← Back to projects

EnChat - Encrypted under the radar terminal chat

Dec 15, 2025EnChat, Privacy, CLI

Enchat is a privacy-first, end-to-end encrypted chat application that runs entirely in the terminal. The initial idea for this project came to me while watching the movie The Amateur in the cinema. A film centered around a cryptography-focused hacker who communicates through a terminal-based chat system.

That moment sparked a simple but persistent question: does something like this actually exist in the real world? After researching existing tools, I couldn’t find a solution that matched what was depicted on screen—especially not one that combined strong end-to-end encryption, minimal metadata leakage, and a purely terminal-based experience.

This led me to set a personal technical challenge: to build the closest real-world equivalent possible—a highly secure, undetectable, end-to-end encrypted terminal chat system, designed under the assumption that infrastructure cannot be trusted.

Everything in Enchat happens locally: encryption, key handling, and message processing. The result is a lightweight but powerful tool for private communication, built as an exploration of how far privacy, cryptography, and usability can realistically be pushed within a terminal environment.

enchat.png

Project background

I built Enchat to explore what truly private communication looks like when you remove central identities and assume that infrastructure cannot be trusted. The project was created for developers, security-conscious users, and teams who want to communicate and share files without exposing content or metadata to third parties. It fits naturally into terminal-based workflows and allows users to stay focused without switching tools.

Design principles

What makes Enchat unique is its strict zero-trust and zero-knowledge design. Servers never see plaintext messages, usernames, timestamps, room names, or file data. Even room invitations are handled without exposing secrets: invitation links contain encrypted room credentials, and the decryption key never leaves the client. Combined with perfect forward secrecy, this ensures that past conversations remain secure even if a room passphrase is compromised later.

Messaging layer

For messaging, Enchat uses the ntfy.sh protocol as a transport layer rather than a traditional chat backend. I designed the system so that ntfy acts purely as a blind message relay. Enchat publishes encrypted message blobs to ntfy topics and listens for updates, while all encryption and decryption happens client-side. This approach keeps the messaging infrastructure simple, scalable, and completely unaware of the data it transports.

Security considerations

Security is the foundation of the project. Enchat uses modern, well-established cryptographic primitives and applies them in layers. Messages and files are encrypted end-to-end using authenticated encryption, keys are derived securely from user passphrases, and each session uses ephemeral keys to provide perfect forward secrecy. All metadata is encrypted, local secrets are kept in memory only when needed, and the application includes secure cleanup features to minimize data retention.

Deployment and hosting

Enchat can be fully self-hosted for users who want maximum control over their infrastructure. I built an automated setup that allows users to deploy their own ntfy server with SSL, hardened defaults, and minimal configuration. By self-hosting, users remove third-party dependencies entirely while keeping the same zero-knowledge guarantees.

Community reception and adoption

After releasing Enchat publicly, the project quickly gained traction within the developer and security communities. It reached the #1 top post on Reddit for several days, which led to a significant influx of feedback, discussions, and contributions from developers with a strong interest in privacy and cryptography.

Since then, Enchat has been downloaded over 10,000 times and has been starred and bookmarked by a large number of developers on Github. The response confirmed that there is real interest in terminal-based, privacy-first communication tools and validated many of the architectural and design decisions behind the project.

As of now, Enchat is my best and most impactful GitHub project, both in terms of adoption and the quality of technical discussions it has generated.

Scope of the project

Overall, Enchat is a practical experiment in secure system design, modern cryptography, and privacy-by-design software engineering. It represents an attempt to translate a fictional concept into a realistic, technically sound system—pushing the limits of what secure, terminal-based communication can be in practice.

View website