Docs
Home
Documentation
WelcomeAddressingKey DerivationEncryptionProof of WorkFederationSelf-HostingDomain ClaimingSecurityDevelopment

Welcome to KeyPears

KeyPears is a simple federated encrypted messaging system for communication and secret management. User identities are email-style addresses (name@domain) backed by hybrid classical + post-quantum key pairs: Ed25519 + ML-DSA-65 for composite signing, and X25519 + ML-KEM-768 for hybrid encryption. Any domain can host a KeyPears server, and servers discover each other through DNS.

The protocol is intentionally small enough for many kinds of applications to embed. Like email, each domain's server is authoritative for its users' current public keys. If you do not trust a hosted server to publish honest keys or serve honest client code, the trust exit is to run your own server for your own domain.

What KeyPears does

  • Encrypted messaging between users on any domain, with hybrid X25519 + ML-KEM-768 key encapsulation.
  • Secret vault for storing passwords, credentials, and notes, encrypted client-side.
  • Federated identity — your address is name@domain, the same format as email. If you own your domain, you own your identity.
  • Proof of work for Sybil resistance — no CAPTCHAs, no phone numbers, no third-party verification.

Who it's for

  • Individuals who want encrypted communication without surrendering identity to a centralized service.
  • Organizations that need to control their own communication infrastructure while remaining interoperable with the wider network.
  • Developers building on an open, federated protocol with a simple API.

How it works

All cryptographic operations — key derivation, key encapsulation, encryption, signing, and proof of work — execute client-side. Servers store only ciphertext and never possess the keys needed to decrypt it.

This protects stored message bodies and vault contents from database theft and passive server compromise. It does not try to protect future messages from an active server that lies about public keys.

For a concise protocol overview, read the whitepaper.

For detailed documentation, explore the sections in the sidebar:

  • Protocol — addressing, key derivation, encryption, proof of work
  • Federation — how domains discover each other and exchange messages
  • Self-Hosting — run your own KeyPears server
  • Security — threat model and limitations