Parch
End-to-End Encrypted

Your messages.
Your keys.
Your server.

Parch chat requires no email logins — your browser generates your cryptographic identity, the relay validates signed host/user challenges plus short-lived space capabilities, and only intended recipients can read your messages.

Open Web Chat
Section 1

Your keys are your identity

No accounts, no passwords. Your browser generates everything you need.

Browser-generated cryptographic identity

The first time you open Parch chat, your browser generates two keypairs entirely on your device. No server is involved — your keys never leave your browser unless you explicitly export them.

  • Public key is your shareable identity. Give it to space admins so they can invite you. Think of it as your address.
  • Private key stays on your device. It proves you own your identity and decrypts messages sent to you.
  • Export & import lets you move your identity to another browser or device. Back it up.
No central password database
Section 2

Prove you own your keys

Challenge-response on both sides: host to relay, then browser to relay.

1

Host authenticates to relay

The host signs a relay-issued challenge with its host signing key to become the active host session.

parch-host-auth:<hostUUID>:<challenge>
2

Relay issues browser challenge

After host responsiveness is confirmed, relay sends your browser an auth challenge.

3

Browser signs challenge + encryption key

Your browser signs a structured message with its Ed25519 private key.

parch-chat-auth:<hostUUID>:<challenge>:<encPublicKey>

The encryption public key is bound into the signed payload, preventing key substitution attacks.

4

Relay verifies and gates actions

Relay verifies signatures, then requires host-signed capability tokens for space-scoped actions like joining channels, sending chat, and reading history.

Capability tokens are short-lived and space-scoped. The host issues them for your authenticated public key, and relay validates signature, scope, and expiry before routing sensitive actions.

Zero-knowledge authentication
Section 3

Messages sealed before they leave

Every message is encrypted, wrapped, and signed before it touches the network.

1
AES-256-GCM

Generate Key

A unique symmetric key is generated for this message alone

2
Encrypt

Seal Content

Plaintext becomes ciphertext + initialization vector (IV)

3
ECDH + HKDF

Wrap Key

For each recipient, the AES key is wrapped via key agreement + derivation

4
Ed25519

Sign

The entire envelope is signed, proving sender and detecting tampering

Sealed Envelope Structure

{
"spaceId": "..."// routing metadata
"channelId": "..."
"senderPublicKey": "..."
"ciphertext": "base64..."// encrypted content
"iv": "base64..."// initialization vector
"wrappedKeys": [
{
  "recipientPub": "..."
  "wrappedKey": "base64..."// AES key for this recipient
}
]
"signature": "base64..."// Ed25519 over entire envelope
}
Per-message content keys Authenticated encryption
Section 4

What each layer can see

Three layers, clear boundaries. Plaintext never leaves the browser.

PLAINTEXT ZONE
Your Device

Browser

  • Generates all cryptographic keys
  • Encrypts and decrypts messages
  • Sees plaintext content
  • The only place plaintext exists
Transit Layer

Relay

  • Verifies host and user signatures
  • Validates signed capability tokens
  • Routes sealed envelopes
  • Cannot read message contents
  • Sees ciphertext + routing metadata
Storage Layer

Host

  • Stores encrypted envelopes
  • Manages membership and invites
  • Issues space capability tokens
  • Cannot read message contents
  • Sees only ciphertext
Section 5

Important notes

Things to keep in mind when using Parch chat.

Before you begin

  • Back up your identity file. If you lose your private keys, you lose access to all encrypted chat history tied to that identity. Export your identity and store it somewhere safe.
  • Capabilities expire by design. Space permissions are carried in short-lived signed tokens and refreshed automatically. Expiry limits replay windows after membership changes.
  • New members cannot read old messages. Encryption keys are generated per-message with the current member list. Someone invited after a conversation has already happened will not be able to decrypt prior messages.
  • Tampered messages are rejected automatically. Every envelope carries an Ed25519 signature. If any part of the envelope has been modified in transit or storage, the signature check fails and the message is discarded.