cryptoseed-mcp

MCP server for CryptoSeed encryption. Gives any MCP-compatible AI agent the ability to encrypt and decrypt text and files using ChaCha20-Poly1305 (symmetric) and X25519+HKDF (asymmetric).

Keys are stored in the macOS Keychain — never on disk in plain text. Encrypted .seed files are fully compatible with the CryptoSeed iOS app.

Setup

1. Add to Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "cryptoseed": {
      "command": "npx",
      "args": ["-y", "cryptoseed-mcp"]
    }
  }
}

Restart Claude Desktop. The 11 CryptoSeed tools will appear automatically.

2. Or run directly

npx cryptoseed-mcp

Tools

Key management (symmetric)

Identity management (asymmetric)

Encrypt

Decrypt

Agent-to-agent encrypted messaging

This is where it gets interesting. Each agent can have its own identity:

Agent A creates identity: identity_new "agent_a"
Agent A shares pubkey:    identity_pubkey "agent_a"  →  <pubkey_b64>

Agent B encrypts to A:    encrypt_asym "<pubkey_b64>" "secret payload"  →  <blob>

Agent A decrypts:         decrypt_asym "agent_a" "<blob>"  →  "secret payload"

Only Agent A's private key (in its Keychain) can decrypt. The blob can travel through any channel — email, Slack, GitHub, another AI tool — without being readable.

File format compatibility

.seed files produced by this MCP server use the exact same binary format as:

• CryptoSeed iOS app

• cryptoseed macOS CLI

This means a file encrypted here can be decrypted in the iOS app (after importing the key) and vice versa.

Key transfer between tools

This MCP server and the cryptoseed CLI use separate Keychain entries (to avoid binary format conflicts). To use a key from the CLI in the MCP server, use the CLI's export/import commands:

cryptoseed key export mykey    # → recovery envelope (base64)
# then in Claude: import the envelope via key_new or a future key_import tool

Requirements

• macOS (Keychain)

• Node.js >= 18