An End-to-End Encrypted Vault for Everything Secret

End-to-end encryption (E2EE) means data is encrypted on the sending device and only decrypted on the receiving device. In a password manager, the two "ends" are your devices: laptop, phone, browser extension. The server in the middle holds ciphertext, never plaintext.

This is stricter than HTTPS. TLS protects data in transit between you and the server, but the server still sees plaintext. E2EE protects data from the server itself — a compromised server, a malicious employee, or a subpoena hits a wall of ciphertext.

PassCryp's E2EE is implemented in the browser using Web Crypto (the W3C-standard subtle crypto API). Native browser code performs AES-256-GCM with hardware acceleration; we never ship our own AES implementation.

When you save a password on one device, the device encrypts it locally and uploads the resulting blob. Other devices download the blob and decrypt it locally using the vault key derived from your master password. The sync layer is dumb: it moves opaque ciphertext.

Realtime updates use Supabase Postgres changes, but the payloads are encrypted before insert. A subscriber sees only ciphertext arrive and decrypts client-side.

Sharing extends the same model. A shared vault has its own AES key, encrypted to each member's RSA public key. Members fetch the wrapped key once, unwrap it client-side, and then decrypt vault items normally.

For each vault item, the server stores: a random UUID, an encrypted blob (ciphertext + nonce + auth tag), an encrypted title (so search works without leaking item names), and timestamps. That's it. No plaintext URL, no plaintext folder, no plaintext tag.

For each user, the server stores: an email (for login and notifications), an Argon2id-wrapped vault key, a public key, and a hashed recovery key fingerprint. The master password itself is never sent, never logged, never derivable from anything we hold.