Client Side Encryption
Introduction
Client side encryption allows you to optionally encrypt notes in the browser before sending it to the server for double the security.
What is it?
Client side encryption is an optional second layer of encryption with one important difference, the encryption
is performed locally, within your browser and the private key (which is basically just another password) is
never transmitted to the server.
Your note is converted to an encrypted string within your browser and sent up to the server after which the
string is encrypted all over again using the regular NoteShred AES256 encryption functionality.
Think of it like a russian doll, one encryption wraps around the other with different keys to decrypt at each level. If you include the SSL/TLS transfer, it's 3 layers of encryption.
To use it, simply click the button in the "Client Side Encryption" section of the new note form. A box will appear
with your private key. Copy this key and continue creating your note. Any time you view this note from now
you will be prompted to enter your private key to decrypt the content. It's that simple
Why?
Whilst we still maintain that using the regular note encryption is perfectly secure, some users have asked if
there was a way to encrypt their data without ever having to send the password to the server, therefore never
having to trust a 3rd party.
To those who asked us Why should we trust you?, well, now you don't have to.
The problem with this is that the standard note password also acts as an access gateway, we need a way to know
if someone trying to access the note is permitted or not, and if not we need to lock the note after 5 decrypt
attempts to prevent brute force attacks.
This is not possible when we decrypt in the browser as they already have access to the encrypted string and can
work on cracking it offline.
Using NoteShred client side encryption adds another layer of security, the password grants access to the note and encrypts the data on our servers for safe storage, where as the private key encrypts the note before it leaves your browser for your own peace of mind and double the security.
What about file attachments?
File attachments are NOT included in client side encryption. They will be transferred over SSL and encrypted on the server as normal using our standard AES256/PBKDF2 methods.
Credit
The JavaScript library used for client side encryption was written by the good people at Stanford University.
Stanford Javascript Crypto Library