HaxMax

Gallery

About

I'm selling an MVP version of the HaxMax web messenger with end-to-end encryption (E2E). The server neither stores nor receives plaintext messages: encryption is performed client-side, and decryption occurs only on user devices (the private key is stored on the user).Demo / AccessI can provide a link to a working version and/or a test rig upon request.What's already available (pros)Registration/login, user session management implementedReal-time chats (WebSocket)Message replies (reply) with display and linking to the original messageUser profile, avatar changeSending media files (photos/videos/gifs) with preview in chatVoice messages: hold-to-record recording, playback in the browser, after fully listening, the voice message is replaced with text. The voice message is played and the file is automatically deleted from the serverE2E encryption:Text is encrypted on the client (AES-GCM + RSA-OAEP for key wrapping)Attachments and voice messages are encrypted on the client before uploading, ciphertext is sent to the serverThe recipient decrypts locally upon display/downloadDisadvantages/limitations (important)This is an MVP, not a "ready-to-use" solution Production: Some user scenarios and settings/admin functions may not be up to par with those of larger products.Security and reliability require further testing:Full testing on different browsers/mobile devices is required.A threat model audit/check, edge case handling, and load testing are required.E2E protects content, but metadata typically remains: for example, file name, type/size, sending time, etc. (the server sees technical information about attachments even if plaintext is unavailable).Restoring access if a private key is lost is impossible (this is how the E2E model works).What I provide to the buyer:Source code (repository) and build/deployment instructions.