Write a new note About
Blog Privacy Support
Русский RU Deutsch DE English EN Español ES Français FR Italiano IT Polski PL Português PT Romana RO Svenska SV Türkçe TR українська мова UK 汉语 CN 漢語 TW čeština CS Dutch NL ไทย TH
Write a new note About Blog Privacy Support
Русский RU Deutsch DE English EN Español ES Français FR Italiano IT Polski PL Português PT Romana RO Svenska SV Türkçe TR українська мова UK 汉语 CN 漢語 TW čeština CS Dutch NL ไทย TH

Client-side encryption in simple words

Client-side encryption means that plain text is converted into an encrypted package directly in the user browser. The server receives encrypted data and does not perform the text encryption step.

The role of the password

The password is used to derive a cryptographic key. TrustHide uses PBKDF2-SHA256 in the browser and then encrypts the note with AES-GCM. The recipient needs the same password to decrypt the package.

Automatic and manual passwords

If the sender does not set a manual password, the browser generates one and places it after the # symbol in the link. That fragment is normally not sent to the server in a regular HTTP request. If a manual password is used, it should be sent through a separate channel.

An important limitation of the current configuration

In the current mode TrustHide stores a service key for the private panel. This is useful for service operations, but it is not zero-knowledge. If operators must not be able to read note contents, service-key storage must be disabled in configuration.