Cipher
Cipher (binary mdstn-cipher) is Madstone’s zero-config, local-first file encryption tool with a
managed key lifecycle. It runs entirely on your machine — keys live in an embedded SQLite store and
no server is required for the core feature set.
This documentation describes Cipher v0.1.0. Pre-release builds report their version as
dev.
Licensed under BSL 1.1 (converts to Apache 2.0 three years after each release).What Cipher does
- Encrypts any file into a
.mdstncontainer using streaming AES-256-GCM (recipient mode uses X25519 key agreement; passphrase mode derives keys via PBKDF2) - Manages encryption keys locally — private keys are Argon2id-wrapped at rest, never stored raw
- Encrypts for other people by email via CKD (Cipher Key Directory), no manual key exchange
- Shares keys with teammates through a policy/grant model
- Runs as an MCP server so AI assistants can encrypt, decrypt, and manage keys
- Optionally runs as a self-hosted server (REST API + dashboard, requires PostgreSQL)
Getting started
Encrypt your first file in under 5 minutes.
go install, Docker, prebuilt binary, or build from source.
How keys are created, stored, shared, and recovered.
Encrypt for anyone by email. No key exchange.
Back up keys and recover from server or mnemonic.
Use Cipher from Claude and other LLM clients.
All commands and flags.