A zero-knowledge encrypted notepad. Your note is encrypted client-side before being stored - the server never sees your plaintext.
- Argon2id derives a password-based key used to protect an RSA-4096 private key
- An AES-GCM master key is wrapped with your RSA public key and stored server-side
- Notes are encrypted with a field key derived from the master key
- The master key only ever lives in memory - it is cleared on lock or logout
- Account-based with Supabase backend (no plaintext data ever sent)
- Auto-lock on inactivity
- Argon2id parameter calibration per device
- RSA key rotation
- Login lockout against brute-force
- Password change with full key re-wrapping
- Vue 3 + TypeScript + Pinia
- Vite + Tailwind CSS v4
- Web Crypto API (RSA-4096, AES-GCM)
- hash-wasm for Argon2id
- Supabase for auth and encrypted data storage
npm install
npm run devnpm testMIT - see LICENSE