kryptoman

kryptoman is offline, end-to-end encrypted messaging that talks in QR codes
instead of network packets. The phone holding your keys never needs a SIM,
Wi-Fi, or Bluetooth. No servers, no accounts, no cloud — nothing to hack
remotely, nothing to subpoena, and no record of who talks to whom.

HOW IT WORKS
• Pair with a contact by exchanging two QR codes.
• Write a message; the app encrypts it and turns the ciphertext into a QR.
• They scan it. Read once, then it's gone — decrypted, shown, and forgotten.

OFFLINE BY DESIGN
The more offline it is, the safer it is. Because a message is encrypted before
it becomes a QR, you can relay it over Signal, SMS, email, or even publicly —
the security rests on the cryptography, not on trusting the channel.

SIGNAL-GRADE CRYPTOGRAPHY
• The Double Ratchet — every message uses a fresh key (forward secrecy and
post-compromise recovery).
• X448 key exchange — a conservative, high-margin curve (~224-bit).
• Encrypted headers and uniform message sizes resist traffic analysis.
• Conversations are never stored.

IF YOUR PHONE IS TAKEN
• Crypto-erase wipe — destroy one tiny key and the whole database is gone.
• Bound to your device's secure element (StrongBox / TEE) where available.
• Optional "require device unlock" — a real second factor enforced by hardware.
• A wrong-PIN counter that self-destructs the vault and can't be reset.
• Panic wipe — one tap on the lock screen, no PIN needed.

PRIVACY YOU CAN VERIFY
No analytics, no trackers, no ads, no network calls. We collect nothing because
there is nothing to collect. The crypto core is a small, auditable library that
has had two independent security reviews.

Give an old phone a second life as a dedicated secure messenger. Android 6+.

kryptoman is free. A wylmi project.

We don't say "unhackable." It's a tool: strong modern cryptography plus an air
gap that protects the endpoint — and we tell you exactly where the limits are.