Cherry2Cherry connects two devices directly over an encrypted peer-to-peer line — no chat server ever sees your messages, because there isn't one.
Every feature exists to keep your conversation between the two of you — not to collect it, back it up, or route it through anyone else.
Every message and image is encrypted on your device before it ever leaves it, using fresh keys generated new each session.
No internet at all, if you don't want it — exchange a short code by hand or QR to link two devices on the same network.
Nothing to sign up for. Your identifier is a random string generated fresh each time you open the app — never tied to who you are.
Images are compressed and encrypted the same way as text, right in your browser, before they're sent.
Dark, Light, or Cherry — pick the theme that fits your eyes and your mood, not just the operating system default.
Cherry2Cherry is a single HTML file. Nothing to install, nothing hosted by us — you can even run it straight off your own device.
Every connection follows the same short path, whether you're online or completely offline.
Send your short connection ID — by text, QR code, or a hand-typed offline invite — to the person you want to talk to.
Once linked, both screens show a matching code. Read it out on a call or in person to confirm no one's in the middle.
From here every message and photo travels straight between your two devices, encrypted the whole way.
Cherry2Cherry is built so you can check its claims yourself, not just read them.
Only ever get Cherry2Cherry from this page or the official hosted link. If you received a copy some other way, check its checksum against the ones below before you trust it — if even one character doesn't match, the file has been altered and you shouldn't run it. These are published here, separately from the file itself, precisely so a tampered copy can't also fake its own "official" checksum.
f5b22d2013a441d0873012fd56cf6994aa3fe200ac4e5c678b0f823ebda783ec
80b31108adae3383086042ccc39fb90ddf43923ee7785018ffde58c75598c40d
a377a4cbaefdde07aa63a585e3ce0c3d9e39b02ce4383c3580076f119b91c068
3a30a900c65f531fa54c6bd79387e22be27b0a3eec05b3f276120c6c6785b8c8
If you have a genuine copy from before this update — a CD burned earlier, for instance — it's still officially valid. It'll match a v0.1.6 checksum here, not the current one, and that's expected: the app's own checker recognizes older official releases too, not just the latest.
Mac / Linux: shasum -a 256 cherry2cherry.html
Windows (PowerShell): certutil -hashfile cherry2cherry.html SHA256
These checksums are for v0.1.7 specifically — any future update to the file will have a different one. Whoever publishes a new version should update this list at the same time.
The app itself can also check this for you automatically — the "Verify this copy" button on its Me tab compares its own checksum against checksums.json, hosted alongside this page. Keep that file updated too whenever a new version goes out.
Because Cherry2Cherry is just one self-contained HTML file, it works exactly the same burned onto a CD as it does downloaded or hosted. That's a genuine extra layer of security, not just a novelty: a finalized CD is physically read-only — once it's burned, nothing on the network, and no one with remote access to a server, can silently alter the copy sitting on that disc. The only way to change what's on it is to physically have it and burn a new one. Combined with the checksum above, a CD copy is about as tamper-evident as a copy of this app can get.
Tell us a bit about you and we'll get the download over to you.