diff --git a/next.config.js b/next.config.js index 16538a4..240e214 100644 --- a/next.config.js +++ b/next.config.js @@ -1,3 +1,19 @@ +// Security headers applied to every response. We deliberately do NOT set a +// restrictive script-src/style-src CSP here: the app relies on inline styles, +// Next.js inline bootstrap scripts, the crawlproof.com analytics script, and +// Supabase image/websocket origins, so an enforcing CSP would break it. We only +// set `frame-ancestors` (clickjacking protection) plus the other low-risk +// hardening headers. HSTS only affects HTTPS responses (ignored over the Tor +// http onion service, which is fine). +const securityHeaders = [ + { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' }, + { key: 'X-Content-Type-Options', value: 'nosniff' }, + { key: 'X-Frame-Options', value: 'SAMEORIGIN' }, + { key: 'Content-Security-Policy', value: "frame-ancestors 'self'" }, + { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' }, + { key: 'Permissions-Policy', value: 'geolocation=(), browsing-topics=()' }, +]; + /** @type {import('next').NextConfig} */ const nextConfig = { reactStrictMode: true, @@ -6,6 +22,9 @@ const nextConfig = { eslint: { ignoreDuringBuilds: true, }, + async headers() { + return [{ source: '/:path*', headers: securityHeaders }]; + }, }; export default nextConfig; diff --git a/public/llms-full.txt b/public/llms-full.txt new file mode 100644 index 0000000..614435f --- /dev/null +++ b/public/llms-full.txt @@ -0,0 +1,91 @@ +# QryptChat — Full Content + +> Quantum-resistant, end-to-end encrypted messaging by Profullstack, Inc. +> Concatenated Markdown of the key public pages for LLM/RAG ingestion. + +## Home + +QryptChat is quantum-resistant, end-to-end encrypted messaging. It uses NIST-approved +post-quantum algorithms — ML-KEM-1024 (CRYSTALS-Kyber) for key encapsulation and +CRYSTALS-Dilithium for digital signatures — to protect messages, files, and calls against +both current attackers and future quantum computers. It is free, open source (MIT), +self-hostable, and accessible over Tor. + +How it works: + +1. Register with a phone number. A one-time SMS code verifies you — no email and no password. +2. Keys are generated on your device. Your ML-KEM-1024 key pair never leaves your device, so + QryptChat cannot read your messages (zero-knowledge architecture). +3. Every message is encrypted end-to-end — text, files, and voice & video calls. +4. Stay private everywhere: use the web app or the Tor onion service, and self-host from the + open-source repository. + +Built for privacy-conscious individuals, journalists, activists, and security-minded teams. + +## About + +QryptChat is built by Profullstack, Inc. (founded 2024). Team: Anthony Ettinger +(Founder & Developer) and mrpthedev (Developer). Mission: make communication that stays +private for decades using cryptography already standardized by NIST, kept open source so it +can be independently verified and self-hosted. + +## Security + +- Key encapsulation: ML-KEM-1024 (CRYSTALS-Kyber), NIST FIPS 203. +- Digital signatures: CRYSTALS-Dilithium (ML-DSA), NIST FIPS 204. +- Coverage: text messages, file transfers, and 1:1 and group voice & video calls are end-to-end encrypted. +- Key custody: private keys are created and stored on-device; the server only ever sees ciphertext. +- Why post-quantum: defends against "harvest now, decrypt later" attacks. +- Privacy & resilience: phone-number auth (no email/password), no ads or trackers, Tor access, + a public warrant canary, and MIT-licensed self-hostable source. +- Responsible disclosure: security@qrypt.chat and /.well-known/security.txt. + +## Pricing & Premium + +QryptChat is free and open source (MIT). All core messaging, calling, and encryption features +are free, and you can self-host. An optional paid Premium tier is in development. + +| Feature | Free | Premium (coming soon) | +| --- | --- | --- | +| Post-quantum end-to-end encryption | yes | yes | +| Encrypted voice & video calls | yes | yes | +| Disappearing messages & file sharing | yes | yes | +| Tor access & self-hosting | yes | yes | +| Price | $0 forever | TBA | + +## FAQ + +Q: Is QryptChat free? +A: Yes — free and open source (MIT). Optional Premium tier is in development. + +Q: What platforms does QryptChat run on? +A: Any modern web browser, plus installable as a PWA on Android, iOS, and desktop, and reachable over Tor. + +Q: What makes QryptChat quantum-resistant? +A: It encrypts with ML-KEM-1024 (CRYSTALS-Kyber) and CRYSTALS-Dilithium, protecting against +"harvest now, decrypt later" attacks. + +Q: How is QryptChat different from Signal? +A: It uses post-quantum cryptography by design, is MIT-licensed and self-hostable, and is accessible over Tor. + +Q: Does QryptChat require an email or password? +A: No — sign up with a phone number and an SMS code. + +Q: Can I self-host QryptChat? +A: Yes — https://github.com/profullstack/qryptchat-web + +Q: Can QryptChat read my messages? +A: No — keys are generated on your device and the server only handles ciphertext. + +## Company + +- Name: Profullstack, Inc. +- Product: QryptChat +- Founded: 2024 +- Team: Anthony Ettinger (Founder & Developer), mrpthedev (Developer) +- Support: support@qrypt.chat +- Security: security@qrypt.chat +- Business: business@qrypt.chat +- GitHub: https://github.com/profullstack/qryptchat-web +- License: MIT +- Pricing: Free / open source diff --git a/public/llms.txt b/public/llms.txt index 13e34f5..be69944 100644 --- a/public/llms.txt +++ b/public/llms.txt @@ -9,6 +9,8 @@ QryptChat uses NIST-approved post-quantum algorithms (ML-KEM-1024 / CRYSTALS-Kyb - [Home](https://qrypt.chat/) — Product overview and feature highlights - [About](https://qrypt.chat/about) — Mission, team, and differentiators - [Security](https://qrypt.chat/security) — Encryption algorithms, zero-knowledge architecture, audit status +- [FAQ](https://qrypt.chat/faq) — Common questions about pricing, platforms, and post-quantum encryption +- [Pricing & Premium](https://qrypt.chat/premium) — Free vs. Premium tiers (free and open source) - [Encryption Test](https://qrypt.chat/encryption-test) — Live ML-KEM-1024 demo in the browser - [Contact](https://qrypt.chat/contact) — Support, security, and business contact emails - [Privacy Policy](https://qrypt.chat/privacy) — Data minimization, GDPR rights, no ads or tracking diff --git a/src/app/about/page.jsx b/src/app/about/page.jsx index dbb35c7..3ee2f6f 100644 --- a/src/app/about/page.jsx +++ b/src/app/about/page.jsx @@ -1,9 +1,55 @@ +export const metadata = { + title: 'About', + description: + 'QryptChat is quantum-resistant, end-to-end encrypted messaging by Profullstack, Inc. Learn about our mission, our team, and why we built a post-quantum messenger.', + alternates: { canonical: '/about' }, + openGraph: { url: '/about', title: 'About QryptChat' }, +}; + +const containerStyle = { padding: '4rem 0', maxWidth: '760px' }; +const paraStyle = { fontSize: '1.0625rem', lineHeight: 1.8, color: 'var(--color-text-secondary)', margin: '0 0 1.25rem' }; +const h2Style = { fontSize: '1.5rem', fontWeight: 700, margin: '2.5rem 0 1rem' }; + export default function AboutPage() { return ( -
-

About QryptChat

-

- QryptChat is a quantum-resistant, end-to-end encrypted messaging platform. Built with ML-KEM-1024 (CRYSTALS-Kyber) and CRYSTALS-Dilithium — NIST-approved post-quantum algorithms — your conversations are safe against both current and future threats including quantum computers. +

+

About QryptChat

+ +

+ QryptChat is a quantum-resistant, end-to-end encrypted messaging platform built by{' '} + Profullstack, Inc. (founded 2024). It uses ML-KEM-1024 (CRYSTALS-Kyber) and + CRYSTALS-Dilithium — NIST-approved post-quantum algorithms — so your conversations stay private + against both today's attackers and tomorrow's quantum computers. +

+ +

Our mission

+

+ Most messengers were designed for a world without quantum computers. Encrypted traffic captured + today can be stored and decrypted later once large-scale quantum hardware arrives — a + “harvest now, decrypt later” attack. Our mission is to make communication that is + private not just today but decades from now, using cryptography that is already standardized by + NIST, and to keep it open source so anyone can verify and self-host it. +

+ +

What makes QryptChat different

+ + +

Team

+ + +

+ QryptChat is free and open source. See the code on{' '} + GitHub, + read our security overview, or get in touch.

); diff --git a/src/app/blog/[slug]/page.jsx b/src/app/blog/[slug]/page.jsx index c7a03d3..9acb193 100644 --- a/src/app/blog/[slug]/page.jsx +++ b/src/app/blog/[slug]/page.jsx @@ -41,7 +41,14 @@ export default async function BlogPostPage({ params }) { '@type': 'BlogPosting', headline: post.title, datePublished: post.date, + dateModified: post.date, + ...(post.excerpt ? { description: post.excerpt } : {}), author: { '@type': 'Organization', name: 'QryptChat' }, + publisher: { + '@type': 'Organization', + name: 'Profullstack, Inc.', + logo: { '@type': 'ImageObject', url: `${siteUrl}/logo.svg` }, + }, mainEntityOfPage: `${siteUrl}/blog/${post.slug}`, ...(post.image_url ? { image: [post.image_url] } : {}), }), @@ -51,7 +58,7 @@ export default async function BlogPostPage({ params }) {

{post.title}

{post.image_url && ( // eslint-disable-next-line @next/next/no-img-element - + {post.title} )} {post.html ? (
{p.image_url ? ( // eslint-disable-next-line @next/next/no-img-element - ) : (
diff --git a/src/app/contact/page.jsx b/src/app/contact/page.jsx index 8904c7b..f2127eb 100644 --- a/src/app/contact/page.jsx +++ b/src/app/contact/page.jsx @@ -1,9 +1,33 @@ +export const metadata = { + title: 'Contact', + description: 'How to reach QryptChat — support, security, and business contacts, plus our Discord community.', + alternates: { canonical: '/contact' }, + openGraph: { url: '/contact', title: 'Contact QryptChat' }, +}; + +const containerStyle = { padding: '4rem 0', maxWidth: '760px' }; +const paraStyle = { fontSize: '1.0625rem', lineHeight: 1.8, color: 'var(--color-text-secondary)', margin: '0 0 0.75rem' }; + export default function ContactPage() { return ( -
-

Contact

-

Email: hello@profullstack.com

-

Discord: discord.gg/w5nHdzpQ29

+
+

Contact

+ +

+ Support: support@qrypt.chat +

+

+ Security & responsible disclosure: security@qrypt.chat +

+

+ Business & partnerships: business@qrypt.chat +

+

+ General: hello@profullstack.com +

+

+ Discord: discord.gg/w5nHdzpQ29 +

); } diff --git a/src/app/faq/page.jsx b/src/app/faq/page.jsx new file mode 100644 index 0000000..797de0b --- /dev/null +++ b/src/app/faq/page.jsx @@ -0,0 +1,68 @@ +export const metadata = { + title: 'FAQ', + description: + 'Frequently asked questions about QryptChat: is it free, what platforms it runs on, how post-quantum encryption works, whether you can self-host, and how it compares to Signal.', + alternates: { canonical: '/faq' }, + openGraph: { url: '/faq', title: 'QryptChat FAQ' }, +}; + +const faqs = [ + { + q: 'Is QryptChat free?', + a: 'Yes. QryptChat is free and open source under the MIT license. All core messaging, calling, and encryption features are available at no cost, and you can self-host it. An optional paid Premium tier is in development.', + }, + { + q: 'What platforms does QryptChat run on?', + a: 'QryptChat runs in any modern web browser and installs as a Progressive Web App on Android, iOS, and desktop. It is also reachable as a Tor hidden service.', + }, + { + q: 'What makes QryptChat quantum-resistant?', + a: 'QryptChat encrypts messages, files, and calls with NIST-approved post-quantum algorithms: ML-KEM-1024 (CRYSTALS-Kyber) for key encapsulation and CRYSTALS-Dilithium for digital signatures. These protect against "harvest now, decrypt later" attacks where traffic recorded today is decrypted once quantum computers exist.', + }, + { + q: 'How is QryptChat different from Signal?', + a: 'Like Signal, QryptChat offers end-to-end encrypted messaging and calls with phone-number sign-up. The key difference is that QryptChat uses post-quantum cryptography (ML-KEM-1024 and CRYSTALS-Dilithium) by design, is MIT-licensed and self-hostable, and is accessible over Tor.', + }, + { + q: 'Does QryptChat require an email address or password?', + a: 'No. You register with a phone number and a one-time SMS verification code. There is no password to leak and no email address to collect.', + }, + { + q: 'Can I self-host QryptChat?', + a: 'Yes. QryptChat is open source and self-hostable. The full source code is available at github.com/profullstack/qryptchat-web.', + }, + { + q: 'Can QryptChat read my messages?', + a: 'No. Encryption keys are generated on your device and never sent to our servers, so QryptChat operates on a zero-knowledge basis and only ever handles ciphertext.', + }, +]; + +const faqJsonLd = { + '@context': 'https://schema.org', + '@type': 'FAQPage', + mainEntity: faqs.map(({ q, a }) => ({ + '@type': 'Question', + name: q, + acceptedAnswer: { '@type': 'Answer', text: a }, + })), +}; + +const containerStyle = { padding: '4rem 0', maxWidth: '760px' }; + +export default function FaqPage() { + return ( +
+