https://github.com/mpgn/discord-e2e-encryption

:key: Tampermonkey script that encrypt and decrypt your messages on Discord :key:
https://github.com/mpgn/discord-e2e-encryption

discord discord-js encryption end-to-end-encryption greasemonkey tampermonkey

Last synced: 4 days ago
JSON representation

:key: Tampermonkey script that encrypt and decrypt your messages on Discord :key:

• Host: GitHub
• URL: https://github.com/mpgn/discord-e2e-encryption
• Owner: mpgn
• License: gpl-3.0
• Created: 2019-01-11T17:41:22.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2019-08-01T12:44:21.000Z (over 5 years ago)
• Last Synced: 2025-03-25T20:15:31.531Z (21 days ago)
• Topics: discord, discord-js, encryption, end-to-end-encryption, greasemonkey, tampermonkey
• Language: JavaScript
• Homepage:
• Size: 46.9 KB
• Stars: 89
• Watchers: 3
• Forks: 9
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• Awesome - Discord-e2e-encryption - Tampermonkey script that encrypt and decrypt your messages on Discord (Communication and Collaboration Tools)
• Crypto-OpSec-SelfGuard-RoadMap - Discord e2e encryption
• Crypto-OpSec-SelfGuard-RoadMap - Discord e2e encryption

README

        
# Discord End-to-End encryption 

Script developed to encrypt your messages on the client side before sending them to a discord channel. This way, discord only see encrypted data and cannot decrypt them without the secret key. Of course, users should also have this script and the secret key to decrypt the data. The script is intended to be used with tampermonkey or greasemonkey addon on Discord for browser.

![ecnrypt-discord6](https://user-images.githubusercontent.com/5891788/51050102-fc7d6280-15cf-11e9-8346-24e8c81ed743.gif)

This script play with the DOM of the document, checking on modifying element on the client side before beeing sended to the server.

**The script is pure Javascript, no external librairies are loaded**

**Tested on Firefox with Greasmonkey and Chrome with Tampermonkey** 

### Demo

1. You can join this Discord and follow the inscruction to add the keys into tampermonkey https://discord.gg/g9teQ2N

2. Add the `discord-e2e.js` to tampermonkey or greasemonkey

2. Once the script is installed you should be able to decrypt the data

### Send encrypted messages

1. Type some text

2. Press ENTER, you should see that now the text is encoded in base64

3. Press SPACE then ENTER on the keyboard

4. Done

### Add the tampermonkey script

1. Install the addon Tampermonkey for Chrome or Greasemonkey for Firefox

2. Open the Dashboard addon

3. Click on the button "+" or "Add script"

4. Copy past the content of the file `discord-e2e.js`

5. Go to discord and test the demo ! 

### How data are encrypted ?

The data are encrypted with the librairy [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) with the algorithm **AES-GCM**. The secret key is generated by `window.crypto.subtle.generateKey` with a length of 256. Everytime your type something on the textarea and press ENTER, the content of the textarea is encrypted, then the value of the textarea is modify with the encrypted data and encoded in base64. Therefore Discord only see when you are typing but not the content.

Only people with the same key can decrypt the data.

### Can I set several keys for multiple channel ?

Yes, you can set as many keys you want.  A key is linked to channel like this 

```javascript

var keyStorage = [{

        'channel':'channel/path/',

        'key': 'YOUR_KEY',

        'iv': iv

}]

```

### Is this working for private message ?

Yes, this is also working for private message :)

### Where all the keys are stored ?

There isn't good solution on the client side to store sensitive information. The keys are stored in the tampermonkey script itself. It shouldn't be possible to retrieve the keys directly without an access to the computer (or browser exploit ?).

If anyone has a better idea, submit an issue or come chat to Discord.

### What about the attachement ?

Currently **attachements are not encrypted**, if anyone has an idea, I'm curious :)

### Generate new key

1. Open your browser

2. Display to Developer Console: F12 or Ctrl-Shift-I

3. Copy-Past the content of `generate-key.js`

![image](https://user-images.githubusercontent.com/5891788/51043159-4bba9780-15be-11e9-92d7-1f6e54038703.png)

4. Copy the key paramter (in blue on the screenshot)

5. Open the script in tampermonkey and add the key into the array `keyStorage` : 

```javascript

var keyStorage = [

    {

        'channel':'/channels/495699373863338003/533030226402476032', // replace by your channel path

        'key': 'YOUR_KEY',

        'iv': new Uint8Array([188, 185, 57, 146, 246, 194, 114, 34, 12, 80, 198, 77])

    },

    {

        'channel':'/channels/495699373863338003/533248362879778818', // another channel

        'key': 'YOUR_KEY_2',

        'iv': new Uint8Array([188, 185, 57, 146, 246, 194, 114, 34, 12, 80, 198, 77])

    }

]

```

6. Add the channel path

7. Share **securely** the key with others

**Note**: you can set different key for different channel. If a key is lost, the data cannot be retrieve.

### How to prevent someone with the key to read the messages ?

Tow solutions:

1. If you give the keys to someone but you don't want him to be able to decrypt the data, just simply change the key. But **you will be not able** to view the data encrypted with the previous key.

2. Remove the user from the Discord channel, simple and efficient

### Compatibilty

This is only for Discord on browser https://discordapp.com with Chrome for Firefox and addon tampermonkey/greasemonkey

### Improvement

- Encrypt attachement

- Better key management (any idea)

- Check if DOM changed before anything else