Skip to content
Claspt Docs

Security Model

This document describes Claspt’s encryption architecture for technical users and security auditors.

Overview

Section titled “Overview”

Claspt uses a zero-knowledge architecture: all encryption and decryption happen on your device. No server ever sees your plaintext data, master password, or encryption keys.

Encryption Primitives

Section titled “Encryption Primitives”
ComponentImplementation
CipherAES-256-GCM (via ring crate)
Key DerivationArgon2id (64 MB memory, 3 iterations, 4 parallelism)
Nonces96-bit, unique per block per save
Key StorageEncrypted in vault.key, never synced
MemoryZeroed via zeroize crate on lock/collapse

Key Derivation

Section titled “Key Derivation”

When you create a vault, Claspt:

  1. Generates a random 256-bit master key.
  2. Derives a password key from your master password using Argon2id (64 MB, 3 passes, 4 lanes).
  3. Encrypts the master key with the password key using AES-256-GCM.
  4. Stores the encrypted master key in .securenotes/vault.key.

When you unlock the vault, Claspt re-derives the password key from your password and decrypts the master key. The master key is held in memory (zeroed on lock).

Secret Block Encryption

Section titled “Secret Block Encryption”

Each :::secret block is encrypted individually:

  1. A fresh 96-bit nonce is generated for each block, on each save.
  2. The plaintext value is encrypted with AES-256-GCM using the master key.
  3. The ciphertext is Base64-encoded and stored as enc:v1:<base64>.
  4. The label remains plaintext for searchability.

What Is Not Encrypted

Section titled “What Is Not Encrypted”

The following remain plaintext for markdown portability:

  • Page content (outside :::secret blocks)
  • Secret block labels
  • Page titles, folder names, tags
  • YAML frontmatter (id, timestamps, metadata)

Sync Security

Section titled “Sync Security”

When syncing via Git or cloud storage:

  • vault.key is never synced (excluded via .gitignore).
  • Each device derives its own master key from the password.
  • Secret block ciphertext syncs safely — it’s encrypted at rest.
  • The search index is local-only (rebuilt on each device).

Brute Force Protection

Section titled “Brute Force Protection”
  • The vault locks after 5 failed password attempts with exponential backoff.
  • Argon2id parameters (64 MB memory) make brute-force attacks computationally expensive.
  • Biometric unlock supports 3 attempts before falling back to password.

Memory Safety

Section titled “Memory Safety”
  • Decrypted secret values are zeroed from memory when:
    • A secret card is collapsed (after reveal)
    • The vault is locked (manual or auto-lock timeout)
    • The app exits
  • The zeroize crate ensures values are cleared even if the destructor is called during a panic.