End-to-end encrypted messaging with transparency-log provenance. Every send, read, and delete is Merkle-anchored. Private keys never leave your browser. External recipients receive actual email via Resend relay.
Messages are encrypted in your browser using Elliptic-Curve Diffie-Hellman key agreement and AES-256 in Galois/Counter Mode. The server never sees plaintext.
Generate, export, import, and revoke ECDH-P384 key pairs. Private keys are stored in localStorage and never transmitted. Public keys are registered in the Key Registry.
Every delivery, read receipt, and deletion produces a MAIL_DELIVERY, MAIL_READ, or MAIL_DELETE leaf in the transparency log. Each is independently verifiable.
Recipients without a Sovereign key receive actual email via Resend relay from noreply@obligationsign.com. Fail-closed: only explicit 404 triggers the external path.
Every operation — key registration, revocation, message send, read, delete — is recorded locally and anchored in the transparency log with inclusion proofs.
Same Cloudflare Access login, same transparency log, same billing, same key registry. Sovereign Mail is a vertical on the ObligationSign platform.