Web is live · iOS beta · audit ahead

We built Essenger because we wanted a safer messenger for ourselves.

No phone number
Hybrid post-quantum protection
Known limitations published

Your device encrypts each message before it leaves: the server sees only ciphertext and delivery metadata. You can check how it works in the documentation and test vectors.

S
Serafim
● encrypted
Sent you the contract draft. Take a look.
Got it. Let's keep this between us 🤫
Of course. No one else can read it 🔒
Only the sender and recipient can read this · ML-KEM-768

What is ready today

The browser version is live and iOS is still in beta. Here is where everything else stands.

Web/PWAThe browser version is already running at hub.essenger.org.
iOS betaWe are testing it on devices now. TestFlight and the App Store come next.
Test vectorsThey help us check that web and iOS encrypt and decrypt messages the same way.
No external audit yetThe protocol remains experimental until an independent audit is complete.

Important: regular chats do not use Double Ratchet, so we do not claim full forward secrecy or post-compromise security for them. Secret chats are available when you need those properties. Sealed Sender is still planned, so the server can see delivery metadata. Read the details in the protocol and privacy policy.

What happens to a message

The key starts on your device

When you register, the app creates an encryption key. The server only receives an encrypted backup for account recovery and does not know the original key.

A new temporary key for every message

Before sending, the app creates a temporary key pair and deletes the secret half after encryption. This does not replace Double Ratchet in regular chats because the recipient still uses a long-term key. Use a secret chat when you need full forward secrecy. See the protocol for details.

Classical and post-quantum protection

X25519 works alongside ML-KEM-768. This hybrid reduces the risk that ciphertext recorded today could be decrypted by a future quantum computer.

The server still sees delivery

The message itself is hidden, but the server can currently see who sent it, who received it, and when. We plan to hide that data with Sealed Sender.

A
Hello! How about meeting tomorrow at 18:00?
B
Great, let's go to the park by the fountain
A
Agreed!

Only visible to the sender and recipient

Ready, testing, planned

What is on, what we are testing, and what is still planned.

FeatureStatusWhat to know
E2E message encryptionOn by defaultWe check web and iOS compatibility with test vectors and real devices
Post-quantum protectionRunning in hybrid mode with ML-KEM-768iOS release testing and an external audit are still ahead
Server-blind Sealed SenderNot in use yetThe server can currently see who sends a message, to whom, and when
Temporary sender keyA new key for every private and group messageRegular chats do not use Double Ratchet; secret chats provide full forward secrecy
Secret chatsDouble Ratchet with forward secrecyCreated separately from regular chats; an external audit is still pending
RegistrationNo phone number or address-book accessThe server still sees technical account and delivery data
ProtocolDocumentation publishedNo independent external audit yet

What is already in the app

Chats, calls, voice messages, files, and disappearing messages already work. Their contents are encrypted before sending.

Private and group chats

Reply, forward, delete, react, and check whether a message was delivered or read.

Audio and video calls

One-on-one calls. Signaling uses E2E encryption, while media uses standard WebRTC encryption (DTLS-SRTP).

Voice messages

Voice messages are encrypted like text. The format is converted automatically for the recipient's platform.

Disappearing messages

Set a timer from 30 seconds to one week. The message is removed from every device when time runs out.

Secret chats

These are separate X3DH + Double Ratchet conversations with forward secrecy and post-compromise security.

One-time messages

Open it once, then it disappears from the recipient and is removed from the server. iOS screenshots trigger a notification.

Files and attachments

Send files up to 15 MB. All attachments are encrypted before sending - the server does not see the content.

Two-factor authentication

Add TOTP and save backup codes. A password alone is no longer enough to sign in.

Recovery phrase

The 12-word phrase can help restore access if you forget your password. Store it separately: anyone who has it can access the account.

How Essenger
stores keys

Your device creates the private key. Only an encrypted backup may be stored on the server for account recovery.

  • 1

    The app creates the key

    The private key starts on your device. The server may store an encrypted copy; its safety still depends on your password and device security.

  • 2

    Recovery is still being tested

    Until testing is complete, we do not treat the recovery phrase as a guaranteed way to regain access.

  • 3

    No plaintext on the server

    The server stores ciphertext and the data needed for delivery. Message contents remain on your devices.

  • 4

    Two kinds of cryptography

    X25519 protects messages today, while ML-KEM-768 adds a hedge against future quantum attacks.

On-device encryption

AES-256-GCM + X25519 ECDH

Temporary sender key

A new key pair for every private and group message

TOFU by UUID

The key is remembered at first contact. Regular chats do not use Double Ratchet

Hybrid ML-KEM-768

Extra protection against future quantum attacks

Private key
Your account
The plaintext key stays on your device. The server may store only an encrypted backup.
Service data
Delivery
The text is hidden, but the server can still see who sent a message, to whom, and when.

Where Essenger works

Web/PWA is available now. iOS is in beta. macOS and Android will follow later.

Browser
hub.essenger.org
iOS
Beta (TestFlight)
macOS
After v1.0
Android
Planned

Read the protocol

We published the message format, algorithms, known limitations, and test vectors. The protocol has not yet had an independent audit.

Ephemeral X25519
Sender key
ML-KEM-768
Hybrid PQ path
HKDF-SHA256
Key output
AES-256-GCM
Encryption

Try
Essenger

You do not need a phone number or address-book access.
Messages are encrypted before they leave your device.