Security
How SecureMint protects your data — a technical overview.
End-to-End Encryption
AES-256-GCMAll file encryption uses AES-256-GCM (Authenticated Encryption). Encryption and decryption happen entirely in your browser using the Web Crypto API. Plaintext never reaches our servers.
// Encryption parameters
Algorithm: AES-256-GCM
Key derivation: PBKDF2-SHA256 (600,000 iterations)
IV: 12 bytes (crypto.getRandomValues)
Salt: 16 bytes (crypto.getRandomValues)
Key Derivation
PBKDF2Password-based key derivation uses PBKDF2-SHA256 with 600,000 iterations (OWASP 2024 recommendation). This provides strong resistance against brute-force attacks.
How Secure File Sharing Works
E2EThe URL fragment (#) is never sent in HTTP requests — it doesn't appear in server logs. By design, no one (including the server operator) can access the decryption key.
Browser-Only Guarantee
Zero ServerFile encryption (.enc) and password generation run entirely in your browser. Zero network communication occurs. You can verify this using your browser's Developer Tools (Network tab).
.enc File Format
Open[magic: 8 bytes "SMINT01\0"]
[version: 1 byte]
[salt: 16 bytes]
[iv: 12 bytes]
[filename_length: 2 bytes (uint16 BE)]
[encrypted_payload: filename + file data]
[auth_tag: 16 bytes (GCM)]
Transparency
OpenThe core encryption logic is open source. Security researchers and users can verify the implementation.
Post-Quantum Cryptography Roadmap
RoadmapAdvances in quantum computing may eventually compromise public-key algorithms like RSA and ECDH. SecureMint's core design relies on symmetric encryption (AES-256-GCM), which remains resistant to known quantum attacks. For SecureChannel's public-key components, we are planning the following transition.
SecureMint's file encryption (AES-256-GCM) and password-based key derivation (PBKDF2) maintain sufficient security against quantum computers.