Skip to content

Key Features

🔒 End-to-End Encryption

  • Documents are encrypted with a unique Document Encryption Key (DEK) using AES-GCM.
  • DEKs are securely exchanged using RSA public key cryptography.
  • Each user's private key is encrypted with a unique, strong passphrase.

🎯 Granular Access Control (Architectural)

The database schema is designed to support permissions based on: - Teams: e.g., DevOps, Finance, HR - Projects: e.g., P1, P2, P3 - Roles: e.g., Lead, Admin, Member (Note: API endpoints for managing teams and projects are on the roadmap.)

🚀 Secure Operations

  • Upload: Automatic encryption and access control setup.
  • Share: Dynamically grant access to other users without re-uploading.
  • Revoke: Instantly revoke access for any shared user.
  • Delete: Securely delete a document and all its associated keys.

🔐 Advanced Security

  • JWT-based Stateless Authentication: Secure and scalable authentication flow.
  • SharedKeyRegistry: Centralized, cryptographically-enforced permission management.
  • No Passphrases over the Wire: User passphrases are used only once to obtain a short-lived JWT, never for individual operations.