Private messaging that works everywhere. Even off the grid. Five independent transport layers. One unbreakable encryption standard.
Every layer of MeshCipher is engineered to protect your communications, whether you have internet access or not.
Signal Protocol with X3DH key agreement and Double Ratchet for perfect forward secrecy on every message.
Direct relay, Tor relay, WiFi Direct, Bluetooth mesh, and P2P Tor hidden services. Works with or without internet.
ECDSA P-256 keys generated and stored in Android Keystore TEE/StrongBox. Keys never leave secure hardware.
All local data encrypted at rest with SQLCipher AES-256. Database key derived from hardware-backed Android Keystore.
Configurable auto-delete with multiple retention periods. Messages and media cleaned from both database and filesystem.
Tor modes hide IP addresses. Offline modes leave no network trace. The relay server sees only sender/recipient IDs and encrypted blobs, never plaintext or contacts.
Images, video, and voice messages encrypted with per-message AES-256-GCM keys before transport.
Fully auditable codebase under Apache 2.0 license. Every line of code is public and verifiable.
Choose your transport based on your threat model. All modes deliver the same Signal Protocol-encrypted payload.
MeshCipher's security claims are backed by open source code and public documentation. We invite scrutiny.
The relay server only stores encrypted blobs and sender/recipient device IDs. It cannot read message content, see your contact list, or correlate conversations. The server code is open source and self-hostable.
View relay server source ->Direct mode: relay sees sender/recipient IDs and IP. Tor Relay: relay sees IDs only, IP hidden by Tor. WiFi Direct / BLE Mesh: no server, no network log. P2P Tor: no server, both parties anonymous via .onion addresses.
Read networking docs ->Full documentation of all cryptographic primitives, key generation, storage, and protocol flows. ECDSA P-256 identity keys, X3DH key agreement, Double Ratchet, AES-256-GCM, SQLCipher.
Read crypto docs ->MeshCipher has not yet undergone a formal third-party security audit. If you are a security researcher, we welcome and encourage independent review of the codebase and protocol implementation.
Report a VulnerabilityNo phone number. No email. No accounts. Just cryptographic identity.
A hardware-bound ECDSA key pair is generated inside your device's secure enclave. Your identity never leaves the chip.
Exchange keys via QR code scan when in person, or share your public key over any trusted channel for remote contacts. In-person verification is strongest, but not required.
Choose your transport mode and send. Signal Protocol encrypts everything end-to-end regardless of how it travels.
MeshCipher exists because private communication shouldn't depend on a single company's infrastructure or require an internet connection.
Every transport mode, every encryption layer, every line of code is open source and auditable.