Encrypt RSA

Encrypt RSA is a privacy-first messaging tool that lets you encrypt any message with military-grade RSA-2048 + AES-256-GCM encryption — entirely on your device. No servers. No accounts. No trace.

HOW IT WORKS

1. Encrypt your message. A fresh RSA-2048 key pair is generated for every message. Set an expiry time from 30 minutes to 7 days.

2. Split the key. The decryption key is automatically split into 3 shares using Shamir's Secret Sharing. Any 2 of 3 shares unlock the message. Send each share through a different channel — one share alone is cryptographically useless.

3. Decrypt with biometrics. The recipient pastes the encrypted payload and any 2 key shares. Fingerprint or face authentication is required before decryption. The message appears — nothing is stored anywhere.

SECURITY FEATURES

• RSA-2048 + AES-256-GCM hybrid encryption with ephemeral key pairs
• Shamir 2-of-3 secret sharing — intercept one share, learn nothing
• Biometric gate — fingerprint and face unlock via TrustZone, mandatory before every decryption
• Server-verified expiry — enforced against Cloudflare's trusted time server, clock manipulation detected
• Panic Mode — deniable encryption creates an indistinguishable decoy payload for use under coercion
• Screenshot and screen recording blocked at OS level
• Clipboard auto-clears 60 seconds after copying a key share
• Burn-after-read — wipes the decrypted message and clipboard instantly
• Auto-clears all sensitive state after 10 minutes of inactivity
• Zero trace — nothing written to storage, logs, or any external service

ZERO TRACE POLICY

Encrypt RSA has no servers, no user accounts, no analytics, and no crash reporting. Biometric data never leaves your device. The only network request made is a lightweight call to verify trusted time when checking message expiry — no identifying information is sent.

A Modex Apps product.