Data Encryption in VerityVault

Learn how VerityVault protects your privacy with advanced encryption, zero-knowledge architecture, and user-controlled security.

1. Data Encryption & Security

Master Key: All your data is encrypted with a master key generated in your browser. This key never leaves your device.
Document-wise Keys: Each document is encrypted with its own unique key for maximum security.
Passphrase: Your passphrase unlocks your master key and is never sent to the server. Keep it safe!

How Encryption Works in VerityVault

Master Key Generation: When you set up your vault, a unique AES-256 master key is generated in your browser. This master key never leaves your device in unencrypted form.
Master Key Protection: The master key is encrypted ("wrapped") using a key derived from your passphrase (using PBKDF2 and a random salt). The encrypted master key and salt are stored in your user profile in the backend, but your passphrase is never sent to the server.
Data Encryption: Each document or item you add is encrypted with its own randomly generated data key (AES-256). The data key for each item is then encrypted with your master key. The encrypted data and the encrypted data key are stored in the backend.
Sharing: When you share a document, its data key is encrypted with the recipient’s public key, so only they can decrypt it.
Zero-Knowledge: All encryption and decryption happen in your browser. The backend only stores encrypted data and cannot decrypt or access your information.

What is the Master Key?

The master key is the root key for your vault.
It encrypts/decrypts all your data keys, which in turn encrypt your actual documents.
The master key is itself protected by your passphrase, so only you can unlock it.
If you lose your passphrase, you cannot recover your master key or your data.

Summary: The master key is the central secret that protects all your data. It is never exposed to the server, and all encryption is performed client-side for maximum privacy and security.

2. End-to-End Encryption: How It Works

All encryption and decryption happen in your browser. The backend only stores encrypted data and cannot access or understand your information.

{
  "investment": {
    "encryptedData": "...",
    "encryptedKeys": {
      "user1": "...",
      "user2": "..."
    }
  }
}

3. Sharing Data Securely

When you share a document, its key is encrypted for each recipient. Only those users can decrypt and view the data.
You can edit or revoke shares at any time.

4. Zero-Knowledge Backend

The backend stores only encrypted data. It cannot decrypt or understand any of your information. This is called zero-knowledge architecture—your privacy is mathematically guaranteed.

5. Account Deletion & Data Cleanup

When you delete your account, all encrypted data is permanently erased from our servers.
We comply with GDPR and never retain your information after deletion.

6. Example: Encrypting and Sharing a Document

You add a new document. The app generates a unique key and encrypts the file in your browser.
The encrypted file and key (encrypted for you) are stored in the cloud.
When you share, the key is encrypted for each recipient and added to their access list.
Only users with the right key can decrypt and view the document.

7. Why This Matters

Privacy: No one but you can read your data.
Security: Even if the server is breached, your data is safe.
Compliance: We meet strict privacy laws like GDPR.

Comments & Feedback

Have questions, suggestions, or feedback about VerityVault? We'd love to hear from you! Please leave your comments below or contact our support team for assistance.