I've been playing around with OpenPGP.js and Soketi lately and decided to build a simple E2E encrypted messaging app. It's called subtle.sh. The idea is pretty straightforward: you need to send a secret to someone, but you don't want to use Slack, email, or any other plain text medium. subtle.sh generates a fresh session with ephemeral keys, you share the link, and once the tab is closed, everything disappears.
Some key points:
- Zero setup required (no accounts, no installation)
- E2E encryption using OpenPGP.js
- Real-time messaging with Soketi (an open-source Pusher alternative)
- Built with Next.js, React, and Tailwind
- Self-hostable backend
You can take control of as much of the stack as you want:
1. Use the official deployment as-is for quick, ephemeral sharing
2. Self-host the entire stack for complete control
3. Host just the backend and connect it to the official frontend
It's not meant to replace your password manager, but it could be handy when you need to quickly share credentials with someone you don't have a shared vault with. The whole thing is open source, and I've included detailed docs on self-hosting, making it accessible even if you're not a seasoned sysadmin.
I'd love to get your thoughts, feedback, or any security considerations I might have overlooked.
Website: https://subtle.sh
GitHub: https://github.com/ivstiv/subtle.sh
The reason I didn't just use Pusher's end to end capabilities was mostly because I wanted to Play with OpenPGP.js but also don't plan on having Pusher as the sole communication mechanism in the future.
P.S. Yes, I know carrier pigeons are a viable alternative, but they're not exactly zero-config and user-friendly.