kryptoman
kryptoman
kryptoman
kryptoman is free, end-to-end encrypted messaging that talks in QR codes, not network packets. Two phones trade Double-Ratchet–encrypted messages by showing and scanning codes on screen — so the device holding your keys never needs a SIM, Wi-Fi, or Bluetooth. No servers. No accounts. No cloud.
Pick a contact, encrypt your message into a QR, and send it over any channel — it self-destructs after a single read.
Pairing swaps two QR codes to build a secure channel. Show them face-to-face, or relay them over Signal / SMS — snap the code with a second, online phone. The key-holding device stays dark.
One of you creates an invite QR; the other scans it and shows a reply. You're now a cryptographic channel — no account, no phone number.
Type a message in any language. The app encrypts it end-to-end and renders the ciphertext as a QR code.
They scan it with the camera. Read once, then it's gone — decrypted, shown, and forgotten.
Messages are shown on screen and scanned by the other party. The device with your keys can live in permanent airplane mode — no SIM, no Wi-Fi, no Bluetooth.
There is no backend. Nothing to hack remotely, nothing to subpoena, no central record of who talks to whom.
An air-gapped phone has no network route for malware to smuggle keys out — the way the toughest systems in the world are protected.
Because messages are encrypted before they become a QR, you can relay them over WhatsApp, email, or in public. Security rests on the cryptography, not on trusting the channel.
Every message uses a fresh key. Forward secrecy: a stolen key can't decrypt past messages. Post-compromise recovery: the conversation heals itself after a break-in.
~224-bit security: a deliberately stronger choice than the common X25519.
Message headers — counters and ratchet keys — are encrypted too, not just the body.
Messages are padded to a fixed size, so the QR doesn't betray how long your message was — resisting traffic analysis.
Messages are decrypted, shown, and forgotten. There is no chat history on disk to seize or leak.
A read message visibly counts down and erases itself — by default, gone in five minutes.
Today's cryptography already keeps your messages safe — this is about being future-proof even against a machine that doesn't exist yet. Here's exactly why it holds, and the one condition that makes it absolute.
Every message is sealed with XChaCha20-Poly1305 (256-bit), keyed via HKDF-SHA-512. The best a quantum computer can do here — Grover's algorithm — merely halves symmetric strength: 256 bits down to 128, still astronomically out of reach. Nothing to change.
The conversation's root key is derived from the X448 Diffie–Hellman exchanged in the two pairing QR codes. That elliptic-curve step is the only thing a quantum computer (Shor's algorithm) could break — and only if it has captured those public keys.
Each message key is folded out of the previous one by a one-way function rooted in that initial secret. The chain can't be run backwards, and can't be started without the root — so capturing later messages yields ciphertext, never keys.
The ratchet's rotating public keys travel inside the message headers — and the headers themselves are encrypted under that same unseen root. A snooped QR doesn't even expose the public keys a quantum computer would need to attack.
The database is sealed with a random key that is itself wrapped. Destroy that tiny wrapped key and the whole database is instantly, permanently unrecoverable.
With a secure element (StrongBox / TEE), the vault is locked to that chip — so a stolen copy of the file can't be brute-forced on an attacker's hardware.
The secure element refuses to release the vault until you pass your phone's PIN/biometric in addition to the app PIN, with hardware rate-limiting it enforces itself.
After a few wrong PINs the vault self-destructs. The counter is signed by a non-extractable hardware key, so it can't be reset to keep guessing — tampering fails closed.
A one-tap wipe right on the lock screen — no PIN needed. About to be seized? Destroy everything instantly. Rather lose your contacts than leak your secrets.
It's never stored or transmitted. Key material is scrubbed from memory after use, and the database is written atomically so a crash can't corrupt it.
Built for old, cheap, or forgotten Android phones (Android 6+). Turn a drawer phone into a dedicated secure messenger.
No secure element? You still get full message confidentiality — the app just tells you the at-rest protection is weaker and to keep the device physically safe. Confidentiality is constant; enforcement scales with the device.
The cryptography is a compact pure-Go library with no native glue — small enough to review end to end.
Two full independent security passes; every finding fixed and locked in with a regression test.
The only untrusted input is the camera. Parsers are bounds-checked and fail-closed — they never crash on a malformed or malicious QR.
No analytics, no trackers, no network calls — not in the app, and not even on this page. It runs zero JavaScript.
kryptoman is free — no subscription, no in-app purchases, no ads.
// a wylmi project