Security
Zero-knowledge architecture
All encryption and decryption happens in your browser or mobile app. The server stores only ciphertext and can never access your plaintext data, passwords, or encryption keys. This is enforced by the cryptographic design, not by policy.
For the full technical breakdown, see the cryptographic architecture.
Cryptographic primitives
| Function | Algorithm | Purpose |
|---|
| Symmetric encryption | XChaCha20-Poly1305 | Authenticated encryption of all vault items (256-bit keys) |
| Key derivation | Argon2id | Password to master key (64 MiB, 3 iterations) |
| Subkey derivation | HKDF-SHA256 | Domain-separated subkeys (auth, encryption, wrapping) |
| Key exchange | X25519 | Asymmetric key wrapping for grants and wills |
| Signatures | Ed25519 | Document notarization (strict verification) |
| Hashing | SHA-256 | Merkle tree for notarization proofs |
Open-source crypto
The cryptographic core is open source under Apache 2.0 / MIT dual license:
All repositories are available at github.com/blindkeep-vault.
Independent review
The vault-core cryptographic implementation has been independently reviewed by Maarten Boone. Findings have been addressed, including:
- Removal of V1-to-V0 decryption fallback (downgrade resistance)
- Explicit nonce length validation to prevent panic from untrusted input
- Fixed-size arrays for nonces and public keys (compile-time guarantees)
- Direct
hash_password_into for Argon2 (no intermediate PHC string)
- All-zero shared secret rejection for X25519 (low-order point defense)
- Strict Ed25519 signature verification (anti-malleability)
- Zeroization of temporary key material
Formal verification
BlindKeep has a formal cryptographic specification including:
- TLA+ state machine specification with model-checkable invariants
- Tamarin symbolic protocol verification under the Dolev-Yao adversary model
- Game-based security definitions with explicit probability bounds
- Reduction proofs for item confidentiality, grant non-transferability, notarization integrity, and 9 other properties
Infrastructure
- All data stored and processed in the EU (Scaleway, France)
- TLS 1.3 for all connections
- Rate limiting on all authentication and public endpoints
- Content Security Policy headers (no inline scripts, no eval)
- No cookies, no third-party resources
- Append-only audit log for all sensitive operations
Vulnerability disclosure
If you discover a security vulnerability, please report it responsibly:
- Email: security@blindkeep.com
- Please include a description of the issue and steps to reproduce
- We will acknowledge receipt within 48 hours and aim to resolve critical issues within 7 days
- We do not pursue legal action against good-faith security researchers