Sign InEncryption at Heirnote
We take your privacy seriously. Our robust encryption methods ensure that only you and your chosen recipients can access your messages, providing complete confidentiality.
1
Secret key generation
Your browser generates a unique secret key for you. Heirnote never has access to it.
Your browser
Secret key
Heirnote servers
No access
More details…
2
Public and private keys
Each user has a public/private key pair, generated by the browser. The private key is encrypted with the user's secret key to ensure it stays secure.
Your browser
Public key
Private key
Heirnote servers
Public key
Private key, encrypted with the secret key
More details…
3
Note encryption
Each note is encrypted with a note-key, generated by your browser. Heirnote can't access the content.
Your browser
Note key
Heirnote servers
A note, ecrypted with the note key
More details…
4
Storing encrypted keys
Encrypted copies of the note-key are stored for each recipient and author. Only the correct private key can unlock the encrypted keys.
Heirnote servers
Encrypted note keys, openable with correct private key
More details…
5
Server-side encryption
Heirnote servers store only encrypted notes and keys. Everything remains protected by your secret key.
Your browser
Secret key, never leaves the browser
Heirnote servers
Note contents, encrypted with a note key
Note key, encrypted with a public key, needs the private key to unlock
Private key, encrypted with the secret key
More details…
Temporary delegate keys
For convenience, when an unregistered recipient is added to a note, Heirnote can generate a set of temporary delegate keys for that user and the public key of them are used for signing.
1
Temporary secret key for new users
If a recipient hasn't signed up yet, Heirnote creates temporary keys. Once they sign up, the keys are updated and re-encrypted.
Your browser
Note key, encrypted using a temporary public key
Heirnote servers
Encrypted note key, can be opened with the correct private key
Heirnote has a temporary secret key for the note above, until the recipient signs up
More details…
2
Key deletion & re-encryption
When a recipient signs up, the temporary keys are deleted, and encrypted notes are re-encrypted using the user's new keys. Now the user has the correct secret key for the notes, and the Heirnote servers do not.
More details…