The cryptography behind Keeplas
Three foundations keep your legacy private -- today and decades from now. Here is what each one does, why it matters, and how Keeplas uses it. No jargon required.
AES-256
Encryption Standard
AES-256-GCM -- the encryption standard
AES-256 is the symmetric cipher trusted by governments, banks and militaries to protect classified data. The '256' is the key length: 2^256 possible keys -- a number so vast that brute-forcing it is considered infeasible for any classical computer that could ever be built.
Keeplas uses AES-256 in GCM mode (Galois/Counter Mode), which both encrypts your data and authenticates it. If a single byte of ciphertext is altered, decryption fails -- so tampering is always detected.
- check_circleEvery vault item is encrypted with its own AES-256-GCM key.
- check_circleEncryption happens in your browser, before anything is uploaded.
- check_circleA unique nonce per item means identical files never produce identical ciphertext.
Zero-Knowledge
Architecture
Zero-knowledge -- the architecture
Zero-knowledge means Keeplas can operate your vault without ever being able to read it. The keys that decrypt your data are derived on your device from your 24-word recovery phrase (via Argon2id) and never leave it -- we never receive them, not even a hash.
Our servers hold only ciphertext plus the minimal public metadata needed to orchestrate life checks and recovery. Even a full breach of our infrastructure, or a court order, yields nothing readable.
- check_circleYour 24-word phrase is the root secret -- generated and kept only by you.
- check_circleArgon2id, a memory-hard function, derives your keys locally.
- check_circleKeeplas stores encrypted blobs it is architecturally incapable of decrypting.
ML-KEM-768
Quantum-Safe (FIPS 203)
ML-KEM-768 -- quantum-safe by default
A future quantum computer could break the public-key cryptography that secures most of today's internet. Attackers know this, and some already 'harvest now, decrypt later' -- storing encrypted data today to crack once quantum hardware matures. For a vault meant to outlive you, that threat is real.
Keeplas defends against it with ML-KEM-768, the key-encapsulation mechanism standardized by NIST as FIPS 203. It wraps every per-recipient key and every Shamir recovery shard, so your legacy stays sealed even against an adversary with a quantum computer.
- check_circleStandardized by NIST as FIPS 203 (the ML-KEM / Kyber family).
- check_circleWraps per-recipient keys and recovery shards, combined with AES-256-GCM.
- check_circleDefends against 'harvest now, decrypt later' attacks on data meant to last.
The supporting cast
Three more primitives complete the picture.
Argon2id
A memory-hard key-derivation function that turns your 24-word phrase into your Root Key locally -- and makes brute-force attacks impractical.
Shamir Secret Sharing
Splits your master key into 5 shards across trusted contacts. A threshold you choose (2-of-5 by default) can rebuild it; fewer reveal nothing.
Hash-chained audit log
Every action writes a tamper-evident entry whose hash links to the previous one -- rewriting history would break the chain.
Want the full technical detail?
The Security Whitepaper covers the complete cryptographic architecture, threat model and key lifecycle -- written for engineers and auditors.