README
¶
dialtone
Dialtone is a realtime websocket chat with end-to-end encrypted message bodies and channel names.
Dialtone uses symmetric encryption for message bodies and channel names, and public key encryption to share those symmetric keys across devices. The server never sees plaintext message content or channel names, but it can see routing metadata required for the system to function. Usernames are sent in plaintext during login/register and stored only as a peppered hash (no plaintext usernames in the database).
Client
Quick start (server)
Requirements
- Go 1.22+
- Postgres 16+
Configure
Copy the example env file and set required values:
cp .env.example .env
Required variables:
- DIALTONE_DB_URL
- DIALTONE_USERNAME_PEPPER
- DIALTONE_CHANNEL_KEY
- DIALTONE_ADMIN_TOKEN
Generate secrets:
openssl rand -base64 32
Use the output for DIALTONE_USERNAME_PEPPER and DIALTONE_CHANNEL_KEY. Set a strong random value for DIALTONE_ADMIN_TOKEN.
Run server
set -a
. ./.env
set +a
go run ./cmd/server
Create initial invite
curl -s -X POST http://localhost:8080/server/invites \
-H "X-Admin-Token: $DIALTONE_ADMIN_TOKEN"
From within the dialtone docker container using curl:
set -a
. ./.env
set +a
docker exec -it dialtone sh -c 'curl -X POST \
-H "X-Admin-Token: $DIALTONE_ADMIN_TOKEN" \
http://localhost:8080/server/invites'
The response includes token and expires_at. Use the token when registering a new user.
Reverse proxy
You can place a reverse proxy (for example HAProxy) in front of the server to perform SSL/TLS termination. Keep the backend connection private and protected.
Client storage
Local client keys are stored under ~/.config/dialtone on Linux and %APPDATA%\dialtone on Windows. The keystore is encrypted with a passphrase you enter at login.
Documentation
License
MIT
Directories