SENTINEL
Security
Securityby design.

Sentinel is built around minimizing trust, minimizing metadata, and protecting private communication.

Architecture
Built to knowas little as possible.

End-to-end encryption

Messages are encrypted on your device and decrypted only on your recipient’s. The relay carries ciphertext it cannot read.

Local identity generation

Your identity keys are generated on your device the first time you open Sentinel. They are never created for you on a server.

Personas are isolated

Each Persona is a separate identity with its own keys and contacts. One Persona reveals nothing about another.

No phone number required

There is no SMS step and no number to verify. Nothing ties an account to a SIM, a carrier, or a real-world line.

No advertising profile

Sentinel builds no behavioral profile and runs no ad or analytics SDKs. There is no interest graph to sell.

No address book upload

Your contacts stay on your device. Sentinel never uploads, hashes, or scans your phone’s address book to find people.

Threat model
What it defends.What it cannot.

Honest security means being precise about the edges. Sentinel protects the channel between people — it cannot protect a device that is already turned against you.

Protects against

Inside the channel

  • Network interception of message contents
  • Metadata reduction across the relay
  • Device separation through isolated Personas
  • Encrypted individual and group conversations
Does not protect

Beyond the channel

  • A device that is already compromised
  • Screenshots or screen recording of your chats
  • Malware running on the endpoint
  • Mistakes made by the people in a conversation
Cryptography
The technicalfoundation.

Encryption

Conversations are protected with modern authenticated symmetric encryption, with a fresh key derived for message traffic.

Key exchange

Peers establish shared secrets through an asymmetric key exchange. Public keys are exchanged directly between devices.

Local key storage

Private keys are stored on the device that generated them and are never transmitted to Sentinel’s servers.

Message authentication

Every message carries an authentication tag, so tampered or forged ciphertext is rejected rather than shown to you.

Specific algorithm details and versions are documented with each release so the description always matches the software you actually run.

Responsible disclosure

Found something? Tell us.

If you are a security researcher and believe you have found a vulnerability, we want to hear from you. Report it privately first and give us reasonable time to investigate and fix before any public disclosure. We do not pursue legal action against good-faith research conducted under these terms.

security@sentinelobscura.com
Questions aboutsecurity?

Our security team reads every message. Reach out and we will get back to you.