How storage-p’s zero-knowledge security works
This is the reasoning behind the product: a clear picture of where keys live, what is encrypted, and what a breach would expose.
Keys are derived in your browser
Your master password is run through Argon2id in the browser to derive the vault key. The password itself is never transmitted — only an Argon2id authentication hash is sent so the server can verify you, without ever learning the secret.
Every item is encrypted client-side
Each item is encrypted with XChaCha20-Poly1305 before it leaves the device; the server stores nonce‖ciphertext and has no way to decrypt it. This is what “zero-knowledge” means in practice.
Sharing keeps the server blind
One-time links keep the decryption key in the URL fragment, which never reaches the server. User-to-user sharing seals the item to the recipient’s public key with a sealed-box (X25519). Projects use a Project Key that is wrapped separately for each member.
Defence in depth at rest
On top of the client-side encryption, the server database is encrypted at rest with SQLCipher. The app ships a strict CSP and HSTS and loads no third-party scripts.
What a breach exposes — and the trade-off
A full server or database compromise yields only ciphertext: no plaintext secrets and no master password. The deliberate trade-off is that there is no recovery if you forget your master password — so keep an encrypted backup.