Peer authenticated WebRTC.

salman 2f6839e133 server: disable websocket compression because safari is broken 2 weeks ago
cmd 2f6839e133 server: disable websocket compression because safari is broken 2 weeks ago
web 0dcba5cf52 web: fix field names as received from Go (#101) 1 year ago
webdriver 3858d8093c add first (bad) attempt at selenium/webdriver test 1 year ago
wordlist 8bdbda0673 wordlist: add number-soundex encoding as a fallback 2 years ago
wormhole e6a5350743 cmd: use apropriate code for closing websocket 1 year ago
.gitignore 28c6c7312f web: declutter web directory 1 year ago
Dockerfile 7b72014a8a web: apply js formatting 1 year ago
LICENSE 9105c29ef8 fix spelling in LICENSE 1 year ago
Makefile 7b72014a8a web: apply js formatting 1 year ago
README c6b8ea0e6b readme: typos 1 year ago
go.mod 7ea0aa7d61 build(deps): bump from 3.0.1 to 3.0.15 (#100) 1 year ago
go.sum 7ea0aa7d61 build(deps): bump from 3.0.1 to 3.0.15 (#100) 1 year ago



WebWormhole creates ephemeral pipes between computers to send files
or other data. Try it at or on the command

On one computer the tool generates a one-time code:

$ cat hello.txt
hello, world
$ ww send hello.txt

On another use the code to establish a connection:

$ ww receive east-pep-aloe
$ cat hello.txt
hello, world

To install the command line tool:

$ go install

This requires Go 1.13 or newer.

To run the signalling server you need to compile the WebAssembly
files first.

$ make wasm
$ ww server -https= -http=localhost:8000

To package the browser extension for Firefox or Chrome:

$ make

WebWormhole is inspired by and uses a model very similar to that
of Magic Wormhole.

It differs in that it uses WebRTC to make its connections. This
allows us to make use of WebRTC's NAT traversal tricks, as well as
the fact that it can be used in browsers. The exchange of session
descriptions (offers and answers) is protected by PAKE (we use
CPace) and a generated random password, similar to Magic Wormhole.
The session descriptions include the fingerprints of the DTLS
certificates that WebRTC uses to secure its communications.

The author operates the signalling server at, its
alias, and a relay server. These are free to use but
come with no SLAs or any guarantees of uptime. They facilitate
establishing connections between peers, but do not handle any
transferred data in cleartext.

The protocol does not need to trust the signalling server to maintain
the confidentiality of the files transferred. However, the convenience
of using the web client directly on comes at the
cost of having to trust the code it serves. If the server is ever
compromised it can be used inject malicious code that undermines
the security of the client. To mitigate this, you can have more
control over which version of the client you run by using the command
line client or the browser extension. The extension is identical
to the web client, but packaged for Chrome and Firefox, loads no
remote code, and requires no permissions:

Unless otherwise noted, the source files in this repository are
distributed under the BSD-style license found in the LICENSE file.

Frequently asked questions

Is it compatible with magic-wormhole?

It is not. Maybe one day.

This project started as a UI for magic-wormhole, but drifted
away when I wanted to experiment with the PAKE used, the
protocol, and the word lists.

Why CPace and not another PAKE algorithm?

CPace and PAKE2 were the finalists for CFRG PAKE selection
process (, so it was
going to be one of the two.

CPace (
looked nice and simple to implement, and there wasn't a
CPace Go package at the time, so it was a good opportunity
and a learning exercise to write one. I ended up nerd-sniping
Filippo instead and he beat me to write

Why not the PGP word list?

The PGP word list (
is quite good as far as unambiguity goes. However, a few
word combinations do make some unsavoury phrases. I switched
to a word list that is more agreeable.

Also, it would be nice to experiment with localised word

Don't you have to trust the web server anyway? What's the point of
the PAKE?

Yes and no. The application itself, because of the PAKE,
does not need to trust the signalling server. You can install
the command line tool, the browser extension, or host the
web application's files yourself and not have to trust the
signalling server at all. There's also a mobile app version
in the works.

The web version hosted on exists as a middle
ground between convenience and security. Like any other
website you visit, you do have to trust it's not running
any malicious code in your browser.