MessageSeal
Support
MessageSeal is a local text-protection app for iPhone and iPad. It pins one Apple-native crypto profile at a time instead of negotiating multiple suites inside shared text. The current profile uses hybrid post-quantum public-key cryptography for recipient encryption and signatures while keeping message protection and verification fully on device. You can share protected text through other apps, and Nearby Exchange can help nearby devices swap signed public identities for later use. Start with the in-app Guided Tour and Help & Security guide for the fastest overview of identity sharing, local encrypt, local sign, local decrypt, local verification, and Nearby Exchange.
What The App Does
- Creates and stores local identities
- Lets you share one signed public identity bundle with separate encryption and signature keys
- Encrypts text into a shareable
MessageSeal1bundle - Signs readable text with a detached signature footer
- Decrypts bundles locally when one of your local identities matches
- Verifies signed text locally when the included signing identity data is intact
- Pairs nearby devices to compare a safety code and save a public identity for later while both screens stay open
- Includes a Messages extension for encrypting before send, signing readable text, sharing a signed identity bundle, and opening compatible protected text on device
Why Post-Quantum Matters
Traditional public-key systems are expected to become weaker if future large-scale quantum computers become practical. MessageSeal uses Apple-native hybrid post-quantum public-key cryptography so its shareable identities, recipient wrapping, and signatures are not tied only to older public-key designs.
MessageSeal pins one crypto profile at a time to avoid downgrade-prone negotiation. The current profile uses XWing HPKE recipient wrapping, hybrid ML-DSA87 + P521 signatures, and AES-256-GCM for the message body. That design is meant to reduce long-term exposure for sensitive text that may need protection well into the future while keeping a classical hedge during the transition.
How The Stack Works
- Each local identity has two public keys under one label: one XWing encryption key for recipient wrapping and one hybrid ML-DSA87 + P521 signing key for signatures.
- Public identity sharing uses a visible
MessageSeal1bundle with explicit key-format metadata, a short identity fingerprint, a detached identity signature, and no private key material. - The generic recipient-import flow accepts signed identity bundles or raw encryption keys. Encrypted message bundles are for open and decrypt flows, and reply-ready sender identities can only be saved directly when the decrypted or verified message proves them.
- Encrypted text uses one fresh 32-byte AES-256 content key per message. That content key is wrapped separately to each selected recipient with XWing HPKE, then the plaintext is encrypted with AES-256-GCM.
- Readable signed text stays visible and adds a detached footer that includes the body digest, the signing public key, the included reply encryption key, and the hybrid signature.
- Nearby Exchange swaps signed public identities, derives the same short safety code on both devices, and uses temporary local control frames only during the live pairing session. It does not change the normal MessageSeal1 encrypted-bundle or signed-plaintext formats.
- Private keys stay on device in Apple's Keychain. MessageSeal does not run a server, relay, or cloud key store.
For the full wire-format explanation, including the pinned crypto-profile model, current-only bundle versions, signed footer structure, fingerprints, and local verification behavior, open Protocol Specification inside the app from Settings. If you want the conceptual version first, open the in-app How This Works screen for the replayable encrypt-and-open walkthrough.
Nearby Exchange
- Open Nearby Exchange from Keys to share one of your identities with someone standing next to you.
- Open Nearby Exchange from Recipients to save a nearby person's public identity for later local use.
- After you save a nearby person's public identity from Keys or Recipients, use Compose normally if you want to encrypt to that saved recipient.
- Nearby Exchange is main-app-only, one-to-one, and foreground-only. It does not add a backend, inbox, or history.
Important Limitations
- The app does not run a chat network, mailbox, or relay service.
- The app protects message contents, not transport metadata.
- Private key deletion is irreversible.
- Sender labels in bundles are informative metadata, not proof of identity.
- A matching nearby safety code proves that both devices saw the same exchanged identity continuity data during that local pairing step, not a claimed human label by itself.
Before You Report A Problem
- Confirm you created at least one local identity in the Keys tab.
- Confirm the recipient's signed public identity bundle or raw encryption key was imported before encryption, or save the signer before relying on signature matches.
- When decrypting raw text, paste the full
MessageSeal1bundle, including begin and end markers. - When verifying a signed message, paste the full visible plaintext plus the detached signature footer.
- If Nearby Exchange cannot find the other device, confirm both devices are on the Nearby Exchange screen and Local Network access is allowed for MessageSeal.
- If a Messages bubble did not open directly, check whether it fell back to raw bundle text because it was too large. In that case, copy the full bundle into MessageSeal or the Messages extension manually.
- If you deleted the receiving identity, older messages for that identity may no longer be recoverable.
Support Scope
This support page covers product setup, identity management, Nearby Exchange, encrypted bundle sharing, signed-message verification, post-quantum cryptography positioning, and Messages extension behavior for MessageSeal.
Support email: messageseal@totalaldo.com
Use that address for product setup questions, troubleshooting, and App Store support requests related to MessageSeal.
Privacy Questions
For privacy details, including local storage, retention, and deletion behavior, read the Privacy Policy.