Zero knowledge · Offline-first · Android

Your notes,
encrypted by default.

KeyScribe encrypts every note with AES-256-GCM and wraps each key with RSA-2048. Your private key never leaves the hardware.

Get Started How it works

Built for privacy.

Every feature is designed around a simple principle: your data belongs to you.

AES-256-GCM + RSA-2048

Unique AES key per note, wrapped with your RSA-2048 key pair from Android Keystore.

Learn more

Encrypted Sharing

Share .cnote files encrypted with the recipient's public key. True end-to-end encryption.

Learn more

Secure Backup

Password-protected exports with PBKDF2 (100k iterations) + AES-256-GCM.

Learn more

Biometric Unlock

Fingerprint or face recognition adds protection even if your phone is unlocked.

Learn more

Encrypted-First View

Notes open showing raw ciphertext. Tap to decrypt. Data is always encrypted at rest.

Learn more

QR Key Exchange

Share your public key via QR code. No server needed, scan and connect.

Learn more

How encryption works

From plaintext to ciphertext in milliseconds. Every note, every time.

01

Write

Create a note with title and content. Nothing is stored yet.

02

Encrypt

A fresh AES-256 key encrypts your note. The key is wrapped with RSA-2048.

03

Store

Only ciphertext hits the database. The private key stays in hardware.

Specifications

Symmetric
AES-256-GCM
Asymmetric
RSA-2048 / OAEP
Key Storage
Android Keystore
Backup KDF
PBKDF2-SHA256
KDF Iterations
100,000
Key per note
Unique AES key
Free forever

100% free.
100% private.

No accounts. No cloud. No tracking.
Your notes belong to you.

Read the docs