🔒 Iris
End-to-End Encrypted Secure Transfer Tool
📤 Send Content
Your Room Code:
——
Share this code with the receiver
📡 Connection Status:
Waiting for receiver to join...
Drag files here or click to select
Max 10MB per file
📥 Receive Content
Waiting for code input...
Receive Progress
Ready to receive...
📝 Received Content
🔐 Security Verification
⚠️ Important:
Verify that the 4 emojis below match exactly with the other party. If
they don't match, the connection may be under a man-in-the-middle
attack. Disconnect immediately!
🙂🙂🙂🙂
Verify emojis through a separate secure channel (phone call, in person, etc.)
❓ Frequently Asked Questions
🔒 How does Iris ensure security?
Iris uses WebRTC technology to establish end-to-end encrypted connections. Data is transmitted directly between your device and the other party's device, without passing through any intermediate servers. All transferred content is encrypted using the DTLS-SRTP protocol, making it impossible even for network operators to eavesdrop.
📡 What is a "short code"? Is it secure?
A short code is a 6-digit number used to establish the initial connection between two devices. It is stored in Cloudflare KV for only 5 minutes and can only be used once. The short code itself does not contain any transferred content; it is only used to exchange encrypted connection information (SDP).
🎭 Why verify emoji?
Emoji verification (SAS - Short Authentication String) is a security mechanism to prevent man-in-the-middle attacks. It is generated based on encryption keys, and both parties must see the same emojis. If someone attempts to intercept the connection, the emojis will not match. This is standard practice in secure communication tools like Matrix and Signal.
🌐 Does data pass through servers?
No. Cloudflare Worker only handles signaling (exchanging connection information). Once the P2P connection is established, all data is transmitted directly between the two devices. The server never sees your transferred content.
📦 What file size is supported?
Single files should not exceed 10MB. Iris is primarily designed for transferring small sensitive data like passwords, private keys, and mnemonics. For large file transfers, consider using dedicated file transfer tools.
🕒 Do short codes expire?
Yes. Short codes are valid for 5 minutes after creation and can only be used once. Once the receiver uses the short code to establish a connection, the code immediately expires and cannot be reused by others.
❌ What if connection fails?
Connection failures may be due to:
1. Strict firewall or NAT restrictions (corporate networks, some
mobile networks)
2. Incorrect or expired short code
3. Unstable network
Solutions: Verify the code, switch to a more open network
environment (4G/5G or home WiFi), or refresh and retry.
🌍 Does it support international transfers?
Yes! WebRTC automatically attempts to establish the best connection path. Even if two devices are in different countries, a connection can be established as long as the network allows it. However, cross-border transfer speeds may be affected by network quality.
💡 What scenarios is Iris best suited for?
Iris is particularly suitable for:
• Sending passwords and API keys to others
• Transferring cryptocurrency private keys and mnemonics
• Sharing sensitive configuration files
• Temporarily transferring small files without uploading to the
cloud
• Any scenario requiring end-to-end encryption with no trace
🔧 What is the tech stack?
Frontend: Vanilla JavaScript + Pico.css
Transfer: WebRTC DataChannel (DTLS-SRTP encryption)
Signaling Server: Cloudflare Workers + KV
STUN Servers: Cloudflare and Twilio
Fully open source and self-deployable.