We built Essenger because we wanted a safer messenger for ourselves.
Your device encrypts each message before it leaves: the server sees only ciphertext and delivery metadata. You can check how it works in the documentation and test vectors.
What is ready today
The browser version is live and iOS is still in beta. Here is where everything else stands.
Important: regular chats do not use Double Ratchet, so we do not claim full forward secrecy or post-compromise security for them. Secret chats are available when you need those properties. Sealed Sender is still planned, so the server can see delivery metadata. Read the details in the protocol and privacy policy.
What happens to a message
The key starts on your device
When you register, the app creates an encryption key. The server only receives an encrypted backup for account recovery and does not know the original key.
A new temporary key for every message
Before sending, the app creates a temporary key pair and deletes the secret half after encryption. This does not replace Double Ratchet in regular chats because the recipient still uses a long-term key. Use a secret chat when you need full forward secrecy. See the protocol for details.
Classical and post-quantum protection
X25519 works alongside ML-KEM-768. This hybrid reduces the risk that ciphertext recorded today could be decrypted by a future quantum computer.
The server still sees delivery
The message itself is hidden, but the server can currently see who sent it, who received it, and when. We plan to hide that data with Sealed Sender.
Ready, testing, planned
What is on, what we are testing, and what is still planned.
| Feature | Status | What to know |
|---|---|---|
| E2E message encryption | On by default | We check web and iOS compatibility with test vectors and real devices |
| Post-quantum protection | Running in hybrid mode with ML-KEM-768 | iOS release testing and an external audit are still ahead |
| Server-blind Sealed Sender | Not in use yet | The server can currently see who sends a message, to whom, and when |
| Temporary sender key | A new key for every private and group message | Regular chats do not use Double Ratchet; secret chats provide full forward secrecy |
| Secret chats | Double Ratchet with forward secrecy | Created separately from regular chats; an external audit is still pending |
| Registration | No phone number or address-book access | The server still sees technical account and delivery data |
| Protocol | Documentation published | No independent external audit yet |
What is already in the app
Chats, calls, voice messages, files, and disappearing messages already work. Their contents are encrypted before sending.
Private and group chats
Reply, forward, delete, react, and check whether a message was delivered or read.
Audio and video calls
One-on-one calls. Signaling uses E2E encryption, while media uses standard WebRTC encryption (DTLS-SRTP).
Voice messages
Voice messages are encrypted like text. The format is converted automatically for the recipient's platform.
Disappearing messages
Set a timer from 30 seconds to one week. The message is removed from every device when time runs out.
Secret chats
These are separate X3DH + Double Ratchet conversations with forward secrecy and post-compromise security.
One-time messages
Open it once, then it disappears from the recipient and is removed from the server. iOS screenshots trigger a notification.
Files and attachments
Send files up to 15 MB. All attachments are encrypted before sending - the server does not see the content.
Two-factor authentication
Add TOTP and save backup codes. A password alone is no longer enough to sign in.
Recovery phrase
The 12-word phrase can help restore access if you forget your password. Store it separately: anyone who has it can access the account.
How Essenger
stores keys
Your device creates the private key. Only an encrypted backup may be stored on the server for account recovery.
The app creates the key
The private key starts on your device. The server may store an encrypted copy; its safety still depends on your password and device security.
Recovery is still being tested
Until testing is complete, we do not treat the recovery phrase as a guaranteed way to regain access.
No plaintext on the server
The server stores ciphertext and the data needed for delivery. Message contents remain on your devices.
Two kinds of cryptography
X25519 protects messages today, while ML-KEM-768 adds a hedge against future quantum attacks.
On-device encryption
AES-256-GCM + X25519 ECDH
Temporary sender key
A new key pair for every private and group message
TOFU by UUID
The key is remembered at first contact. Regular chats do not use Double Ratchet
Hybrid ML-KEM-768
Extra protection against future quantum attacks
Where Essenger works
Web/PWA is available now. iOS is in beta. macOS and Android will follow later.
Read the protocol
We published the message format, algorithms, known limitations, and test vectors. The protocol has not yet had an independent audit.
Try
Essenger
You do not need a phone number or address-book access.
Messages are encrypted before they leave your device.