How AES-256 Encryption Works in Krokanti Notes
Technical explanation of the client-side encryption model used for secure notes — PBKDF2 key derivation and AES-256-GCM.
Krokanti Notes uses industry-standard AES-256-GCM encryption for secure notes. This page explains the technical implementation for users who want to understand exactly how their data is protected.
Overview
When you lock a note with a PIN, the following happens entirely in your browser (never on our servers):
- Key derivation: Your PIN is processed through PBKDF2 to generate a 256-bit encryption key
- Encryption: The note content is encrypted with AES-256-GCM using that key
- Storage: Only the encrypted ciphertext is sent to and stored on our servers
- Decryption: When you enter your PIN to unlock a note, the key is re-derived and used to decrypt the content locally
Key Derivation: PBKDF2
PBKDF2 (Password-Based Key Derivation Function 2) converts your PIN into a cryptographic key:
- Algorithm: PBKDF2-SHA-256
- Iterations: 310,000 (meets NIST 2023 recommendations)
- Salt: 16 random bytes, generated fresh for each note encryption
- Key length: 256 bits
The high iteration count makes brute-force attacks expensive — an attacker with the ciphertext cannot simply try millions of PINs quickly.
Encryption: AES-256-GCM
AES-256-GCM is an authenticated encryption mode:
- Algorithm: AES (Advanced Encryption Standard), 256-bit key
- Mode: GCM (Galois/Counter Mode)
- IV: 12 random bytes, generated fresh for each encryption operation
- Authentication tag: 128 bits (GCM provides integrity verification — tampering is detected)
GCM mode provides both confidentiality (content is hidden) and authenticity (tampering is detected). If the ciphertext is modified after encryption, decryption will fail with an authentication error rather than silently returning corrupted data.
Encrypted Payload Format
The encrypted note is stored as a JSON object:
{
"v": 1,
"alg": "AES-256-GCM",
"salt": "<base64-encoded 16 bytes>",
"iv": "<base64-encoded 12 bytes>",
"ciphertext": "<base64-encoded encrypted content>"
}
This payload is stored verbatim in the content column of the notes database. The salt and iv are stored alongside the ciphertext (they are not secret — they are random values needed for decryption, just not enough on their own without the key).
What Krokanti Software Can See
| Data | Visible to Krokanti? |
|---|---|
| Note title | ✅ Yes |
| Note content (body) | ❌ No — stored as encrypted ciphertext |
| Your PIN | ❌ Never — derived key never leaves your browser |
| Encryption key | ❌ Never — generated and discarded in browser |
| Tags, metadata | ✅ Yes |
Implementation
The encryption is implemented using the Web Crypto API — a browser-native, standardized cryptography interface. No third-party encryption libraries are used in the note encryption path.
The relevant source is in src/lib/crypto.ts (open-source as part of the codebase).
There is no master key, no recovery key, and no backdoor. If you forget your PIN, the content cannot be recovered. This is by design — true client-side encryption requires that only you hold the key.
Threat Model
This encryption protects you from:
- ✅ Data breaches of Krokanti's servers
- ✅ Malicious employees (we cannot read your secure notes)
- ✅ Legal orders for user data (we can only provide the encrypted blob)
- ❌ Keyloggers on your own device (we cannot protect against malware on the client)
- ❌ An attacker who watches you type your PIN
- ❌ Brute force if your PIN is too short (use a long PIN or passphrase)
Start taking better notes today
Free forever. No credit card required. Works on any device.
Create your free account →Related articles
Was this article helpful?
Can't find what you're looking for? Contact support