group chat is still a work-in-progress, but it’ll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.

when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.

the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a “known-peer”, the keys can be used for a kind-of p2p authentication.

all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.

for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication

That’s right. It’s using peerjs-server as the connection broker.