Deniable encryption. Three lines of code.

8KB package. Zero runtime dependencies. One function encrypts, one decrypts, one generates a plausible decoy from the same ciphertext. Ship it in your wallet, exchange, or security product without building the crypto yourself.

See license tiers See the code

Integration is one function call.

// npm install deny-sh
import { encrypt, decrypt } from 'deny-sh';
import { generateDeniableControl } from 'deny-sh';

// Encrypt with deniable decoy
const result = encrypt(seedPhrase, {
  password1, password2
});

// Real key
decrypt(result.ciphertext, {
  password1, password2,
  controlData: result.controlData
});
// -> real seed phrase

// Decoy key (same ciphertext, different result)
const decoy = generateDeniableControl(
  result.ciphertext,
  password1, password2, decoySeed
);
decrypt(result.ciphertext, {
  password1, password2,
  controlData: decoy
});
// -> decoy seed phrase

Node.js, Python, Go, and Rust SDKs. The algorithm is open and auditable. The license is simple.

Built for.

Wallet providers

Add "deniable backup" as a feature. Your users encrypt their seed phrase with a decoy. Under duress, the decoy decrypts to a dust wallet. The real holdings stay hidden. Differentiate on security without building the crypto yourself.

Exchanges and custody

Protect cold storage backups with deniable encryption. Create separate control files for different access tiers. Compliance teams get one view. Operations get another. Both are real. Both decrypt from the same file.

Secure messaging

Store messages that decrypt to different content under different keys. Compliance-friendly on one key. Private on another. The same database, the same ciphertext, two different truths.

Security platforms

Offer deniable file encryption as a platform feature. Password managers, secure notes, document vaults. The algorithm is audited and open. The integration is three lines of code.

License tiers.

Startup

$5,000/year

For early-stage products with fewer than 10,000 monthly active users.

  • Full SDK access (Node.js, Python, Go, Rust)
  • Proprietary embedding rights
  • Integration support (email)
  • Quarterly security updates
  • Single product license
Contact us

Growth

$15,000/year

For products scaling past 10K MAU. Multi-product rights included.

  • Everything in Startup
  • Multi-product license (up to 3)
  • Priority support + architecture review
  • Early access to new SDKs
  • Custom integration guidance
Contact us

Enterprise

Custom

Large-scale deployments, white-label, custom requirements.

  • Everything in Growth
  • Unlimited products
  • White-label rights (remove deny.sh branding)
  • Dedicated engineering support
  • Custom SLA
  • On-premise deployment option
Contact us

The AGPL question.

Do I need a commercial license?

If your product is open source under a compatible license: no. Use deny.sh freely under AGPL-3.0.

If your product is proprietary or closed-source: yes. The AGPL requires that software using deny.sh over a network also be open-sourced. A commercial license removes that requirement. One flat annual fee. No per-user royalties on Startup and Growth.

Don't build the crypto. Build the product.

Tell us what you're shipping and we'll scope the right license in one call.

Get in touch