2key-ratchet Classical Double Ratchet + X3DH
ECDH secp256r1 ECDSA secp256r1 AES-256-CBC HMAC-SHA-256 in-browser · no server
github ↗
Ready — establish a session or run the auto demo
ALICE Initiator
Session PIN
·
Identity Exchange Root key Chain
received messages appear here
BOB Responder
Session PIN
·
Identity Exchange Root key Chain
received messages appear here
Protocol Wire Log 0 events click any entry to expand wire bytes
Establish a session to see the protocol wire log
How it works in code full program for both sides · ~50 lines total · active block highlights as demo runs
ALICE initiator — sends the PreKeyMessage 

        

      

      

        

          
          BOB
          responder — receives and replies
        

        

          

        

      

    

  





  

    
🟣 Bob — Incoming Session Request

    

      Alice wants to establish a secure session. Verify the identity fingerprint
      matches what Alice sees before approving.
    

    

      
Identity Fingerprint · SHA-256(Alice ‖ Bob signing keys)[0..3]

      

      

        Both sides computed this from your identity public keys.

        A man-in-the-middle would produce a different value.
      

    

    

      Why this matters: Unlike pqc-ratchet which uses ML-DSA-65 signatures,
      2key-ratchet uses ECDSA over secp256r1 to authenticate identity keys. The same
      trust model applies — verify out-of-band before approving.