How Encrypti0n.com Works: A Browser-Based Encryption Platform
Encrypti0n.com offers robust, browser-based cryptography that ensures client-side encryption of both text and files. This local-first approach keeps your data secure, preventing unauthorized access during data transfer or storage. Below, we outline clearly and technically how our encryption processes for the Main App function internally.
Text Encryption Process
Encrypting text securely involves the following precise steps:
- Retrieve Settings : The app fetches cryptographic settings (rounds, salt length) from encrypted local storage.
- Encode Inputs : Both your text and password are encoded into binary format (UTF-8).
- Generate Salt and Key : A random salt is generated. Using Argon2 and the configured number of rounds, a secure 256-bit key is derived from your password.
- Encrypt with AES-GCM : The binary text data is encrypted using AES-GCM with the derived key and a securely generated 12-byte nonce (
crypto.getRandomValues
). - Output Encrypted Data : The encrypted data is encoded in base64 format for easy copying or storage.
Below is a sample code snippet that shows how AES-GCM encryption is performed on text using a javscript-ish pseudo-code:
settings = getEncryptedStorageSettings();
encodedText = utf8Encode(text);
encodedPassword = utf8Encode(password);
salt = crypto.getRandomValues(settings.saltLength);
key = deriveArgon2Key(encodedPassword, salt, settings.rounds);
iv = crypto.getRandomValues(12);
ciphertext = AES_GCM_Encrypt(encodedText, key, iv);
outputBase64(ciphertext);
File Encryption Process
Encrypting files follows a similar core logic with additional file-specific enhancements for improved security and manageability:
If you’re uploading a sensitive PDF, the file-chunking approach makes sure that each chunk is encrypted independently, maximizing security and performance
- Initial Steps : Retrieve settings and encode the password as above, deriving a 256-bit key.
- Chunk Splitting : The file is split into 64 KiB chunks, each encrypted individually to ensure efficiency and security.
- Individual Chunk Encryption : Each chunk receives a newly generated 12-byte nonce for AES-GCM encryption.
- File Header Creation : Each chunk’s length information and encryption metadata (such as nonce and salt) are included in the file header.
- Blob Generation and Download : The encrypted chunks are combined into a Blob object, and a secure download link is generated for the user.
Below is a sample code snippet that explains how AES-GCM encryption is performed on files using a javscript-ish pseudo-code:
settings = getEncryptedStorageSettings();
encodedPassword = utf8Encode(password);
salt = crypto.getRandomValues(settings.saltLenght);
key = deriveArgon2Key(encodedPassword, salt, settings.rounds);
chunks = splitFileIntoChunks(file, 65536);
for each chunk:
iv = crypto.getRandomValues(12);
encryptedChunk = AES_GCM_Encrypt(chunk, key, iv);
storeInBlob(encryptedChunk, iv, chunk.length);
createDownloadLink(blob);
Decryption Process
Decryption meticulously reverses the encryption, ensuring data integrity:
- Header Verification : Check that the file or text header begins with the identifier byte
0x01
to confirm it was encrypted with Encrypti0n.com. - Retrieve Encryption Parameters : Extract the salt and the Argon2 round count from the header.
- Key Derivation : Using extracted parameters, derive the correct 256-bit key.
- AES-GCM Decryption : Perform decryption using AES-GCM with the derived key and nonce included within each chunk or encrypted text segment.
Below is a sample code snippet that illustrates how AES-GCM decryption is generally performed on this site using a javscript-ish pseudo-code:
header = readFileHeader(encryptedData);
verify(header.startsWith(0x01));
salt, rounds = extractHeaderParameters(header);
key = deriveArgon2Key(encodedPassword, salt, rounds);
decryptedData = AES_GCM_Decrypt(encryptedChunks, key, iv);
outputOriginalData(decryptedData);
Encrypt Application (App Data Protection)
Encrypti0n.com allows users to secure all locally stored application data with a master password:
- Secure Data Handling : Except for essential UI settings, all data is encrypted using AES-GCM with Argon2 key derivation.
- On-the-fly Decryption : Data is decrypted dynamically upon request; no decrypted keys remain persistently readable or outputtable due to JavaScript security limitations.
- Key Management : The master password is never stored—it's only used to derive the encryption key. Without a user-defined master password, a default (insecure) key is used.
Local Data Structure for no set master password
{
"isUsingMasterPassword": false,
"argon2Rounds": 10,
"argon2Salt": "ECPlvmyu3dv++nhzwXBu7g==",
"default": "2o2tKUOZ1Sk8bu4MTu0wxTLt",
"data": {
"iv": "Zhg/WsALMJYanZsW",
"ciphertext": "xxxxxxx__local_data"
}
}
Local Data Structure for a set master password
{
"isUsingMasterPassword": true,
"argon2Rounds": 431,
"argon2Salt": "FtBVivCpev4+G0uqAn7Z5w==",
"default": "",
"data": {
"iv": "TQ5fMPx4cx5y5Yoi",
"ciphertext": "xxxxxx__secured_data"
}
}
Below is a sample code snippet that shows how local data is secured on this site using a javscript-ish pseudo-code:
Argon2Salt, Argon2Rounds = getLocalSettings();
if (masterPassword):
key = deriveArgon2Key(masterPassword, Argon2Salt, Argon2Rounds);
else:
key = deriveArgon2Key(defaultKey, Argon2Salt, Argon2Rounds);
iv = crypto.getRandomValues(12);
ciphertext = AES_GCM_Encrypt(appData, key, iv);
storeEncryptedData(ciphertext, iv);