Couldn’t you use HMAC with shared secret key to authenticate messages while keeping plausible deniability? Since the key is only supposed to be known to the 2 parties, the recipient can deduce that a message was actually sent by the sender if he did not create it himself. I think that’s what OTR was using.

Gocryptfs or CryFS. Many GUI available (Vaults, SiriKali, Plasma Vaults). Android compatibility with DroidFS.