Name: MeshVault
Author: Hagaratagi Technologies

◇ Overview

What is MeshVault?

MeshVault is a hardened, decentralized P2P storage system that combines a high-performance Python systems daemon core with a secure C# WPF graphical desktop launcher. By creating a decentralized network of your trusted local nodes, MeshVault eliminates third-party cloud vulnerabilities and gives you absolute control over your digital assets.

Every file is cryptographically processed using AES-256-GCM payload encryption combined with secure PBKDF2-HMAC-SHA256 and HKDF-based key derivation. The encrypted payload is split into verifiable, independently recoverable chunks that replicate across your network. Peers discover each other dynamically and form encrypted transport channels using strictly enforced TLS 1.3 protocols.

Release Candidate 2 (RC2) hardens this architecture with native binary and assembly validation using asymmetric **RSA-2048 PKCS#1 v1.5** integrity manifests, local **NTFS SID authorization access controls**, and a fail-closed uninitialized state security model. Secure. Resilient. Production-ready.

◇ Features

Core Features

Every feature is engineered for maximum security, performance, and reliability.

🔐

End-to-End Encryption

All data is encrypted before leaving your device and can only be decrypted by you. Zero-knowledge architecture ensures complete privacy.

🛡️

TLS 1.3 P2P Transport

Enforces TLS 1.3 transport security. Peered sockets negotiate connections with automatic key pinning and identity binding verification.

🔑

Ed25519 Identities

Every node generates a secure Ed25519 keypair for identity verification, signing handshakes to guarantee connection integrity.

🔏

RSA Manifest Verification

Verifies assembly files on startup using RSA-2048 PKCS#1 v1.5 signatures, immediately terminating on any tamper detection.

🔒

NTFS SID Protections

Enforces explicit, SID-exclusive NTFS access rules, denying file reading/writing permissions to all other system groups.

🧬

HKDF Key Derivation

Derives intermediate key states using cryptographically secure HKDF, ensuring full backward compatibility with past builds.

🧠

Secure Memory Handling

Sensitive session tokens and symmetric keys are wiped from active operational memory immediately after cryptographic use.

💚

Self-Healing Recovery

The system continuously audits replication. Missing or corrupt data chunks are automatically fetched and restored from online peers.

🔍

Automatic Peer Discovery

Nodes locate each other dynamically over the local subnet (UDP 5670 for discovery, TCP 5671 for data transfers) without brokers.

💻

GUI-first User Experience

Integrated WPF C# Desktop application launcher provides an administrative panel for setup, file transfers, and peer tracking.

🧱

Fail-Closed Middleware

Uninitialized api state checks return 503 Service Unavailable instantly, protecting communication from unauthenticated access.

🔌

Windows Firewall Setup

The setup compiler (Inno Setup) automatically configures firewall exceptions for local discovery and file transport ports.

◇ Architecture

Technical Architecture

A deep look at how MeshVault processes, encrypts, and distributes your data.

🔐

Layer 1 — Encryption & Key Derivation

Payloads encrypted via hardware-accelerated AES-256-GCM. Strong key stretching with PBKDF2-HMAC-SHA256 and HKDF key derivation ensures backward compatibility and entropy security.

🧩

Layer 2 — Asymmetric Verification Engine

Ensures program integrity by verifying WPF C# and Python daemon assemblies upon launch using RSA-2048 PKCS#1 v1.5 manifest verification signatures.

📡

Layer 3 — TLS 1.3 Transport Protocol

Enforces TLS 1.3 transport security. Bootstrap queries certificates, logs security events, pins keys, and pairs using Ed25519-signed fingerprints to prevent session relay.

💚

Layer 4 — Fail-Closed Permissions Model

Queries Windows user SIDs on boot to enforce exclusive NTFS access rules on the locked daemon token and keyfiles, shutting down on any permissions failure.

💾

Layer 5 — WPF Desktop GUI Launcher

GUI-first desktop control suite interfacing cleanly with local storage nodes. Manages firewalls, local replicas, chunk status audits, and recoveries autonomously.

◇ Security

Security Deep Dive

Security isn't a feature of MeshVault — it's the foundation.

🔑

TLS 1.3 Transport Confidentiality

Strictly enforcible P2P communication. Implements first-time cryptographic key pinning and signs handshakes with node identities to bind TLS channels.

🔏

RSA Binary Integrity Manifests

Refuses initialization if executable or DLL hashes differ from the signed manifest. Uses RSA-2048 PKCS#1 v1.5 validation to defeat tampering.

🔗

NTFS Authorization Enforcements

Replaces weak shared security fallbacks by dynamically query-resolving Windows SIDs, limiting read/write access strictly to the current active owner.

🧱

Fail-Closed Middleware Authentication

Protects administrative endpoints. The daemon returns HTTP 503 Service Unavailable immediately if the API authorization state remains uninitialized.

◇ Product Interface

See MeshVault In Action

A visual walkthrough of the MeshVault interface design and local dashboard structure.

meshvault://dashboard

Mesh Network Status

✓ Connected

Active Peers

4 Connected

Mesh Storage

128.5 GB Allocated

Verification Status

100% Audited

Recent File Transfers

File Name	Size	Replication	Status
Project_Arch_Core.pkg	45.2 MB	3/3 Nodes	✓ Sync Complete
Hagaratagi_Branding.zip	12.8 MB	4/4 Nodes	✓ Sync Complete

◇ Product Specifications

Technical Specifications

Verification protocols, encryption standards, and cryptographic verification values for MeshVault.

Cryptographic Integrity Checksum

Verify the authenticity of your download using this SHA-256 checksum hash. Run the verification command locally before extracting the package.

MeshVault_Setup.exe (Windows Setup Package) 5d933e5aab7b0ea105cced1310814aad2aba4024bb786eabfaa3198439a85a68

Download Verification Instructions

Open your local Windows Powershell terminal in the downloads folder and run:

Powershell

              Get-FileHash .\MeshVault_Setup.exe -Algorithm SHA256

Release Info

Current Version v1.0.0-RC2 (Beta Release / RC2)

Release Date June 18, 2026

Supported Systems Windows 10 / 11 (64-bit)

Encryption Core AES-256-GCM Hardware-safe

Minimum RAM 2 GB RAM

Disk Requirements 500 MB space for files

◇ FAQ

Frequently Asked Questions

What makes MeshVault different from traditional cloud storage? +

Unlike cloud storage services that store your data on third-party servers, MeshVault creates a peer-to-peer mesh network using your own devices. All data is encrypted before leaving your device with AES-256-GCM, split into chunks, and distributed across the network. No company — not even Hagaratagi Technologies — can read your data.

Is my data safe if a device goes offline or fails? +

Yes. MeshVault replicates data chunks across multiple peers in the mesh network. If one peer goes offline, your data is still available from other peers. The self-healing system automatically detects missing chunks and re-replicates them to maintain the required redundancy level.

What encryption does MeshVault use? +

MeshVault uses AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode), a military-grade authenticated encryption algorithm. This provides both confidentiality (no one can read your data) and integrity (no one can tamper with your data without detection).

How does automatic peer discovery work? +

MeshVault uses local network broadcasting to automatically discover other MeshVault instances on the same network. When a new device is found, you receive a pairing request. Once confirmed, the devices establish a secure, cryptographically verified connection and begin participating in the mesh network.

Can I access my files without an internet connection? +

Yes. MeshVault supports offline retrieval. Files cached locally on your device remain accessible even without internet or network connectivity. Additionally, if other peers are on the same local network, you can retrieve files directly from them without needing internet access.

Is MeshVault free to use? +

MeshVault is currently available as a free download. We believe secure storage should be accessible to everyone. Future enterprise features and premium tools may be offered separately, but the core product will always remain free.

What operating systems does MeshVault support? +

MeshVault currently supports Windows 10 and 11 (64-bit systems).

Deploy MeshVault

Secure, distributed local storage. Designed by Hagaratagi Technologies.

Download Now

MeshVault Hardened P2P EncryptedStorage