Sovereign Encryption POST-QUANTUM BUILD 051
LOCAL POST-QUANTUM MESSAGING

Private Messaging

Encrypt in this browser with no accounts, servers, or middlemen.
Swap public keys once, then send freely.

Self-test running...
Build verification

Run local checks for the embedded primitives and the 10,000-word Amulet passphrase pool.

ReadyChecks run entirely in this browser.
identityML-KEM keypair, armor, fingerprint.
messageTS4 v6 text encrypt/decrypt.
fileTS4F v6 file envelope.
verifyRNG, SHA-3, AES-GCM, HKDF, ML-KEM, Argon2.
STEP 1

Your Sovereign identity

Generate a keypair once. Keep the private key offline; share only the public key on the right.

PRIVATE KEY — NEVER SHARE

This is your .se.key (private). Anyone with it can read every message sent to you.

8 Amulet words is about 106 bits. The die fills both fields.

Forget the passphrase, lose your identity. No recovery.

No identity loaded.
PUBLIC KEY — SAFE TO SHARE

Share with anyone who wants to send to you. Safe to post anywhere.

IDENTITY FINGERPRINT
(no identity loaded) SHA-256/8 OF YOUR PUBLIC KEY
STEP 2

Send to a recipient

Paste their public key. Encrypt a message or a file.

Address book
No saved recipients yet.
Stored locally in this browser only.
Upload a public key file directly instead of opening it and copying by hand.
RECIPIENT FINGERPRINT
(paste or upload a public key to see its fingerprint)
SEND TEXT
SEND FILE
STEP 3

Read what was sent to you

Uses the secret key from Step 1.

RECEIVE TEXT
RECEIVE FILE

Warning: iOS not supported

TimeSeed & LockIt require desktop-class
browser capabilities for cryptographic
operations (Argon2, AES-GCM).

iPhone and iPad browsers unfortunately
are not supported
due to platform limitations.

Please use a desktop browser on macOS, Linux, or Windows.

This tool runs fully client-side. No data is transmitted or stored.

TimeSeed v3

TimeSeed -> LockIt passkeys

Derive reproducible LockIt passkeys from a single TimeSeed and date.

Saved TimeSeeds