Key handling
User passphrases stay on the client. Keys are derived in the browser and are not stored on the server in plain text.
Technical Security Details
How the security model works
This page is for people who want the more technical explanation behind NullBox.
Primary encryption path
The main protection path uses client-side key derivation and authenticated encryption before any payload is uploaded.
Additional protection path
When available, NullBox can add a post-quantum key exchange layer and alternative authenticated encryption flow on top of the standard path.
Storage model
Files are stored as ciphertext in object storage. Access is granted through short-lived signed URLs.
Recovery helpers
Optional recovery helpers are supported through threshold secret sharing so multiple parties can assist with recovery when configured.
Local Crypto Diagnostics
Runs in your browser using local crypto code paths