How KeysArk encrypts: the design

Every design choice in KeysArk follows one rule: the key never leaves your browser. Here is the chain, from the words you write down to the ciphertext in your cloud.

One phrase to hold everything

Your master secret is a BIP39 recovery phrase — 24 English words (256 bits of entropy) for new vaults. It is a standard, so you can import it into MetaMask or any BIP39 wallet. Nothing else to download, no key file to babysit.

From words to a key

The phrase is turned into a key deterministically, entirely in the browser: same phrase, same key, every time, on any device — with no server involved.

BIP39 phrase
  → seed   (PBKDF2-HMAC-SHA512)
  → HKDF-SHA256
  → AES-256 key

Encrypting your content

Each item is sealed with AES-256-GCM, an authenticated cipher: it both hides the content and detects tampering. Every encryption uses a fresh, random 96-bit IV that is never reused — reusing a GCM nonce would be catastrophic, so we never do.

The server is a dumb pipe

Our API and the storage clients are bytes-in, bytes-out: they move opaque base64 ciphertext and are entirely content-agnostic. The plaintext, the phrase, and the derived key are forbidden from any server code, request, URL, cookie, log, or database.

Unlocking on your machine

When you store your phrase locally (in the web app or the ark CLI), it is wrapped with an unlock password using Argon2id (512 MB, t=4, p=1) — a deliberately memory-hard function that makes brute-forcing the password expensive. The parameters travel with the credential, so they can be raised over time.

The trade-off we accept

True end-to-end encryption means even we cannot help you recover your data. Lose the recovery phrase and it is gone. That is the price of nobody — including us — being able to read it.