A secure, end-to-end encrypted command-line chat client built on top of ntfy with real-time messaging ECDH-based encryption DM support and zero server trust.
- 🔐 End-to-End Encryption (E2EE) using AES-256 + ECDH key exchange
- 📡 Real-time messaging via ntfy's public or self-hosted server
- 🧩 Cross-platform and terminal-friendly
- 🌐 Server-agnostic — the server never sees plaintext messages
- 🧑🤝🧑 Public room chat + private DMs
- 🕵️ Anonymous — no accounts, emails, or logins
- ✨ Typing indicators, colored usernames, join/leave notifications
- ✅ Simple CLI commands like
/msg,/who,/refresh,/help
k4li-chat-cli extended to support encrypted file sharing while preserving end-to-end encryption.
The system uses ntfy's built-in support for attachments combined with symmetric AES encryption between peers.
- The file is encrypted with a shared key.
- The encrypted file is uploaded as an ntfy attachment.
- A message is sent with the download URL (optionally encrypted).
- Peers can download and decrypt the file locally.
/sendfile path/to/document.pdf
- Encrypts the file with AES (shared secret with peer)
- Uploads to ntfy
- Sends a secure message with a download link
- Downloads the encrypted file
- Decrypts it using the shared AES key
- Saves it as the original filename
- Files are encrypted client-side using the same AES-256 key used for messages.
- The ntfy server only stores ciphertext, with no knowledge of the contents.
- Metadata (like the original filename) is encrypted as well.
- Sharing notes, photos, PDFs between trusted peers
- Secure collaboration while traveling or on untrusted networks
- Anonymous dropboxes (when combined with anonymous usernames)
- Usernames are no not visible in message metadata for passive observers (like browsers or sysadmins).
- All user-related data (name, message, intent) is embedded in the encrypted message body.
k4li-chat-cli is more than a simple command-line chat
— it's a privacy-first tool designed for real-world scenarios where mainstream messaging fails or can't be trusted.
Whether you're in a public coffee shop, a hotel, or a remote co-working space,
k4li-chat-cli encrypts messages end-to-end using ECDH and AES-256, meaning no one — not even the server — can read your messages.
Perfect for:
- Traveling developers and digital nomads
- Hackerspaces and CTFs
- Public Wi-Fi use
Sometimes your default apps aren't accessible — due to firewalls, platform restrictions, or simply unavailability.
Ideal for:
- Censorship circumvention
- Messaging without an account
- Quick communications without app installs
You use Signal, they use Telegram. You prefer Matrix, they only use WhatsApp.
Skip the compatibility drama. k4li-chat-cli works for everyone with:
- A terminal
- Internet access
No accounts, no installs, no gatekeeping.
- Anonymous, encrypted by design
- Peer discovery via public or private ntfy servers
- Nothing stored on disk or visible in chat history
- Command-line interface leaves minimal forensic footprint
- Integrate into scripting workflows
- Use in automation
- Perfect for ad-hoc coordination across secure tunnels (like Tailscale, VPNs, Tor)
k4li-chat-cli is the secure, disposable, encrypted chat tool you've always needed
— for when security, interoperability, and simplicity matter most.
No logins. No metadata. Just E2EE messages between peers.
git clone https://github.com/carlostkd/k4li-chat.git
cd k4li-chat-cli
npm install
npm linkThis will globally install k4li-chat as a command-line tool.
To start chatting securely:
k4li-chatYou’ll be prompted for:
-
ntfy server (e.g.
https://ntfy.shor your private instance we recommend to use our server.) - room name (this becomes the ntfy topic share that name and server with who you need to talk.)
- username (shown to others in the chat)
Once connected, your device will:
- Generate an ECDH keypair
- Broadcast your public key to the room
- Derive AES keys with each peer securely
- Begin encrypted communication
Inside the chat interface, you can use:
| Command | Description |
|---|---|
/who |
List all connected users in the room |
/msg NAME TEXT |
Send a private (DM) message to user NAME
|
/refresh |
Re-broadcast your public key in case of issues |
/help |
Show this list of commands |
- Uses ECDH (secp256k1) for key exchange between peers
- AES-256-CBC with SHA-256 derived keys for message encryption
- All encryption and decryption happen client-side only
- Messages and keys are never stored or processed by the server in plaintext
- Supports DM encryption on a per-peer basis
✔ Joined 'test' as alice
🔐 Secure chat ready — waiting on peers...
alice: hello world
[12:42:55] bob: hi alice 👋
[12:43:01] [DM] charlie: hey can we talk?
To test locally:
npm run devTo publish (once ready):
npm publish --access public- Built with 💻 by
Carlostkd - Uses ntfy as backend transport
- Open source, MIT licensed