LockWhisper

Journalists and researchers who need to protect sources, store sensitive documents, and communicate securely. The PGP messaging module lets you exchange encrypted messages through any channel without relying on a third-party service. The file vault and notepad keep your research encrypted on device. Zero network connections means there's nothing to intercept.

Lawyers, doctors, therapists, and accountants who handle confidential client information. HIPAA, attorney-client privilege, and professional ethics all require protecting sensitive data. LockWhisper gives you encrypted storage for client files, notes, contacts, and communications without trusting a cloud provider with your clients' information.

Travelers and expats who cross borders with their devices. Border agents in many countries can search your phone. The dual-password system means you can unlock a decoy vault under pressure while your real data stays hidden. The travel vault keeps passports, visas, and itineraries encrypted and accessible without internet. Everything works offline — no roaming, no hotel Wi-Fi required.

IT professionals and developers who manage credentials, API keys, server access, and infrastructure secrets. The password manager with iOS AutoFill handles credentials. The secure notepad stores configuration snippets and access procedures. The 2FA authenticator with YubiKey support manages authentication codes on hardware rather than in software.

Anyone who has been through a data breach and decided they're done trusting companies with their personal information. LockWhisper doesn't ask you to trust it — there's no server to breach, no account to compromise, and the code is open source for anyone to audit. Your data stays on your device, encrypted with keys only you control.

1Password, Bitwarden, and LastPass store your data on their servers — encrypted, but still on infrastructure you don't control. LockWhisper stores nothing on any server. There is no cloud, no sync service, no account to create. Your data never leaves your device unless you explicitly sync it peer-to-peer with your own Mac or iPad.

Most password managers give you passwords and maybe secure notes. LockWhisper gives you 26 independent modules: passwords, PGP messaging, journals, files, photos, videos, voice memos, contacts, calendars, to-do lists, payment cards, travel documents, identity documents, habit tracking, 2FA codes, and more — each encrypted with its own keys.

No other security app on the App Store offers plausible deniability. LockWhisper's dual-password system creates two completely independent vaults with zero forensic evidence that the second vault exists. This is a feature designed for people whose physical safety depends on data security.

Competitors charge $3–$5 per month ($36–$60/year). LockWhisper Pro is a one-time $9.99 purchase with lifetime access and every future update included. No subscriptions, no recurring charges, no price increases.

LockWhisper uses AES-256-GCM encryption through Apple's CryptoKit framework — the same standard trusted by governments and security professionals worldwide. Each of the 26 modules encrypts data independently using its own derived encryption keys stored in the iOS Keychain, Apple's hardware-backed secure enclave. Compromising one module does not expose data in any other module.

This compartmentalized architecture is a deliberate security design. There is no single master key that unlocks everything, no single point of failure, and no way for a vulnerability in one module to cascade into another. Your passwords are encrypted with different keys than your notes, which use different keys than your files. Even file metadata — filenames, creation dates, tags — is encrypted alongside the content.

Beyond encryption at rest, LockWhisper includes multi-pass secure deletion (3 passes of random data followed by 1 pass of zeros) for its auto-destruct mechanism, anti-debugging detection to prevent runtime analysis, and jailbreak detection that alerts you if your device's security has been compromised. The entire codebase is open source and auditable — you don't have to take our word for any of this.

LockWhisper goes beyond software-only security with full YubiKey hardware key integration. Your YubiKey can serve as the primary method to unlock the app itself — during setup, LockWhisper generates a random 256-bit master data key, encrypts it with your YubiKey's public key, and stores the encrypted blob in the Keychain. To unlock the app, you tap your YubiKey (NFC) or plug it in (USB-C), and the key decrypts the master key on the hardware — the decrypted key never leaves the secure element. This is fundamentally stronger than password-only authentication because the secret lives on tamper-resistant hardware, not in your memory.

The YubiKey integration supports both RSA (2048 and 4096-bit) and elliptic curve (ECC P-256) key types through the OpenPGP applet. Three key slots are available: one for decryption (used for app unlock), one for signing, and one for authentication. You can generate key pairs directly on the YubiKey — the private key is created on the hardware and never leaves it — or import existing PGP keys. LockWhisper uses RSA-OAEP-SHA256 for RSA keys and ECDH with HKDF and AES-GCM for elliptic curve keys.

You can register multiple backup YubiKeys, so losing one doesn't lock you out permanently. Each backup encrypts the same master data key with its own public key. The app also supports configurable session timeouts — keep it unlocked for 5, 10, 15, 30, or 60 minutes, or require a YubiKey tap every time you open the app.

Beyond app unlock, the YubiKey's OATH applet handles TOTP and HOTP code generation for two-factor authentication. All your 2FA secrets live on the hardware key rather than in software. Tap once to calculate all codes at once, minimizing NFC interactions. PIN management, retry tracking, and full OpenPGP card lifecycle operations (PIN changes, admin reset, factory reset) are all built in. No internet connection is required for any YubiKey operation — the communication happens entirely between your device and the key.

LockWhisper syncs between iPhone, iPad, and Mac using peer-to-peer connectivity — not iCloud, not a server, not any cloud service. Devices discover each other locally and establish a direct TLS-encrypted connection. Your data travels directly from one device to the other with mandatory encryption in transit. No intermediary ever sees or stores your information.

The sync process uses a manifest-based approach: each device shares a summary of what it has, the system computes the difference, and only changed items are transferred. Pairing is persistent (your device identity is stored in the Keychain and survives reinstalls), so you pair once and sync whenever your devices are nearby. An unpair option cleanly removes all sync metadata.

This architecture means sync works everywhere — at home, on a plane, in a location with no internet. If your devices can see each other, they can sync. And because the connection is direct and encrypted, there's no cloud provider to subpoena, no server logs to audit, and no breach to worry about.

Switching to LockWhisper doesn't mean starting over. The CSV Password Importer lets you migrate passwords from any password manager that supports CSV export — including 1Password, LastPass, Bitwarden, Dashlane, Chrome, Safari, and Firefox. Map your CSV columns to LockWhisper fields, preview the import, and bring your entire password library in with one tap.

The Day One Journal Importer handles journal migration for users switching from Day One. Your entries, dates, tags, and metadata are imported into LockWhisper's encrypted journal module. The Business Card Scanner uses OCR to capture contact details from physical cards and save them directly into encrypted storage. And the Photo Metadata Cleaner strips EXIF data, GPS coordinates, and camera information from photos before you share them — a simple but important privacy tool that most people don't think about.

LockWhisper is free to download with generous access to core modules — enough to evaluate the app and decide if it fits your workflow. The Pro upgrade is a single one-time purchase of $9.99. No subscriptions, no recurring charges, no "premium tiers" that keep escalating. You pay once and get lifetime access to all 26 modules, unlimited storage, and every future update. That's it.