v1.0.0-stable: CipherKeep Security Architecture

🚀 CipherKeep v1.0.0-stable: Technical Release Notes

Project Overview

CipherKeep is a high-security local vault designed to store sensitive text secrets (Wi-Fi passwords, recovery keys, private notes) using hardware-backed encryption. Unlike standard note applications, CipherKeep ensures that data never leaves the device and is only accessible via biometric authentication.

Technical Architecture & Security Pillars

• Hardware-Backed Encryption: Integrated capacitor-secure-storage-plugin to interface directly with the iOS Keychain and Android Keystore, ensuring data is encrypted at the hardware level.
• Biometric Authentication: Implemented native FaceID and TouchID prompts using @aparajita/capacitor-biometric-auth.
• Resilient Fallback Logic: Engineered a secure 4-digit PIN bypass using Capacitor Preferences for scenarios where biometric hardware is unavailable or disabled.
• Cryptographically Secure Generation: The password generator utilizes the Web Cryptography API (window.crypto.getRandomValues) for true entropy instead of predictable Math.random().
• Reactive State Management: Leveraged Angular 17 Signals to manage global authentication states and route guards

What’s New in v1.0.0

• The Vault: Sticky search bar with dynamic filtering and hardware-encrypted storage.
• The Generator: Offline, customizable password utility with "Copy to Clipboard" integration.
• The Settings: Multi-step "Full Wipe" functionality to securely scrub all local data and reset the application.
• UX/UI: Adaptive dark-mode support and an interactive User Guide for first-time onboarding.