Skip to main content

TECHNICAL DOCUMENT · v1.0 · 2026

VaultPass Security Whitepaper

A technical description of the encryption flow, key management architecture, and Dead Man’s Switch protocol that underlies the VaultPass inheritance system.

AES-256-GCMCSPRNG keysShamir's SSSWeb Crypto APIClient-side E2E
§1

Threat Model

VaultPass is designed to protect against three primary adversaries: (1) a compromised VaultPass server, (2) a network-level attacker intercepting traffic, and (3) an heir attempting to access the vault before the trigger condition is met.

The core property we guarantee: no single party — including VaultPass — can decrypt a vault without (a) the user's AES key and (b) the heir's Shamir shard. Both are required. Neither is ever stored in the same place.

§2

Vault Encryption (Client-Side)

All encryption happens inside the user's browser via the Web Crypto API. No plaintext ever leaves the device.

Step 1 — Key generation: crypto.subtle.generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt','decrypt']) produces a cryptographically random 256-bit key.

Step 2 — IV generation: crypto.getRandomValues(new Uint8Array(12)) produces a 96-bit initialisation vector. AES-GCM with a 96-bit IV is the NIST-recommended configuration (SP 800-38D).

Step 3 — Encryption: crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, plaintext) produces an authenticated ciphertext with a 128-bit GCM authentication tag appended. Tampering with the ciphertext causes decryption to fail with an authentication error.

Step 4 — Serialisation: The vault blob is stored as base64(IV) + '.' + base64(ciphertext). The raw AES key is exported and delivered to the heir separately.

Prove it yourself →
§3

Key Sharding (Shamir's Secret Sharing)

The raw AES key is split into N shards using Shamir's Secret Sharing (SSS). Any M-of-N shards can reconstruct the key; possession of fewer than M shards reveals zero information about the key.

Default configuration: 3-of-5 split. The user retains Shard 1. The heir receives Shard 2. Shards 3–5 are distributed across the VaultPass Sentinel Network — geographically separated nodes that release their shards only after the Dead Man's Switch triggers.

Mathematical basis: SSS uses polynomial interpolation over a finite field (GF(2^8)). A degree-(M-1) polynomial is constructed such that f(0) = secret, and each shard is a point on the curve. Any M points uniquely determine the polynomial; fewer than M yield no information.

§4

Dead Man's Switch Protocol

The switch has three states: MONITORING, WARNED, and TRIGGERED.

MONITORING: The user performs periodic check-ins. Each check-in updates last_check_in in the database (a Supabase Postgres row). The check-in endpoint validates the user's JWT before accepting the update.

WARNED: When elapsed time > 75% of the configured interval, Inngest dispatches warning emails to both the user and heir. This is the 'redemption window.'

TRIGGERED: At 100% elapsed time, Inngest marks the switch as triggered. A 7-day safety buffer begins — a second chance for false positives (hospitalisation, travel). If not cancelled within 7 days, the system authorises heir key delivery.

CANCELLED: Any check-in during the triggered or warned state resets the switch and cancels all pending heir notifications.

§5

Data Architecture

VaultPass stores: (1) the encrypted vault blob — ciphertext only, (2) the heir's email address in plaintext, (3) the last_check_in timestamp, (4) the check_in_interval_days setting.

VaultPass never stores: (1) the plaintext vault secret, (2) the AES decryption key, (3) any Shamir shard belonging to the user or heir.

Database: Supabase Postgres with Row Level Security (RLS) policies. A user can only read and write their own profile row. The service-role key (used by background jobs) never runs on the client.

Transport: All API calls use HTTPS/TLS 1.3. HSTS is enforced. The Supabase anon key is scoped to authenticated operations only.

§6

Verification

Every claim in this document is verifiable without trusting VaultPass. The Interactive Demo (/demo) lets you run the encryption in your browser and inspect the output. Open DevTools → Network to confirm no requests are made during encryption.

The core cryptographic primitives (AES-256-GCM, SHA-256, the CSPRNG) are implemented by your browser vendor, not by VaultPass. We call the Web Crypto API; the only cryptography we implement ourselves is the Shamir's Secret Sharing math, which is open-source in crypto-core.

The crypto-core module (AES-256-GCM, SHA-256, Shamir's Secret Sharing) is already open-source and MIT-licensed on GitHub. An independent third-party professional audit is planned; the report will be published in full at /security.

Run the Live Demo →View Audit Roadmap →