EmojiCodeX

A secure web app that turns private messages into emojis, with AES-256-GCM encryption and single-emoji steganography.

Comment

Inspiration

I wanted to build a creative cybersecurity project that felt fun to use but still had real technical depth. I was watching one of NetworkChuck's videos where he showed a similar idea about hiding or transforming messages, and it inspired me to create my own version with a stronger focus on emojis and encryption, and with a clean web interface. I have also taken a cybersecurity course at RIT (Intro to Cysec), which introduced me to concepts like encryption, symmetric cryptography, AES, secure key handling, and the importance of protecting data. EmojiCodeX became a way for me to turn those concepts into something practical: a web app where a user can write a message, encrypt it, convert it into emojis, and later decrypt it back into the original message.

What it does

EmojiCodeX is a web app that lets users convert private text messages into emoji sequences. A user can type a message, optionally add a password, and generate an encrypted emoji output. That emoji sequence can then be copied, shared, and later decrypted back into the original message using the same password.

The project also includes a "Hidden in Emoji" steganography mode. Instead of generating a long sequence of emojis, this mode hides a short message inside a single emoji using invisible Unicode variation selectors. Visually, it looks like a normal emoji, but it can contain hidden data that EmojiCodeX can decode.

In short, EmojiCodeX has two main tools:

  • Text to Emojis: converts text into emoji sequences, with optional AES-256-GCM encryption.
  • Hidden in Emoji: hides text inside a single emoji using Unicode-based steganography.

How I built it

I built EmojiCodeX as a full-stack web application. The frontend is made with HTML, CSS, and JavaScript, with a dark-blueish, simple interface focused on making encryption easy to use. The frontend handles the user interface, mode switching, passphrase generation, copy buttons, and sending requests to the backend API.

The backend is built with Python and FastAPI. It handles the main encryption, decryption, and steganography logic. For encryption, I used AES-256-GCM with scrypt-based key derivation. The app takes the user's message, converts it into bytes, optionally encrypts it with a password, and then maps the resulting bytes into emojis using a deterministic emoji codebook.

For the steganography feature, I used Unicode variation selectors to store hidden data inside a single emoji. The backend encodes the message into invisible characters attached to the emoji, and then decodes those characters later to recover the hidden message.

I deployed the backend on Render and the frontend on Netlify. The frontend is hosted as a static site, while the backend runs as a FastAPI web service. The two communicate through API requests from the browser.

Challenges I ran into

One challenge I ran into was making sure encrypted outputs behaved correctly. I wanted normal encryption to generate a different emoji sequence each time, even for the same message and password. This is important because repeated identical outputs can leak patterns. I fixed this by using random salt, random nonce, and random padding when deterministic mode is off.

Another challenge was implementing deterministic mode correctly. Deterministic mode is useful for testing or repeatable outputs, but it should only be used intentionally. I had to make sure the app clearly separated random secure output from deterministic output so users understand the difference.

Hosting was also a challenge. The frontend and backend needed to be deployed separately: Netlify for the frontend and Render for the backend. I had to configure CORS, update the frontend API URL, create the Render deployment configuration, and make sure the deployed frontend could successfully talk to the deployed backend. I also ran into smaller UI and usability challenges, such as making copy buttons work well, improving the password visibility toggle, adding a passphrase generator, and making the site feel polished instead of just functional.

Accomplishments that I'm proud of

I am proud that EmojiCodeX is not just a mockup. It is a live, working full-stack project that people can actually use. It has a deployed frontend, a deployed backend, and real encryption logic behind it. I'm also proud of the combination of security and creativity. The project uses serious cryptographic tools like AES-256-GCM and scrypt, but presents them in a fun and approachable way through emojis. I think that balance makes the project more interesting and easier to demo.

Another accomplishment is the "Hidden in Emoji" feature. Hiding a message inside a single emoji using invisible Unicode characters was one of the most interesting parts of the project, and it gave me a better understanding of how text encoding and Unicode can be used in unexpected ways.

What I learned

I learned a lot about how frontend and backend systems work together. Before this project, I understood parts of web development separately, but EmojiCodeX helped me connect the full flow: user input, frontend JavaScript, API request, backend processing, JSON response, and displaying the result.

I also learned more about encryption and web security in practice. I got a better understanding of AES-256-GCM, authenticated encryption, nonces, salts, hashing algorithms, key derivation with scrypt, password hashing, CORS, REST APIs, and why password strength matters so much. To strengthen my understanding, I created and watched a YouTube playlist covering cryptography fundamentals, hashing, salts and peppers, steganography, CORS, REST APIs, and secure password storage.

On the deployment side, I learned how to host a static frontend on Netlify and a Python FastAPI backend on Render. I also learned about CORS, environment differences between local and production, and the behavior of free-tier hosting, such as cold starts.

What's next for EmojiCodeX

Next, my goal is to keep improving EmojiCodeX and make it feel more like a complete encryption and steganography toolkit. I would like to buy a custom domain name for the project, most likely emojicodex.net, and connect it to the deployed site.

I also want to add more features, such as QR code export, file encryption, hash/integrity checking, and possibly image steganography. A QR code feature would make it easier to share encrypted emoji messages, while a hash checker would help users verify that a message was not corrupted during copying or sharing.

Long term, I want EmojiCodeX to become a polished portfolio project that demonstrates cybersecurity, cryptography, web development, API design, and deployment in one place.

Built With

Share this project:

Updates