All Work
Security-Critical ยท Live iOS ยท Encryption RSA-3072 ยท Zero-Knowledge Professional & Enterprise

TruCrypt

End-to-end encrypted messaging for iOS. RSA-3072 encryption, zero-knowledge architecture, and a clean UX for professional environments where security is non-negotiable.

RSA-3072 Encryption standard
Zero-knowledge Server architecture
B2B Professional deployment
Live gettrucrypt.com

The Problem

Enterprise communication needs cryptographic guarantees, not just promises.

Security-conscious organisations need to communicate privately. Legal firms, financial services, executive teams. The problem isn't that no encrypted messaging apps exist. Most of them make the wrong tradeoffs: the UX is so poor people won't use it, or the security architecture still relies on trusting the server.

TruCrypt was commissioned to solve a specific, professional use case: encrypted messaging that people would actually deploy and use, with a security architecture that didn't require trusting the infrastructure provider.

๐Ÿ”

Server trust as a failure mode

Most "encrypted" messengers encrypt in transit but store plaintext or recoverable ciphertext on the server. If the server is compromised, so are the messages. Zero-knowledge design eliminates this attack surface.

๐Ÿ“ฑ

Security tools with unusable UX

Highly secure communication tools often have CLI interfaces, complex key management, or technical workflows that prevent adoption in non-technical teams. The technology has to work for normal users.

๐Ÿข

B2B deployment requirements

Enterprise deployment means handling user provisioning, key management workflows, and a clean onboarding experience that doesn't require users to understand cryptography.

The Solution

Security-first architecture, without sacrificing usability.

TruCrypt uses RSA-3072 asymmetric encryption. Messages are encrypted on-device before transmission, so the server never has access to plaintext. Even a full server compromise exposes only ciphertext that cannot be decrypted without private keys held on-device.

The engineering challenge was building this security model into a native iOS app that looks and feels like a normal messaging application. The cryptographic complexity is hidden below the UI layer. Users don't manage keys; the app does. They see a clean, fast messaging interface.

Disappearing messages, read receipts, and a professional contact management system make TruCrypt suitable for real deployment in professional environments.

Security Architecture

  • RSA-3072 asymmetric encryption
  • Zero-knowledge server design
  • On-device key generation and storage
  • Messages never stored in plaintext
  • Disappearing messages with configurable timers
  • Clean UX, no user-facing cryptography
  • Professional B2B deployment model
  • App Store distribution, iOS native

"Michal brought exactly the right mix of technical depth and product thinking to TruCrypt. Building a security-first mobile app means there's no room for shortcuts. He got that from day one and delivered clean, solid work without needing to be managed. Rare to find an engineer who takes that kind of ownership."

Sebastian Krakowski, CEO of TruCrypt
Sebastian Krakowski TruCrypt · CEO

Product

Inside TruCrypt

TruCrypt, security-first interface
Security-first interface, no visible complexity
TruCrypt, contact management and key exchange
Contact management and key exchange
TruCrypt, messages interface
Messages interface: professional and clean

Under the Hood

Technical Highlights

Security engineering has unforgiving requirements. The architecture has to be correct, not good enough, not roughly right. Every component was designed with the threat model in mind.

Cryptography

RSA-3072 Encryption

RSA-3072 provides strong asymmetric encryption with a wide security margin. Key pairs are generated on-device at registration. The private key never leaves the device; the public key is shared for message encryption.

Architecture

Zero-Knowledge Server

The server handles routing and storage of encrypted payloads only. It cannot decrypt messages. A server compromise exposes only ciphertext; without private keys, recovering plaintext is computationally infeasible.

Key Management

On-Device Key Storage

Private keys are stored in the iOS Keychain with hardware-backed protection. Key generation, storage, and usage happen entirely on device. The user doesn't interact with key material directly.

Performance

Optimised Without Compromise

Cryptographic operations are CPU-intensive. The iOS implementation uses native Security framework APIs and async processing to keep the UI responsive during encryption and decryption operations.

Features

Disappearing Messages

Configurable message timers with server-side and client-side enforcement. Expired messages are deleted from both the server and local device storage, with no recovery path.

Backend

Firebase (Encrypted Payloads)

Firebase handles message routing and push notifications. All data stored in Firestore is already encrypted at the app layer. Firebase sees only opaque blobs, consistent with zero-knowledge design.

My Role

iOS engineer: security architecture and mobile implementation.

TruCrypt was a client engagement where security was the core constraint, not an afterthought. The CEO's requirement from day one was no shortcuts. That meant understanding the cryptographic architecture before writing a single line of application code.

Working in this kind of environment requires a different mindset than typical product engineering. There's no "we'll handle that edge case later." Security assumptions don't have grace periods. The architecture has to be right before the feature is right.

  • Security architecture design: encryption scheme, key management, zero-knowledge model
  • iOS native development: UIKit/SwiftUI, cryptographic operations, Keychain integration
  • RSA-3072 implementation using native Security framework APIs
  • Firebase backend integration with encrypted payload design
  • Disappearing message system: client and server-side enforcement
  • App Store submission and compliance review
  • Performance optimisation for cryptographic operations

Engineering Responsibilities

  • Security architecture ownership
  • Full iOS mobile implementation
  • Cryptographic protocol implementation
  • Key management system
  • Firebase backend integration
  • Performance and responsiveness
  • App Store submission

Outcome

A production security product with a CEO who trusts the work.

TruCrypt is live at gettrucrypt.com and available on the App Store. The product successfully deployed into professional environments and received strong validation from the client.

The CEO testimonial captures what good security engineering actually looks like from the product side: technical depth, no shortcuts, and the kind of ownership that doesn't require hand-holding.

Working on security-critical software changes how you think about engineering. Every assumption gets examined. Every edge case matters. That discipline carries over into everything built since.

Delivered

  • Production iOS app, live at gettrucrypt.com
  • RSA-3072 encryption, fully implemented
  • Zero-knowledge architecture in production
  • App Store reviewed and approved
  • B2B deployment-ready for professional environments
  • "Technical depth and product thinking. No shortcuts." (Sebastian Krakowski, CEO)
Previous
โ† Elumi: Couples' Daily Ritual App
Next
Enterprise Experience โ†’

Need security-critical engineering done right?

Security is not something you bolt on at the end. I've built production systems where the security architecture came first. Let's talk.

Book a Discovery Call Visit TruCrypt โ†’

Reach me at hello@skywaylabs.io