Apps       │
│                  │   v0.1.0 Beta    │                      │
└────────┬─────────┴────────┬─────────┴──────────┬───────────┘
         │                  │                    │
         └──────────────────┼────────────────────┘
                            │
                            ▼
         ┌──────────────────────────────────────────┐
         │   securebit-core (Open Source)           │
         │   • All Cryptographic Operations         │
         │   • P2P Protocol Implementation          │
         │   • End-to-End Encryption             │
         │   • Key Exchange & Verification          │
         │   • ASN.1 Structure Validation           │
         │   License: Apache 2.0                    │
         └──────────────────────────────────────────┘

• 100% of cryptography is open source - Audit at securebit-core
• Single source of truth - Same security across all platforms
• Full transparency - Security-critical code is publicly auditable
• Community reviewed - Bug reports and security feedback welcome
• Memory-safe core - Rust implementation prevents entire classes of vulnerabilities
• Cross-platform consistency - Identical security guarantees on all platforms

Core Repository: https://github.com/SecureBitChat/securebit-core
License: Apache License 2.0
Language: Rust (memory-safe, zero-cost abstractions)

SecureBit.chat is a revolutionary peer-to-peer messenger that prioritizes your privacy with military-grade encryption. No servers, no registration, no data collection - just pure, secure communication.

• 18-Layer Military Security - ECDH + DTLS + SAS triple-layer verification
• Pure P2P Architecture - No servers, truly decentralized
• Progressive Web App - Install like a native app on any device
• Native Desktop Apps - Windows, macOS, Linux (Tauri v2)
• Native Mobile Apps - iOS (Swift/SwiftUI), Android (Kotlin/Jetpack Compose) - Coming Q1 2026
• Secure File Transfer - End-to-end encrypted P2P file sharing
• Smart Notifications - Browser and desktop alerts
• Complete Anonymity - Zero data collection, no registration
• Open Source Security - Cryptographic core is fully auditable
• ASN.1 Validation - Complete key structure verification
• Perfect Forward Secrecy - Automatic key rotation

• Native Desktop Applications - Windows, macOS, and Linux support
• Tauri v2 Framework - Lightweight, secure, and performant
• System Integration - Native notifications, system tray, auto-start
• Offline Support - Works without internet connection
• Multi-window Support - Multiple conversation windows
• Improved Performance - Native code execution for crypto operations

• Fix: Prevent encryption key loss and IndexedDB connection errors
• Fix: Disable timer-based key rotation for Double Ratchet mode
• Fix: Auto-reinitialize encryption keys when missing but ECDH available
• Fix: Preserve active keys during periodic cleanup in ratchet sessions
• Fix: IndexedDB "database closing" errors with connection checking
• Improvement: Individual transactions per queue item to prevent race conditions
• Improvement: Enhanced message text wrapping in chat interface

• ECDH + DTLS + SAS System - Triple-layer security verification
• ASN.1 Full Structure Validation - Complete key structure verification
• Enhanced MITM Protection - Multi-layer defense system
• Secure Key Storage - WeakMap-based isolation
• Production-Ready Logging - Data sanitization and privacy protection
• HKDF Key Derivation - RFC 5869 compliant key separation and derivation

1. Visit https://securebit.chat/
2. Share your link or enter your peer's link
3. Start chatting - No registration required!

Install as PWA:

• Click the install prompt in your browser
• Or use browser menu: "Install SecureBit.chat"

1. Download installer from securebit-desktop releases
2. Install on Windows, macOS, or Linux
3. Launch and start secure communication

Platform-specific instructions:

• Windows: Run .exe installer, follow setup wizard
• macOS: Open .zip, drag SecureBit Chat.app to Applications
• Linux: Make AppImage executable: chmod +x SecureBit.Chat_*.AppImage, then run

Current: v4.7.56 - Desktop Edition Available

• v4.5 - Enhanced Security Edition

  • ECDH + DTLS + SAS triple-layer security
  • 18-layer military-grade cryptography
  • Complete ASN.1 validation
  • Perfect Forward Secrecy

• v4.7 - Desktop Edition (Current)

  • Native desktop applications (Windows, macOS, Linux)
  • Built with Tauri v2
  • System tray integration and native notifications
  • Offline support and multi-window

• v0.1.0 - Desktop Apps Beta

  • Initial desktop release
  • Windows, macOS, Linux support

• v5.0 (Q1 2026) - Mobile Edition

  • Native iOS app (Swift/SwiftUI)
  • Native Android app (Kotlin/Jetpack Compose)
  • PWA support for mobile browsers
  • Real-time push notifications
  • Battery optimization
  • Biometric authentication

• v5.5 (Q2 2026) - Quantum-Resistant Edition

  • CRYSTALS-Kyber post-quantum key exchange
  • SPHINCS+ post-quantum signatures
  • Hybrid classical + post-quantum schemes
  • Quantum-safe key exchange
  • Migration of existing sessions

• v6.0 (Q4 2026) - Group Communications

  • P2P group connections up to 8 participants
  • Mesh networking for groups
  • Signal Double Ratchet for groups
  • Anonymous groups without metadata
  • Ephemeral groups (disappear after session)

• v6.5 (2027) - Decentralized Network

  • DHT for peer discovery
  • Built-in onion routing
  • Tokenomics and node incentives
  • Governance via DAO
  • Self-healing network

• v7.0 (2028+) - AI Privacy Assistant

  • Local AI threat analysis
  • Automatic MITM detection
  • Adaptive cryptography
  • Zero-knowledge machine learning

All security-critical code is open source and auditable:

• Repository: securebit-core
• License: Apache License 2.0
• Language: Rust (memory-safe, prevents entire vulnerability classes)
• Auditable: 100% of cryptographic operations
• Standards: RFC 5869 (HKDF), NIST SP 800-56A (ECDH), RFC 8446 (DTLS)

1. ECDH (Elliptic Curve Diffie-Hellman) - P-384 curve key exchange
2. DTLS (Datagram Transport Layer Security) - WebRTC transport security with fingerprint verification
3. SAS (Short Authentication String) - Visual MITM detection and verification

• Key Exchange: ECDH P-384 (NIST curve)
• Signatures: ECDSA P-384
• Encryption: AES-256-GCM
• Key Derivation: HKDF-SHA-256 (RFC 5869)
• Authentication: HMAC-SHA-256
• Hashing: SHA-256, SHA-384

• Perfect Forward Secrecy (PFS)
• End-to-End Encryption (E2EE)
• Zero-Knowledge Architecture
• Replay Protection
• Metadata Protection
• ASN.1 Structure Validation
• OID and EC Point Verification
• SPKI Structure Validation

• 18-Layer Defense System - Multiple independent security layers
• MITM Attack Prevention - Triple verification prevents man-in-the-middle attacks
• Key Isolation - WeakMap-based secure key storage
• Secure Memory Management - Automatic secure deletion of sensitive data
• Production Logging - Sanitized logs prevent information leakage

• No personal information
• No phone numbers or emails
• No contact lists on servers
• No message content or metadata
• No telemetry or analytics
• No usage statistics
• No IP addresses logged
• No device fingerprints
• No location data

Want to audit our security? Check these repositories:

1. securebit-core - All cryptographic operations (Rust)
2. securebit-chat - Web UI implementation (this repo, JavaScript/React)

Report Security Issues: SecureBitChat@proton.me
PGP Key: Available on request for encrypted security reports

• Node.js 18+
• npm or yarn
• Git

# Clone repository
git clone https://github.com/SecureBitChat/securebit-chat.git
cd securebit-chat

# Install dependencies
npm install

# Run development server
npm run dev

# Build for production
npm run build

# Build CSS only
npm run build:css

# Build JavaScript only
npm run build:js

# Preview production build (requires Python)
python -m http.server 8000

# Development server with hot reload
npm run dev

# Watch CSS changes
npm run watch

# Build everything
npm run build

# Serve built files
npm run serve

securebit-chat/
├── src/
│   ├── components/          # React components
│   │   ├── ui/             # UI components (Header, Roadmap, etc.)
│   │   └── QRScanner.jsx   # QR code scanner
│   ├── crypto/             # Cryptography utilities
│   │   └── EnhancedSecureCryptoUtils.js
│   ├── network/            # WebRTC P2P logic
│   │   └── EnhancedSecureWebRTCManager.js
│   ├── transfer/           # File transfer
│   │   └── EnhancedSecureFileTransfer.js
│   ├── notifications/      # Notification system
│   ├── pwa/                # PWA functionality
│   ├── scripts/            # Bootstrap and initialization
│   └── styles/             # CSS stylesheets
├── dist/                   # Built files (generated)
├── assets/                 # Static assets
├── public/                 # Public files
└── docs/                   # Documentation

Want to improve security? Contribute to the cryptographic core:

• Repository: securebit-core
• Focus: Cryptography, protocol implementation, security features
• Language: Rust

* Desktop apps are free for personal and commercial use. Only the UI layer is proprietary - all cryptography is open source in securebit-core.

• Frontend: React, Tailwind CSS
• Build: esbuild, Tailwind CLI
• P2P: WebRTC
• Crypto Core: Rust (securebit-core)
• Desktop: Tauri v2
• Mobile (Future): Swift/SwiftUI (iOS), Kotlin/Jetpack Compose (Android)

We welcome contributions! Here's how:

1. Fork the repository
2. Create feature branch: git checkout -b feature/amazing-feature
3. Commit changes: git commit -m "Add amazing feature"
4. Push to branch: git push origin feature/amazing-feature
5. Open Pull Request

Want to improve security? Contribute to the core:

• Repository: securebit-core
• Focus: Cryptography, protocol implementation, security features
• Language: Rust

• Repository: securebit-desktop
• Focus: UI/UX improvements, platform-specific features
• Technology: Tauri v2, Rust, TypeScript

• Report bugs - Open issues on GitHub
• Security research - Email SecureBitChat@proton.me
• Improve documentation - Help others understand the project
• Star the repositories - Support visibility and development
• Spread the word - Share with privacy advocates
• Provide feedback - Help shape the future of SecureBit

If you support our mission - please star the repos!

• ⭐ Star securebit-chat (Web)
• ⭐ Star securebit-core (Crypto)
• ⭐ Star securebit-desktop (Apps)

License: MIT License

License: Apache License 2.0
Repository: securebit-core

License: Proprietary (Free for personal & commercial use)
Repository: securebit-desktop

Note: Desktop apps are free to use. Only the UI layer is proprietary - all cryptography is open source.

• Documentation: Check README and core docs**
• Discussions: GitHub Discussions
• Issues: Report bugs on GitHub
• Email: SecureBitChat@proton.me

• Security Issues: SecureBitChat@proton.me (encrypted preferred)
• Business Inquiries: hello@securebit.chat
• Twitter/X: @SecureBitChat
• Website: https://securebit.chat (coming soon)

• Be respectful and constructive
• Focus on privacy and security
• Help others learn and contribute
• Report security issues responsibly
• Follow the code of conduct

• React - UI framework
• Tailwind CSS - Styling
• esbuild - Build tool
• WebRTC - P2P communication
• IndexedDB - Local storage
• Rust - Cryptographic core
• Tauri v2 - Desktop framework

• Rust Crypto Team - Cryptographic primitives and standards
• WebRTC Community - P2P technology and standards
• Tauri Team - Desktop framework development
• Security Researchers - Audits, feedback, and improvements
• Contributors - Code, docs, testing, and support
• Privacy Advocates - Inspiration and mission support

• RFC 5869 - HKDF key derivation
• NIST SP 800-56A - ECDH key agreement
• RFC 8446 - DTLS 1.3
• RFC 7748 - Elliptic curves for security
• X.509 - ASN.1 certificate structure

• Web Version - Stable (v4.7.56), receiving bug fixes and improvements
• Desktop Apps - Public beta (v0.1.0), active development
• Cryptographic Core - Stable, production-ready
• Mobile Apps - In development (Q1 2026)

• GitHub Stars - Help us grow!
• Contributors - See all contributors
• Issues - Open issues
• Pull Requests - Contribute
• Discussions - Join the conversation

• Downloads - Desktop apps available for all platforms
• Security - 18-layer military-grade protection
• Platforms - Web, Windows, macOS, Linux (Mobile coming Q1 2026)
• License - Open source core, free desktop apps