In the age of common data leaks, we want our conversations to be secure. We focused on one of the most popular chat platforms in the world, Facebook Messenger.

What it does

Using a chrome extension, users can send and receive encrypted messages using PGP. While Facebook is starting to roll out encryption on the mobile version of messenger, we wanted to bring encryption to everyone using right now.

How we built it

Our extension hooks into the React components of the page. We monitor incoming and outgoing messages so we can react (haha) accordingly. We also provide uploads and lookups for user's public keys. We used OpenPGP.js for key creation and encryption/decryption and python flask for our keyserver.

Challenges we ran into

There are wayyy to many to list, but there were two main issues.

Hooking into a page using React is really really hard. The HTML is constantly changing, and injecting is also really really hard since Chrome extensions are sandboxed (double injection is the answer!). has a set list of urls that can make cross-origin requests, and surprise surprise our website is not on that list. We had to send messages to our extension from, which in turn acted as a middle man to communicate with our injected script.

Accomplishments that we're proud of

It works!

What we learned

This was our first encounter with chrome extensions and React.

What's next for Encrypted Messenger

We'd love to make it easier to upload and verify PGP keys.

Share this project: