HitMeUp
100% Zero-Knowledge & End-to-End Encrypted

Send Encrypted Messages
Directly on GitHub Profiles

HitMeUp integrates seamlessly into GitHub, letting you start secure conversations with developers right where you find their code. No server can read your messages.

live_demo_profile_chat.sh
👨‍💻
Alex Johnson
alexdev
Core systems engineer. Building compilers and cryptographic runtimes. Open to collaborations!
Message @alexdev E2EE Active
@alexdev
Hi! I saw your recent contributions. Would you be down to join our core compiler team?

Built with Developers & Privacy in Mind

End-to-End Encrypted

All chats are encrypted locally on your device before sending using Web Crypto standards. The server only handles ciphertexts and never sees your raw messages.

Multi-Device Backup Vault

Private keys are protected by your secure vault PIN, PBKDF2-derived keys, and stored securely as encrypted blobs. Sync your keys across browsers without compromising E2EE.

Integrated Profile Buttons

HitMeUp injects action buttons ("Message", "Inbox") directly onto GitHub user profile pages, blending seamlessly with the default GitHub layout.

Real-time Notifications

Never miss a message. The extension polls safely in the background and renders notification badges on the Inbox button directly inside GitHub.

Developer-First Formatting

Send snippets using standard markdown tags like [CODE:js]console.log("hello");[/CODE] and embed base64/HTTPS images safely inside bubble chats.

Ephemeral Typing Indicators

Real-time indicators show when your partner is typing. Status entries live in memory and are discarded instantly once messaging ends.

Security Architecture

HitMeUp runs a Zero-Knowledge backend. We believe developers deserve secure channels without sacrificing the convenience of profile pages.

All operations are handled directly inside your browser sandbox via standard Web Crypto APIs, making it impossible for the API server or Supabase databases to intercept your keys or chats.

P-256 ECDH AES-256-GCM PBKDF2 600,000 Iterations Web Crypto API
1

Key Generation

A P-256 ECDH asymmetric key pair is generated locally on your browser. The private key never leaves your device unencrypted.

2

Shared Key Derivation

When you start messaging, your private key and the receiver's public key are used to compute a unique, shared symmetric key using Elliptic Curve Diffie-Hellman.

3

AES-GCM Encryption

The message text, code blocks, or images are encrypted locally using AES-256-GCM. The encrypted ciphertext blob is uploaded to the backend server.

4

Secure Vault Sync

To access chats on other devices, your private key is encrypted with an AES key derived from your custom PIN via PBKDF2 (600,000 iterations + salt) and stored as a backup blob.

Extension Added!

HitMeUp for GitHub has been successfully installed. Refresh GitHub to start messaging.