Communication Features
CryptPeer® offers a complete suite of end-to-end encrypted private communications, without installation on terminals. Discover all available features.
What others do — and what CryptPeer does beyond
| Feature | Cloud Messengers | Sovereign Solutions | CryptPeer® |
|---|---|---|---|
| 60+ browser interoperability | ❌ | ⚠️ | ✅ |
| P2P architecture without single point of failure | ❌ | ❌ | ✅ |
| Masked mode inviolable | ❌ | ❌ | ✅ |
| Autonomous sovereign multi-bubbles | ❌ | ⚠️ | ✅ |
| Local license without database (EviEngine) | ❌ | ❌ | ✅ |
| Sovereign free Translator tool 50+ languages (voice, file OCR, self-hosted, offline) | ❌ | ❌ | ✅ |
The 14 CryptPeer® exclusive features
Reference list — neither Signal, Threema, Matrix, nor Telegram combine these 14 criteria in a unified, self-hosted and interoperable architecture.
- Self-hosting / Sovereignty
- Real self-hosting / zero vendor or third-party dependency
- 60+ browser interoperability
- P2P architecture without single point of failure
- Masked mode (network undetectability)
- Autonomous sovereign multi-bubbles
- EviEngine (license without server or database)
- Integrated HSM (PassCypher/EviKey)
- Large file transfer + signature/integrity
- Local-only mode (air-gap)
- Server-hopping / Extreme resilience
- Zero installation (web only)
- Sovereign free Translator tool 50+ languages (voice, file OCR, self-hosted, offline)
- Automatic storage management — operational maintenance
Account and Access
Complete user account lifecycle management.
- Register: Create an account via form (username, password, email, phone, registration reason). The account remains pending until validated by an administrator.
- Log in: Application access only if the account is active (validated by an administrator).
- Two-factor verification (2FA): Enable two-factor authentication via TOTP code from the profile. Compatible with all TOTP key management software, including PassCypher HSM PGP and PassCypher NFC HSM (SHA1, SHA256, SHA512).
- Change password: From the profile, with current and new password.
- Log out: Securely exit the application.
Differentiator #1: Zero Installation — Maximum Interoperability
CryptPeer® is the only one to offer exhaustive compatibility with 60+ web browsers, ensuring maximum interoperability and extended retro-compatibility.
- Chromium/Blink-based browsers: Chrome, Edge, Opera, Brave, Vivaldi, Arc, Yandex, Ungoogled Chromium, Iridium, Bromite, and all their forks (20+ browsers)
- Gecko-based browsers: Firefox, Tor Browser, Waterfox, LibreWolf, Pale Moon, and all their forks (9 browsers)
- WebKit-based browsers: Safari, GNOME Web, Midori, Otter Browser, and all their forks (7 browsers)
- Regional browsers: UC Browser, Baidu, QQ Browser, 360 Browser, Maxthon, Naver Whale (8+ browsers)
- Smart TVs and embedded systems: Samsung Smart TV, LG Smart TV, Android TV, Apple TV, PlayStation, Xbox, Nintendo Switch (9+ systems)
Strategic advantage: CryptPeer® works on virtually all modern web browsers, ensuring universal access without technical constraints. CryptPeer® eliminates the hardware constraint of civil/military/regalian solutions: secure E2E communication between any devices (including hardened phones) via WiFi, without requiring a SIM card, between heterogeneous devices with total interoperability and an encryption level adapted to the most demanding needs. See full detailed list →
Translator tool — Multilingual language assistance (messaging & e‑mail)
Beyond encryption, CryptPeer® embeds a dedicated Translator tool and a layer of multilingual language assistance for instant messaging and the e‑mail client, fully self‑hosted and operating without an Internet connection.
- More than 50 supported languages: European languages (French, English, German, Spanish, Italian, Portuguese, Dutch, Nordics, Baltic, etc.), Eastern Europe & Eurasia (Russian, Ukrainian, Albanian, Azerbaijani, Kyrgyz…), Middle East (Arabic, Persian, Hebrew, Turkish, Urdu), Asia‑Pacific (Chinese simplified/traditional, Japanese, Korean, Hindi, Bengali, Indonesian, Malay, Thai, Vietnamese, Tagalog) and Esperanto.
- Voice input compatible: the Translator tool accepts input from free voice recognition (Android and Apple) — speak, transcribe, translate. Voice recognition also enables auto‑typing for instant messages and e‑mails, both of which benefit from integrated translation.
- File import and translation: upload files .txt, .odt, .odp, .docx, .pptx, .epub, .html, .srt, .pdf — an embedded OCR in CryptPeer® extracts and translates the content, without relying on external services.
- Translation and writing assistance: assistance for understanding and drafting messages and e‑mails, directly from within the CryptPeer® environment.
- No leakage to connected AIs: no text is ever sent to external translation or AI services (LLMs, cloud); everything stays inside your sovereign bubble, even in air‑gap mode.
- Cybersecurity & confidentiality gain: compared with solutions that outsource translation to the cloud, CryptPeer® significantly reduces the attack surface and the risk of sensitive data leakage, while remaining aligned with Sovereignty by Design and Operator Exclusivity doctrines.
- Profile per contact: each contact sets their preferred translation language in their profile; messages are translated into the recipient's chosen language.
- Sovereign free translator when traveling: genuine integrated translation tool, usable abroad without cloud services — no detectable translation footprint, no profiling or interception by third parties. See Sovereign language assistance.
1:1 & Group Messaging
CryptPeer® enables individual messaging and groups with customizable channels and access policies. You can chat with any user who shares at least one category (department) with you. Each user can belong to multiple groups simultaneously, facilitating communication within teams, projects, clients, partners, crisis cells, or inter-site.
- Individual messaging: E2E encrypted private communication between two users (only if you share at least one category)
- Send text, photos, videos, audio and files: In each conversation, write messages, attach files, record voice or video, send images
- Receive messages in real time: New messages display in real time; you can enable or disable notification sounds from the profile
- Reply and edit: Reply to a specific message and edit already sent messages if needed
- Multiple groups: A user can be present in several groups at the same time
- Channels: Organization of conversations by thematic channels
- Access policies: Granular control of permissions and visibility
Private Chat — Conversations and Masked Groups
Dedicated « Private » section for masked conversations and groups, invisible in the usual lists.
- View masked conversations and groups: Displayed only in the « Private » section
- Create a masked conversation: From « Create », start a masked conversation with a contact; visible only in Private
- Create a masked group: From « Create », create a masked group (name, description, members); visible only in the Private section
Group Participant Management
CryptPeer® offers complete and flexible participant management within groups, providing total control over group composition and administration.
- Create a group: From « Create », specify name, description (optional) and members; invitees receive a request to join
- View members and roles: In each group, see who belongs to it; if you are the owner, assign administrators or transfer ownership
- Add participants: The group administrator can add new participants at any time, respecting defined access policies
- Remove participants: The administrator can remove participants from the group according to organizational needs
- Voluntary departure: Each participant can leave the group autonomously at any time (except if owner: transfer ownership first)
- Administration transfer: If the creator/administrator wishes to leave the group, they must designate a new administrator among existing participants before leaving, ensuring group management continuity. See Revocation and Repudiation.
- Secure governance: All management operations are tracked and secured, preserving group integrity and confidentiality
Audio / Video Calls
Individual audio/video calls and conferences in a private self-hosted environment. All calls are end-to-end encrypted, ensuring the confidentiality of your communications.
- Launch a call: From a chat or group, launch a voice or video call with participants
- Individual calls: Secure A/V communication one-on-one
- Group conferences: Multi-participant calls with permission management
- Accept or refuse a call: For incoming calls, accept/refuse window with notification sound
- Private environment: All calls transit through your self-hosted relay server
- Remote access: Possible depending on network configuration (NAT, reverse proxy, Let's Encrypt)
Files & Memos
Large-capacity file transfers with E2E encryption. The recipient can choose to import files encrypted or decrypted according to their needs.
- Drag and drop: In a conversation or group, drag files into the upload zone or select them in one click; use the camera to take a photo or record a video and send it directly
- Large-capacity transfers: Large files supported with E2E encryption
- Configurable limits: File types and maximum size may be limited by your organization's or category's configuration; the application will indicate if a file is not allowed or too large
- Import choice: Encrypted import or decrypted import according to preferences
- File signature: Integrity and authenticity verification
- Decryption space: Storage at user's free choice
- Export conversations or groups: Export history as a protected file and save it to your device
- Consult an export: From the profile, upload a saved export file to consult its content securely
Timestamped Large File Transfer — Sensitive File Backup
Unique CryptPeer® feature: Large file transfer with integrated timestamping and integrity/authenticity verification (signature), enabling secure backup of sensitive files on any media.
- Integrated timestamping: Each transferred file is timestamped for complete traceability
- Signature / Integrity verification: Guaranteed authenticity and integrity of transferred files
- Sensitive file backup: Secure storage on any media (external drive, private cloud, etc.)
- Lifecycle management: Complete tracking of sensitive file lifecycle
- Enhanced compliance: Timestamping for audits and regulatory compliance
Advanced File Encryption/Decryption
Complete lifecycle management of encrypted files: Native encryption and on-demand decryption with total user control.
- Native encryption: Automatic encryption of all files
- On-demand decryption: Decryption only when necessary
- Complete management: Total control of encrypted file lifecycle
- User transparency: Transparent process for end users
Audio/Video Recordings
Audio/video recordings captured locally then sent encrypted. Ideal for voice memos, video messages, or recorded conferences.
- Local capture: Recordings made on the user's terminal
- Encrypted sending: All recordings are encrypted before transmission
- Secure storage: Decryption space at user's free choice
Self-Destructing Messages
Send messages that are automatically deleted after being read by the recipient. Useful for sensitive information.
- Configurable delays: For example 10 seconds, 30 seconds or 1 minute after reading
- Enhanced confidentiality: No long-term retention of sensitive messages
Notes and Collaborative Notes
Create notes with title and content, stored in a protected format. Add collaborators for simultaneous consultation and editing.
- Create a note: Title and content, encrypted storage
- Collaborative notes: Add collaborators so multiple people can consult and edit the note at the same time
Configure one or more email accounts to read and send emails from the application.
- IMAP/SMTP configuration: One or more email accounts (IMAP/SMTP) to read and send emails
- PGP encryption: If configured, sign or encrypt emails with your contacts (via PassCypher HSM)
Profile and Categories
Manage your personal profile and the categories (departments) you belong to.
- Profile: Edit full name, email, phone, photo and personal information; choose visibility of this data for other users; enable or disable notification sounds; manage two-factor verification
- Categories: You belong to one or more categories (departments); you can only start conversations with users who share at least one category; categories are assigned by administrators; you can request to join or leave a category from your profile
- Export and consult your data: Export your conversation and group history as a protected file; then upload this file in the profile to consult its content
Search and Creation
Search for users and create conversations or groups.
- Search users: A search page allows you to find other users by name
- Create a conversation: Search for a user (with shared category), start a normal or masked conversation, access the chat
- Create a group: Create a normal or masked group: name, description, members; the application opens the created group; invitees receive a request to join
Translator Tool & Language Assistance
Interface available in 14+ languages offline. Dedicated Translator tool: 50+ languages, voice recognition (Android/Apple), file import (.txt, .docx, .pdf…) with embedded OCR — messaging and e‑mail, fully self-hosted and offline, no leakage to cloud AIs. See Sovereign language assistance.
- 14+ interface languages: Offline multilingual support for the user interface
- 50+ translation languages: Messaging and e‑mail, sovereign, no cloud
- Display obfuscation: Interface always encrypted with selective decryption
- Temporary view in RAM: Decryption only for display, immediate erasure after reading
All Devices — Zero Installation — Ultra Mobile
CryptPeer® works on all devices worldwide — nothing to install: computer, phone, tablet, smart TV, media. Ultra mobile. The user experience is "app-like" with automatic display configuration.
- All devices: Computer, phone, tablet, smart TV, media — works everywhere in the world
- Nothing to install: No installation required, instant operation on all devices
- Ultra mobile: Access from any device, anywhere, anytime
- App-like UX: Feel of installed application without actual installation
- Auto-configuration: Automatic display-side configuration, ready to use immediately
Administration & IT Integrations
Administration Panel Access
Only users with the administrator role can access the administration panel. The « Admin » link appears in the sidebar. If there are pending registration requests, a badge displays the number of requests and updates automatically without refreshing the page.
- Panel tabs: Users, Categories, Direct contacts, Requests, Logs, Database, Storage
- Pending requests badge: Real-time indication of the number of registrations to validate
Directory / SSO (Ultra-Simple Principle)
Request via integrated form: the user proposes one or more attachment categories. Administrator validation: assignment/refusal of categories. A validated contact only sees contacts from their assigned categories.
- Categories: Teams, projects, clients, partners, crisis cells, inter-site
- Restricted visibility: Each user only sees contacts from their categories
- SSO alignment: Compatible with company N-factor policies
Advanced Category Management — Anti-Espionage Protection
Unique CryptPeer® feature: Advanced category administration with protection against espionage via contact dictionary.
- Category creation: Admin can create and manage custom categories
- Contact assignment: Contact assignment by category with granular control
- Anti-espionage protection: No visible contact dictionary (protection against espionage)
- Strict typological compartmentalization: Strict organizational separation by categories
- Browser-based admin: Zero-installation administrative interface, hyper user-friendly
- Enhanced security: Protection against contact leaks and organizational espionage
User Management
- View all users: List with name, email, categories, admin/active status, registration reason, registration date
- Assign categories: For each user, open a window to assign or remove categories (departments)
- Activate or deactivate an account: Only active users can log in
- Grant or remove administrator role: You cannot remove the role from yourself
- View registration reason: Consult the text entered during registration
- Delete a user: Permanent deletion with confirmation; associated data is also deleted
- Activity log: All actions are recorded in the logs
Category Management
- View categories: Name, description, assigned users
- Create a category: Name and optional description
- Assign users to a category: From each category, window to add or remove users
- Delete a category: With confirmation; users will no longer be linked to it
Direct Contacts
For each user, define their « direct contacts »: users they can access directly without sharing a category. Useful for support or profiles with special access.
- View direct contacts: Per user
- Add or remove direct contacts: Granular management
Requests
- Registration requests: List of registered persons whose account is not yet active; name, email, registration date, reason; option to validate the account (activate it) or refuse it (and optionally delete the user)
- Category change requests: Requests from users wishing to join or leave a category; approve or refuse; actions recorded in the logs
Logs (Activity Log)
View the log of the latest actions performed by administrators: user activations/deactivations, role changes, request approvals, etc., with the date and the administrator who performed them.
Database
View information stored in the application (users, categories, conversations, messages, etc.) from a table with search and pagination, without direct access to the database. Useful for support and verification.
Access Governance
- Administrator revocation (1 click): The contact immediately loses access to servers
- Repudiation between contacts: Messages sent by the repudiated remain accessible; they lose access to the other's responses
Operations & Supervision
- Server Manager: On-the-fly relay change (organization, client server, remote instance)
- Admin gauges: A/V latency/jitter, throughput, simultaneous capacity (conferences), Pi 5 consumption
- Server hardware status: Useful information feedback (health, load, occupancy)
- Encrypted backups: Database backup and restoration of encrypted messages with user keys
Export/Import Restorable Discussions
Unique CryptPeer® feature: Complete conversation export and import for restoration, ensuring total data portability.
- Complete export: Export of all conversations with complete structure
- Restoration import: Complete restoration of conversations from an export
- Total portability: Facilitated migration between servers or complete backup
- Operational continuity: Facilitated recovery after incident or migration
Export/Import Group Lists
Unique CryptPeer® feature: Export and import of group organizational structure for continuity and migration.
- Group structure export: Export of group composition and organization
- Migration import: Restoration of complete organizational structure
- Organizational portability: Complete organization migration between servers
- Continuity: Recovery after incident with preserved organizational structure
Multi-Bubble Manager — Multi-Autonomous Relay Server Access
Unique CryptPeer® feature: URL link manager enabling access to multiple private bubbles (autonomous CryptPeer relay servers) to which you have authorized access. Each relay server is an independent private bubble belonging to a distinct entity.
- Autonomous relay servers: Each relay server operates completely independently and belongs to a distinct entity
- URL manager: Centralized address book of your accessible private bubbles (relay servers)
- Local or remote access: Depending on network configuration, connection possible via LAN (local network) or from outside (Internet)
- Multi-bubbles: Simultaneous access to multiple autonomous relay servers from the same browser
- Multiple tabs: Multiple tabs or bookmarks to different CryptPeer servers
- Authorized access: Each bubble = access authorized by the entity owning the relay server
- Extreme portability: Access to your bubbles from any terminal, anywhere
- Total isolation: Each bubble is completely isolated and independent
- Multi-entity organizations: Access to multiple bubbles from different entities from a single terminal
Automatic Storage Management — Operational Maintenance
Unique CryptPeer® feature: Automatic and intelligent storage space management to ensure relay server operational maintenance.
- Automatic purge messages: Retention period configuration (1 to 10 years) by admin
- Intelligent deletion: On overflow, automatic deletion of oldest messages
- Intelligent file purge: Automatic at 80% capacity or manual
- Downloaded file priority: Priority deletion of already retrieved files
- Guaranteed operational maintenance: Server remains functional indefinitely (256 GB = 25-35 years for 200 users with purge)
- Proactive management: Automatic and manual function for total control
Upload Configuration
- Disk usage: View space occupied by the application on the server (uploaded files, etc.) and remaining available space
- Global rules: Allowed or blocked file types, maximum file size; if configured, limits per folder or other options; these rules apply to all application uploads
Storage capacity: On a 256 GB disk, CryptPeer® can maintain encrypted discussion backups for 25-35 years for 200 users (without purge), and indefinitely with automatic purge. For more details on capacity calculations by number of users, see our dedicated storage sizing page.
Sovereignty & Operator Control
CryptPeer® is a sovereign system designed according to the principles of Sovereignty by Design and Operator Exclusivity. No third party, cloud or external provider intervenes in encryption, storage or routing.
- Total control of keys and servers by the operator
- RAM-only storage without persistence
- Zero Cloud and Zero Trust architecture
- Verified symmetric quantum resilience (SHA3, AES-256)
Embedded Administration & Advanced Security
Embedded Administrator Space
CryptPeer® natively integrates an embedded administrator space allowing simultaneous use of CryptPeer services and server administration with clicks, without practically typing anything on the keyboard.
- Intuitive interface: Complete administration via an integrated web interface
- Click management: All administrative operations accessible in a few clicks
- Input minimization: Interface designed to minimize keyboard input
- Near-zero learning curve: Designed to be administered without special skills
Always Encrypted Database
Even database access remains secure: it is always encrypted. Keys are generated on the terminal side at users' discretion, ensuring maximum security.
- Permanent encryption: The database is always encrypted, even during administrator access
- Terminal-side key generation: Encryption keys are generated on the user's terminal
- User control: Users maintain total control of their encryption keys
- Enhanced security: No key is stored on the server in plaintext
PassCypher HSM PGP & NFC HSM Compatibility
CryptPeer® is compatible with PassCypher HSM PGP and NFC HSM, allowing the user to enter passphrases greater than 256 bits without typing anything on the keyboard in 1 click with multi-factor authentication. Learn more: PassCypher HSM PGP with CryptPeer (credentials and TOTP code).
- PassCypher HSM PGP: Native integration with PGP HSM devices
- NFC HSM: Support for NFC HSM devices for authentication
- Passphrases > 256 bits: Generation and use of ultra-secure passphrases
- Keyboard-free authentication: Entry in 1 click, without typing anything on the keyboard
- Multi-factor authentication: Enhanced authentication in a single click
- Maximum security: Combination of multiple authentication factors for optimal protection
Administration Simplicity
CryptPeer® is designed to be administered without special skills, with a near-zero learning curve.
- Intuitive interface: All administrative functions easily accessible
- Integrated documentation: Contextual help available at each step
- Guided configuration: Simplified installation and configuration processes
- Simplified maintenance: Maintenance operations accessible in a few clicks
- Minimal training: Quick onboarding without in-depth technical training
EviEngine — Sovereign License System
CryptPeer® integrates Freemindtronic's EviEngine technology for license management without servers or databases.
- Hardware-based license: The license system is based on the computer's motherboard serial number, not on a person's identity
- No server or database: Operates locally, without dependency on external services
- Preserved anonymity: Since the license is linked to hardware and not identity, anonymity is preserved
- Offline operation: CryptPeer can thus operate in local network even offline, without Internet connection
Advanced Security Features
Masked CryptPeer Mode — Advanced Visual Protection
Unique CryptPeer® feature: Masked mode offering maximum protection against visual attacks and observation-based espionage.
- CryptPeer within CryptPeer: Totally autonomous and isolated instance
- Messages always encrypted: Display always in encrypted form for maximum visual protection
- Protection against visual attacks:
- Protection against shoulder surfing
- Protection against screenshots
- Protection against screen recording
- On-demand decryption: One message at a time via padlock icon
- Download choice: Encrypted or plaintext file according to user choice
- Total isolation: Masked instance completely separated
P2P Architecture — DDoS & Denial of Service Resistance
Unique CryptPeer® feature: P2P architecture without centralized server, each relay server being autonomous and belonging to a distinct entity, offering natural resistance to DDoS attacks and denial of service.
- No centralized server: P2P architecture with autonomous relay servers
- Autonomous relay servers: Each relay server belongs to an entity and operates independently
- DDoS resistance: No central attack point, impossible to saturate globally
- Denial of service resistance: Each private bubble (relay server) is isolated = maximum resilience
- No single point of failure: Each relay server is independent, one server's failure doesn't affect others
- Enhanced resilience: Impossible to stop by centralized attack
- Guaranteed continuity: Service operational even if one relay server is attacked