KeysArk
← Back to blog

Why KeysArk must be open source — and why backups carry a version number

“End-to-end encrypted” is a claim. Open source is what turns it into something you can actually check.

Trust, but verify

If you cannot read the code, “we never see your data” is just marketing. Open source lets anyone confirm there is no backdoor: that the key really is derived in the browser, that plaintext really never reaches the server. Security that cannot be audited is not security — it is faith.

The problem nobody talks about

Self-custody has a long-tail problem. You encrypt a backup today, then go to open it in five or ten years — but by then the website may be gone, the libraries changed, the algorithms tweaked. A backup you can no longer decrypt is not a backup.

So backups carry their own provenance

Every mnemonic backup KeysArk exports (PDF and HTML) embeds a provenance manifest describing exactly what produced it:

  • The ark CLI version, and the source repository + commit hash.
  • The build time and the Node.js version.
  • The exact crypto library versions (hash-wasm, @scure/bip39, @noble/hashes).
  • The full crypto spec: BIP39 24-word phrase, seed → HKDF-SHA256 → AES-256-GCM, and the Argon2id parameters.

Why the version number matters

With that manifest, future-you can check out the exact commit that made the backup, reproduce the build environment, and decrypt — even decades later, even if keysark.com no longer exists. The version number is not bookkeeping; it is the map back to the runtime environment that can still open your vault.

Open source proves there is no backdoor today. Provenance proves you can still get in tomorrow.