Ghost Pad

How encryption works

Create a note

This is what passcode-protected notes do. If you skip the passcode, the server stores plain text until expiry or burn—see Create a note for that flow.

  • Message is encrypted in your browser using Web Crypto (PBKDF2 + AES-256-GCM) before anything is uploaded.
  • Server stores only ciphertext (JSON with salt, IV, and ciphertext). Attachments use the same format when passcode-protected.
  • The passcode is not in the link. You share the short URL and tell the recipient the passcode through a different channel (call, Signal, in person). Our servers never receive the passcode in API requests.
  • Server cannot read your data for those notes: we only persist ciphertext, and we cannot derive the key without the passcode.

Link vs passcode

The note id in the URL lets the browser fetch encrypted data from our API. The passcode stays out of that request entirely—it is entered on the note page (or shared verbally), and decryption runs locally.

Share link and passcode separatelyChannel A (any)Short link → ciphertext on serverChannel B (different)Passcode — not sent to Ghost PadRecipient needs both to decrypt in the browser
We never see the passcode in HTTP requests. For best hygiene, avoid pasting the passcode in the same thread as the link.

Create flow (passcode note)

Create flow: encrypt then upload ciphertextYour browserWeb CryptoOur serverPlaintext + passcodeAES-GCM ciphertextStore blob onlyLink you share (public id only)https://…/abc12xyz34
The share URL only identifies the note. The passcode never appears in that URL or in our upload API.
  1. You type the note (and optional file) and a passcode in the browser.
  2. The app derives an AES key from the passcode (PBKDF2, random salt per note) and encrypts the body (and file bytes if any).
  3. The client sends ciphertext to the API via HTTPS. The passcode is not in that payload.
  4. We store ciphertext in the database and, if present, the encrypted file in object storage. Original filename and MIME type are stored for display; file contents stay encrypted.
  5. You copy the share link (path only). You communicate the passcode to the recipient separately.

Open flow (recipient)

1. GET /api/notes/{id}     → JSON with ciphertext body (+ attachment metadata)
2. Recipient enters passcode on the page → stays in the browser (not sent as “decrypt me” to us)
3. Web Crypto decrypts locally     → plaintext only in that tab

Limits to keep in mind

  • Anyone with both the link and the passcode can read the note—guard both.
  • We cannot recover lost passcodes or decrypt passcode-protected content for you.
  • Browsers cannot stop screenshots; see the notice on the note page.