About Chat
How does it work?
The latest version of X includes a beta of the new Direct Messaging feature (“Chat”). When entering Chat for the first time, a private-public key pair is created specific to each user. Users are prompted to enter a PIN (which never leaves the device), which is used to keep the private key securely stored on X’s infrastructure. This private key can then be recovered from any device if the user knows that PIN. In addition to the private-public key pairs, there is a per-conversation key that is used to encrypt the content of the messages. The private-public key pairs are used to exchange the conversation key securely between participating users.
We employ a combination of strong cryptographic schemes to encrypt every single message, link, and reaction that are part of an encrypted conversation before they leave the sender’s device and remain encrypted while stored on X’s infrastructure. Once messages are received by the recipient devices, they are decrypted so that they can be read by the user.
We aim to open source our implementation and describe the encryption technology in depth through a technical whitepaper later this year.
What about my old messages?
Your previous messages will still be available in your inbox, but they will not be encrypted. Once the user you are chatting with registers for Chat, the conversation will be upgraded to an encrypted chat and only messages sent going forward will be encrypted.
Who is eligible for Chat?
Users need to satisfy the following conditions in order to send and receive Encrypted Direct Messages:
- Both sender and recipient are on the latest X iOS or Android apps or on Web; and
- Recipient
- follows or subscribes to the sender, has sent a message to sender previously, or has accepted an Encrypted Direct Message from the sender before; or
- is a member of the same Premium Business or Premium Organization as sender.
Users may be able to send an unencrypted message request to another user that they do not follow if such other user:
Has opted to receive Encrypted Direct Messages from anyone; or
Is Verified and has opted in to receive Encrypted Direct Messages from other Verified users (and the sender is a Verified user).
How to send an encrypted message?
Tap the compose message button and search for a recipient. Compose a message and click send.
If a message request is sent to another user, these requests are kept separate from other messages until you accept them, similar to legacy DMs. A user can accept the request to continue the conversation, ignore the conversation, or block the user.
If the user you are messaging has not registered for Chat, they will not have a public key, so the message will be sent unencrypted. When creating a new Chat, this will be communicated by an unlock icon next to the send button.
Registration / Unregistration
Users can register for Chat by entering the Chat tab from the dash menu or the messages tab in the toolbar, and following the instructions. This will initiate the creation of a public-private key pair which can then be retrieved from any device. To remove your private key from a device, log out of the account.
Limitations
We welcome feedback and are actively working on improving every aspect of the product, from user experience to protocol security.
Unlike before, group messages and media can now be encrypted.
Content
The contents of an Encrypted Direct Message are always encrypted, including any links, media, or files. Reactions to Encrypted Direct Messages are also encrypted. It is important to note that while the message content itself is encrypted, associated metadata (e.g., recipient, creation time, etc.) is not. If Posts are shared in an encrypted chat, X will have a record that those Posts were shared.
New devices
There is no limit to the number of devices that can use Chat on X.
Safety numbers
Safety numbers are a way for you to verify your Chat is with who you think it is. Compare safety numbers with anyone you have a Chat with. They should match!
On the technical side, the safety number is derived with the public key from both people in the Chat. Every message is signed with the other person's public key, meaning that if the safety numbers match, the messages could not have come from anyone else.
Reporting
Currently, it is not possible to report an Encrypted Direct Message to X due to the encrypted nature of the conversation. If you encounter an issue with an encrypted conversation participant, we suggest you file a report about the account itself and our team will take a look.
To prevent someone from sending you Encrypted Direct Messages, do not follow them or, if you already have had a Direct Message conversation with that user, block them.
Logout and key backup
If at any time you log out from X, all messages including Encrypted Direct Messages on your current device will be deleted; this will not impact any other devices on which you are logged in.
Upon logging out, X will erase any private keys and conversation keys, unless you have used the device-managed passcode option - in which case the passcode is stored on your iCloud Keychain (for iOS devices only). If you log back in on the same device, your device will be able to re-fetch and decrypt the encrypted conversations using the private key that the device had access to before logging out.
If you cannot remember the passcode you can reset it from any device which you are already using Chat from. If unable to reset from a logged in device, you will not be able to recover your encrypted conversation history. We will be improving this limitation in the near future.
Forward secrecy
If the private key of a registered device is compromised, an attacker would be able to decrypt all Encrypted Direct Messages that were sent and received by that device. In other words, this implementation is not “forward secure.” We are working on mechanisms to allow private key rotation to offer some forward security in the future.
Encrypted message deletion
Chat allows users to “unsend” a message, which will remove it from the recipient’s inbox. This is only possible for encrypted messages. Deleting or leaving an encrypted conversation will not prevent the other person from sending you a DM (encrypted or not) in the future.
When you delete an encrypted message or conversation (sent or received), the data will be instantly deleted from your device (and soon after, from all your other devices). You will no longer be able to view it. Note that the recipient may still be able to see the encrypted message or conversation you have deleted.
Disappearing encrypted messages
Chat offers a new feature called Disappearing messages, which allows a user to select a duration, after which messages will be deleted from the device and X’s servers. To set the duration, navigate to the conversation info screen and tap the “Disappearing messages” menu.
Edit with Grok / Ask Grok / Grok Companions
You can edit an image with Grok or ask Grok to analyze your message. Select the image or message and pull up the context menu. Select ‘Ask Grok’ to open the selected image or message in the Grok tab. Note that once you send to Grok, that image or text is no longer encrypted (the contents within the original conversation are still encrypted).
On Chat, you can also chat with a Grok Companion. While end-to-end encrypted, ultimately Grok will need to decrypt your message in order for theCompanion to read your message and respond. You can read more about Grok here (https://help.x.com/en/using-x/about-grok).
Where are my private keys stored?
End-to-end encrypted chats on X require each user to have a private-public key pair. This key pair helps securely exchange conversation secrets that encrypt your messages from sender to recipient. A primary challenge with end-to-end encryption is safely storing the private key - access to it would allow someone to read your messages.
Many apps store private keys only on your device, but this can make it difficult to access your chats seamlessly across multiple devices, which isn't the experience most X users expect.
To address this, X uses the open-source Juicebox protocol to securely store your private key in the cloud while keeping it protected. The Juicebox protocol splits your secret key into multiple shares, which are stored across independent servers (called "realms"). Your key can only be recovered using the PIN you set when enabling encrypted chats - this PIN never leaves your device.
In X's implementation:
Your key shares are stored across three Juicebox realms, all currently operated by X.
Two of these are hardware-backed realms that use Hardware Security Modules (HSMs) to encrypt your data before it's stored.
Recovering your key requires at least two of the three shares, ensuring that at least one always comes from a hardware-backed realm for added security.
We've published details about the key setup ceremony for these hardware realms here: Chat HSM Realm Key Ceremony.
Can X access my chats by guessing my PIN?
No. The Juicebox protocol is designed to prevent brute-force attacks, even if someone controls all the realms.
Hardware-backed realms include a built-in guess counter with a strict limit. For X chats, this limit is set to 20 incorrect attempts. After the limit is reached, the key shares become permanently inaccessible. This protection is cryptographically enforced using a Merkle tree structure, where the root is securely stored in the HSM's protected enclave. The software running on the HSMs is open sourced here: https://github.com/juicebox-systems/juicebox-hsm-realm.
This means that even X cannot guess or brute-force your PIN to recover your private key and access your chats.
In the future, we plan to give users more options, such as choosing realms operated by different organizations to further distribute trust and self-custody of keys.
For more technical details on the Juicebox protocol, visit juicebox.xyz/blog.
Is the X Chat protocol secure?
The X Chat protocol has been audited by a 3rd party, the findings have been published here: https://github.com/trailofbits/publications/blob/master/reviews/2025-10-x-xchat-securityreview.pdf
Questions?
Post us @XEng!