End-to-end encrypted · zero-knowledge backend

Encrypted links for private messages and files.

Encrypt before you send. Share through any app. Only the intended recipient can open it.

AES-256-GCMKeys never leave your deviceOpen source · Apache 2.0
Encrypted · ready to shareexample link
https://aesmsg.com/l/x7Kp9wQ2mB4nR8tv

Paste it into Slack, WhatsApp or email — the channel only ever sees this link.

How it works

Three steps, end to end.

A privacy layer over the channels you already use — not another chat app to move your contacts into.

01 · ENCRYPT LOCALLY

Your message and files are encrypted on your device with AES-256-GCM before anything is uploaded. Plaintext never leaves you.

02 · SHARE ANYWHERE

Paste the link into Slack, WhatsApp, iMessage, or email. The channel only ever sees an opaque link.

SlackWhatsAppEmail
03 · RECIPIENT DECRYPTS

Only the recipient's private key — which never leaves their device — can open it. Wrong key, no decryption.

Zero-knowledge backend

Protected

We don't hold the keys. We never see your messages. We can't decrypt your files even if we wanted to.

ciphertext.bin · 4.2 KBAES-256-GCM
eyJ2IjoyLCJhbGciOiJBMjU2R0NNIn0.q7Xt9Pn2KdVa0sR4mLwZ1cYf6hBgUe3oNjQ8tD5xWpAiv:5f3c1a9e7b2d804662e0  tag:9c41fb7a0e8dkx:x25519:3Qm…7Yz  •  hkdf-sha256

Self-destruct

Links expire on a timer — 10m / 1h / 24h / 7d — or after a set number of opens, and can be revoked instantly.

10m1h24h7d

Biometric unlock

Require Face ID or Touch ID before decryption on mobile.

Face ID required to open
Security principles

Trust built into the architecture.

Not policy promises — properties of the system. Here's what the server can and can't ever see.

Ciphertext only

The server stores ciphertext + minimal metadata. Never plaintext, previews, attachments, or your keys.

Keys stay on your device

Keypairs are generated and held on your device and never leave it, unless you export an encrypted backup.

Open source

Our cryptography is open source (Apache 2.0) and independently auditable.

Self-destruct & revoke

Set expiry and max opens up front, and purge the ciphertext from the server at any time with one tap.

Ready to encrypt your next message?

Join the privacy-conscious professionals protecting their data with aesmsg.