Open-source crypto core · Apache-2.0

Your offline vault for passwords, crypto & files

Zero-knowledge and fully offline. No servers, no accounts — the app doesn't even request the INTERNET permission. Your secrets physically cannot leave the device.

Android · fully offline · AES-256-GCM · Argon2id

Hypervault app
0INTERNET permissions requested
0bit AES-GCM encryption
0tools on one crypto core
0languages · EN RU UK FR ES
Explore

See it, screen by screen

Pick a track and tap through the screens that matter to you — real screens from the app, no mock-ups.

Vault screen Authenticator screen Files screen Sharing screen Wallet screen Chains screen Signing screen Duress unlock screen Dead-man switch screen Settings / disguise screen
Duress-PIN & data wipe
Open source

A crypto core you can read

Trust isn't asked for — it's verified. Hypervault's cryptographic core is published as a standalone module with its whitepaper and test vectors.

No homemade cryptography

Standard, audited primitives only — Argon2id, HKDF-SHA-256 and AES-256-GCM, with all randomness from a CSPRNG.

Small, readable surface

Pure Kotlin, one dependency, no Android code — easy to read and audit end to end.

// key hierarchy master password ──Argon2id──▶ MUK Secret Key SK (128-bit, CSPRNG) KEK = HKDF-SHA-256(MUK ‖ SK) DEK = AES-256-GCM-unwrap(KEK) payload = AES-256-GCM(DEK)
Argon2idHKDF-SHA-256AES-256-GCMX25519Ed25519CBOR
File format

HV1 — one file, everything inside

Your entire vault is one portable file. Back it up anywhere — without your device and master password it is just noise.

"HVLT" · magic  u16 · version header — plaintext, authenticated as AAD   kdf_id, argon2 m/t/p, kdf_salt   hkdf_salt, cipher_id, write_counter   wrapped_dek = AES-GCM(KEK) {nonce, ct, tag} body — AES-256-GCM(DEK), AAD = header   CBOR payload: entries, files, wallets,   TOTP secrets, …and all metadata
Nothing leaks outside

Entry names, URLs and structure all live inside the encrypted body. The header holds only crypto parameters.

Tamper-proof

Flip a single byte and authentication fails. The body is cryptographically bound to its header.

Two-factor entropy

A stolen file is undecryptable even with a weak password — the 128-bit Secret Key is the second component.

Release roadmap

Where Hypervault is heading

From a shipped 1.0 to a network of devices across Android, iOS and macOS — every release stays fully offline and holds the same security standard.

🗓All of this ships by the end of 2026 — not in ten years.
v1.0

First public release

The full offline vault: passwords, air-gapped wallet, 2FA, encrypted files, duress-PIN and dead-man switch — shipped and stable.

Shipped
v1.0.5

BTC & SOL transaction signing

Extending fully offline QR signing to Bitcoin (PSBT) and Solana — sign on the air-gapped phone, broadcast from a watch-only wallet.

In progress
v1.1

Large-file transfer

Move big encrypted files between devices — chunked AEAD transport over any channel, ciphertext only, no size ceiling.

Planned
v2.0

HVN — Hypervault Network + iOS

Link X devices into one network — your phone becomes the key to a corporate environment with flexible permissions, still with no internet and the same security standard. Ships alongside the native iOS release.

Vision · 2026
v3.0

macOS release

The full vault, wallet and HVN on the desktop — a native macOS app closing the loop across phone, tablet and Mac, on the same encrypted HV1 core.

Vision · 2026
Download

Two builds. Pick the one that fits you.

Same app, same encryption. Choose how much you want the app to be able to reach the outside world.

Recommended
🛡️

Secret

The everyday choice

The right pick for almost everyone. A fully secure vault that also sends anonymous crash reports (Firebase Crashlytics) so we can fix issues fast — your vault contents are never part of it.

Download Secret Download SHA-256
🌑

Blackout

For the truly paranoid

Fully offline — the app can't reach the network at all. Pick this only if you want zero connectivity and don't mind losing crash diagnostics.

Download Blackout Download SHA-256

Both builds are downloaded over HTTPS and signed. Before installing, you can verify the published SHA-256 checksum and the app's signing certificate — or grab it from Google Play / RuStore, which verify the signature for you.

ITS Development · your reliable IT partner

Powerful, fast products for small & medium business

A team across Russia, Serbia and the UAE, and the studio behind Hypervault. In the realities of 2026 we ship quick, performant products — on a modern stack, accelerated by AI, under an official contract with our own in-house security team.

From idea to launch — in weeks, not months

Durable solutions that grow and scale with your business — fast to launch, built to last, and easy to run.

We ship up to 3× faster and cheaper — AI and a modern stack give you performant products and a rapid time-to-market, not cut corners.

  • Mobile apps for business — every platform, any niche
  • SEO-ready websites & web apps
  • Telegram bots with Telegram Web Apps
  • Fast, budget MVPs — launch and validate quickly
Discuss your project
Tell us what you're building — we usually reply within 1–10 minutes.
Message ITS Development Visit itsdevelopment.ru
Official contract · NDA-friendly · in-house infosec