Communication Features — CryptPeer®

Secure communication features

CryptPeer® brings together in a single self-hosted platform end-to-end encrypted communication functions designed for organizations seeking a secure, coherent, and durable collaboration environment. This page does not merely list options: it describes the communication capabilities that structure daily exchanges, sensitive uses, and collaborative scenarios with a high requirement for control.

Third-party transfer without account: the sender can send encrypted files to an external recipient with controlled secret handling, local decryption on the receiving side, configurable retention, and automatic deletion. For a view centered on overall value and business uses, see the sovereign secure collaboration platform.

Zero installation and maximum interoperability

CryptPeer® is designed to work across a very wide range of browsers and devices, which reduces deployment friction, simplifies adoption, and strengthens operational continuity in heterogeneous environments.

• Chromium/Blink-based browsers: Chrome, Edge, Opera, Brave, Vivaldi, Arc, Yandex, Ungoogled Chromium, Iridium, Bromite, and their forks.
• Gecko-based browsers: Firefox, Tor Browser, Waterfox, LibreWolf, Pale Moon, and their forks.
• WebKit-based browsers: Safari, GNOME Web, Midori, Otter Browser, and their forks.
• Regional and specialized browsers: UC Browser, Baidu, QQ Browser, 360 Browser, Maxthon, Naver Whale.
• Smart TVs and embedded systems: Samsung Smart TV, LG Smart TV, Android TV, Apple TV, PlayStation, Xbox, Nintendo Switch.

Operational advantage: CryptPeer® enables access to secure communication without requiring conventional software installation on each device. This choice reduces hardware dependency, facilitates use across mixed fleets, and improves compatibility in sensitive contexts. For compatibility details, consult the compatibility FAQ.

1:1 messaging and groups

CryptPeer® enables one-to-one messaging and group exchanges with customizable channels and access policies. This architecture supports coordination between teams, projects, partners, clients, crisis cells, or inter-site environments.

• Individual messaging: end-to-end encrypted private communication between two users.
• Multiple groups: a user can belong to several groups simultaneously.
• Thematic channels: exchange organization by subject, team, or context of use.
• Access policies: granular control of permissions and visibility.

Group participant management

Group governance is designed to maintain continuity, role clarity, and exchange security.

• Adding participants: the group administrator can add new members according to the defined rules.
• Removing participants: members can be removed according to organizational needs.
• Voluntary departure: each participant can leave a group autonomously.
• Administration transfer: the creator or administrator can transfer group management before leaving.
• Secure governance: management operations remain traceable and consistent with group integrity.

Audio / video calls

Individual audio/video calls and group conferences operate within a private self-hosted environment. Flows remain integrated into a sovereign communication logic rather than a juxtaposition of external tools.

• Individual calls: secure one-to-one A/V communication.
• Group conferences: multi-participant calls with permission management.
• Private environment: calls transit through your self-hosted relay infrastructure.
• Remote access: possible depending on network configuration, NAT, reverse proxy, or suitable certificates.

Files and memos

CryptPeer® supports large-capacity file transfers with E2E encryption and controlled delivery logic. Document exchanges therefore remain consistent with the platform’s required level of security.

• Large-capacity transfers: support for large files with end-to-end encryption.
• Import choice: encrypted or decrypted import according to operational needs.
• File signature: integrity and authenticity verification.
• Decryption space: storage at the user’s discretion.

Timestamped large file transfer

This capability enables the backup or transmission of sensitive files with integrated timestamping, within a logic of traceability, lifecycle control, and operational use aligned with audit needs.

• Integrated timestamping: each file can be included in a complete traceability workflow.
• Sensitive file backup: use on external drive, private cloud, or sovereign media according to internal policy.
• Lifecycle management: coherent monitoring of sensitive files over time.
• Enhanced compliance: useful support for audits, document control, or regulated contexts.

File encryption / decryption

Native encryption and on-demand decryption make it possible to keep control over the effective visibility of content without imposing permanent plaintext exposure.

• Native encryption: automatic file protection.
• On-demand decryption: opening only when necessary.
• Complete management: control of the lifecycle of protected files.
• User transparency: understandable experience despite a high level of security.

Audio / video recordings

Audio/video recordings are captured locally and then sent encrypted. This capability is useful for voice memos, video messages, or field uses requiring rapid and protected delivery.

• Local capture: recording performed on the user’s device.
• Encrypted sending: flow protection before transmission.
• Secure storage: decryption space at the user’s discretion.

Multilingual interface

The CryptPeer® interface is available in 18 languages, which facilitates international adoption, multi-country coordination, and deployments in heterogeneous environments. The language of the user environment remains configurable, while exchange confidentiality is preserved without automatic translation imposed in this communication layer.

• 18 available languages: UK English, Catalan, Spanish ES, German, Arabic, Simplified Chinese, Korean (South Korea), Hebrew, Hindi, Italian, Japanese, Dutch, Portuguese, Romanian, Russian, Turkish, Ukrainian, and French.
• Offline multilingual interface: integrated language support for the user interface.
• Display obfuscation: encrypted interface with selective decryption according to use cases.
• Temporary RAM view: plaintext display limited to active consultation.

All devices, zero installation, ultra-mobile

CryptPeer® works on computers, phones, tablets, smart TVs, and other compatible media, without conventional application installation. The experience remains close to an app, with an immediate-access logic suited to mobile and distributed uses.

• All devices: access from a heterogeneous fleet.
• Nothing to install: immediate operation without heavy deployment on the user side.
• Ultra-mobile: access wherever the user is, according to the chosen network policy.
• App-like UX: experience close to a dedicated application.
• Auto-configuration: rapid availability on the display side.

Administration and IT integrations

Directory / SSO

The registration and category assignment model makes it possible to align communication uses with the real organizational structure.

• Categories: teams, projects, clients, partners, crisis cells, inter-sites.
• Restricted visibility: each user only sees contacts consistent with their scope.
• SSO alignment: compatibility with broader enterprise authentication policies.

Advanced category management

Category administration contributes to organizational compartmentalization and reducing directory exposure.

• Category creation: management of custom categories according to business needs.
• Contact assignment: granular control of assignments.
• Anti-espionage protection: no exposed global contact dictionary.
• Strict compartmentalization: strong separation by organizational scope.
• Web administration: direct management from a browser interface.
• Enhanced security: reduced risk of leakage or abusive relationship mapping.

Access governance

• Administrator revocation: immediate loss of access according to the role and defined rights.
• Repudiation between contacts: finer control over continuity or interruption of exchanges.

Operations and supervision

• Server Manager: relay switching on the fly depending on the organization or targeted instance.
• Admin gauges: latency, jitter, throughput, simultaneous capacity, useful supervision in operations.
• Hardware status: reporting on health, load, and occupancy.
• Encrypted backups: restoration consistent with the logic of exchange protection.

Discussion export / import

This capability facilitates portability, recovery after incidents, and exchange continuity in migration or controlled archiving contexts.

• Complete export: structured extraction of conversations.
• Restore import: recovery from an existing export.
• Portability: easier migration between instances or environments.
• Operational continuity: recovery after incident or infrastructure change.

Group list export / import

The organizational structure of groups can be preserved within a continuity or controlled migration logic.

• Group structure export: preservation of composition and organization.
• Migration import: restoration of group structure.
• Organizational portability: easier transfer between environments.
• Continuity: maintenance of collective structures after incident or instance move.

Multi-bubble manager

The URL manager facilitates access to multiple private bubbles or autonomous relay servers, within a logic of isolation and multi-entity portability.

• Autonomous relay servers: each bubble remains independent.
• URL manager: address book of your accessible private bubbles.
• Local or remote access: depending on the authorized network configuration.
• Multi-bubbles: simultaneous access to multiple autonomous spaces.
• Multiple tabs: easier navigation between distinct environments.
• Authorized access: each bubble operates under the authority of its owning entity.
• Extreme portability: access from different terminals and contexts.
• Total isolation: strong separation between private bubbles.
• Multi-entity organizations: adaptation to complex distributed environments.

Automatic storage management

Intelligent storage management helps maintain operations over time, without turning document growth into a risk of uncontrolled saturation.

• Automatic message purge: administrator-configurable retention.
• Intelligent deletion: deletion of the oldest content when thresholds are exceeded.
• Intelligent file purge: automatic at 80% of capacity or triggered manually.
• Downloaded file priority: priority deletion of content already retrieved.
• Guaranteed operational continuity: easier continuity over long operating periods.
• Proactive management: combination of automation and manual control.

Storage capacity: for sizing details by volume and number of users, consult the dedicated storage page.

Embedded administration and advanced security

Embedded administrator space

CryptPeer® integrates an administration space directly linked to the service environment in order to reduce tool dispersion and accelerate day-to-day management operations.

• Intuitive interface: complete administration through an integrated web interface.
• Click-based management: operations quickly accessible.
• Input minimization: reduced dependence on the keyboard.
• Reduced learning curve: easier operational onboarding.

Always encrypted database

Even administrator access remains part of a logic in which content and secrets are not exposed in plaintext more than necessary.

• Permanent encryption: database always protected.
• Terminal-side key generation: keys remain tied to users.
• User control: stronger control over protection secrets.
• Enhanced security: no plaintext storage of sensitive keys on the server.

PassCypher HSM PGP and NFC HSM compatibility

Compatibility with PassCypher HSM PGP and NFC HSM makes it possible to strengthen authentication and the management of long passphrases without relying on conventional keyboard input.

• PassCypher HSM PGP: native integration with PGP HSM devices.
• NFC HSM: support for NFC HSM devices for authentication.
• Passphrases > 256 bits: use of very high-entropy secrets.
• Keyboard-free authentication: one-click entry without direct typing.
• Multi-factor: enhanced protection through factor combination.
• Maximum security: better resistance to interception and visual capture.

Administration simplicity

The objective is to make administration operational without imposing disproportionate technical expertise at each step.

• Intuitive interface: administrative functions easily accessible.
• Integrated documentation: contextual help throughout actions.
• Guided configuration: simpler and clearer processes.
• Simplified maintenance: quick access to maintenance operations.
• Minimal training: faster onboarding for teams.

EviEngine — sovereign licensing system

CryptPeer® relies on EviEngine technology to manage licenses without a central server or a dedicated license database.

• Hardware-based license: anchored to the machine rather than to a person’s identity.
• No server or database: local operation without third-party dependency.
• Preserved anonymity: reduced identity exposure in license management.
• Offline operation: compatibility with closed network environments.

Advanced security features

Masked CryptPeer mode

Masked mode provides advanced visual protection against direct observation, opportunistic capture, or certain compromise scenarios linked to plaintext content exposure.

• Autonomous and isolated instance: strong compartmentalization of masked mode.
• Messages always encrypted: display protected by default.
• Protection against visual attacks:
  • shoulder surfing,
  • screenshots,
  • screen recording.
• On-demand decryption: one message at a time through explicit action.
• Download choice: encrypted or plaintext output depending on use.
• Total isolation: separation between masked mode and normal mode.

P2P architecture and DDoS resistance

The distributed P2P architecture, without a single central point of dependency, improves resilience against denial-of-service attacks and centralized shutdown scenarios.

• No centralized server: architecture based on autonomous relay servers.
• Autonomous relay servers: each relay belongs to a distinct entity.
• DDoS resistance: no central point to saturate globally.
• Denial-of-service resistance: isolation of private bubbles.
• No single point of failure: the fall of one relay does not stop the whole.
• Enhanced resilience: better continuity in hostile contexts.
• Guaranteed continuity: service maintained even in the event of a targeted attack on one bubble.

See also

• All Features
• Detailed Features
• Secure File Transfer
• Secure Mail Client
• Unified Platform
• Why CryptPeer