The project aims to keep the server blind to note plaintext.
- note content is expected to arrive already encrypted,
- the server stores ciphertext and encryption metadata,
- the server does not need the raw password,
- the server stores only a salted hash of a client-derived
authToken, - clients must manage encryption, decryption, and secret derivation locally.
This implementation is trust-minimized, but it is not an exact reproduction of ProtectedText's original browser-only verification approach.
The current API uses a reusable client-derived authorization token for writes and deletes. That is practical for a public API, but it is still a design choice that should be reviewed before production release.
- hashed auth token verification
- optimistic concurrency to prevent silent overwrites
- IP-based request throttling
- no plaintext storage in the current server design
- Serve the API only over TLS.
- Put the service behind a reverse proxy with request size and rate controls.
- Replace the JSON file store with a durable database.
- Add structured logging that avoids sensitive payload data.
- Define a formal client-side crypto scheme and publish it with test vectors.