Skip to content
ZestSSH Docs

Session Transcripts

Session transcripts record everything that appears in your terminal during an SSH session. Start recording when you begin a maintenance task, and export the transcript later for audit logs, documentation, or troubleshooting.

Starting a Recording

Section titled “Starting a Recording”

Tap the record button in the terminal toolbar to start recording. A small indicator shows that the session is being captured. All terminal output (stdout and stderr as rendered by the terminal emulator) is appended to the transcript in real time.

Each transcript entry is timestamped relative to the recording start, so you can see exactly when each piece of output was produced.

Stopping and Exporting

Section titled “Stopping and Exporting”

Tap the record button again to stop. You can then:

  • Export as text — get the full transcript as a plain text string, suitable for pasting into a document or sharing.
  • Save to file — write the transcript to disk in the app’s documents directory (ZestSSH/transcripts/).

The exported text includes a header with the connection label, session ID, start time, and duration, followed by the raw terminal output.

Encrypted Storage

Section titled “Encrypted Storage”

In release builds, saved transcript files are encrypted at rest:

  • Encryption: AES-256 in CTR-like mode using HMAC-SHA256 as the keystream generator. A random 16-byte IV is generated for each file.
  • Integrity: An HMAC-SHA256 tag (encrypt-then-MAC) is appended to the file. On read, the HMAC is verified using constant-time comparison before any decryption occurs. If the tag does not match, decryption is refused.
  • Key management: A 256-bit encryption key is generated on first use via Random.secure() and stored in FlutterSecureStorage (Keychain on iOS, EncryptedSharedPreferences on Android, OS credential store on desktop).
  • File format: [16-byte IV] [ciphertext] [32-byte HMAC-SHA256], saved with a .zesttx extension.

In debug builds, transcripts are saved as plain .txt files for easier inspection during development.

Reading Saved Transcripts

Section titled “Reading Saved Transcripts”

The transcript reader detects the file extension to determine the format:

  • .txt files are read as plain text (debug or legacy files).
  • .zesttx files are decrypted using the stored encryption key, with HMAC verification before decryption.

If the encryption key is lost (e.g., app data cleared without backup), encrypted transcripts cannot be recovered.

Capacity

Section titled “Capacity”

Each recording session buffers up to 50,000 entries. When the limit is reached, the oldest entry is dropped to make room for new output. For typical interactive sessions, this covers many hours of use.

Limitations

Section titled “Limitations”
  • Transcripts capture rendered terminal output, not raw SSH channel data. ANSI escape sequences are included in the raw recording.
  • Recordings are per-session and stored in memory during capture. If the app is killed before you stop recording and save, the transcript is lost.
  • Transcript files are stored locally. They are not included in cloud sync.