MumbleKey
Send secure messages using public-key cryptography with Web Crypto.
MumbleKey lets you send encrypted messages to anyone without accounts, prior setup, or installing anything. You exchange magic words with the recipient to swap public keys, then send your message. All encryption happens in the browser using disposable private keys that only live briefly on your machine — once you clear them, the ability to decrypt is gone too. The server never sees unencrypted content.
Years ago at Pixie Labs, I helped build WhisperKey — a tool for sending secure messages when you didn't want to trust email with a password or API key. I used it regularly over the years for sharing credentials with colleagues and friends. One day I went to share a password and found it was gone. The project had been archived. I looked for alternatives and found nothing that hit the sweet spot.
So I rebuilt it! I'd been itching to play with Next.js Server Components, and this seemed like the perfect excuse.
The original WhisperKey was Ruby on Rails with jQuery. MumbleKey is Next.js and TypeScript. But the biggest difference is the cryptography. The exchange flow and algorithms are the same, just the tooling now available has improved so much. Back then, we had to work around browser limitations with home-brewed AES. Now the Web Crypto API gives us proper primitives for key derivation, encryption, and decryption right in JavaScript.
Building MumbleKey was a nice way for me to see how far both the technology and my own skills have come in the last 13 years.
Don't ask me exactly how a linear congruential generator works. I still don't really know.