Skip to content

malpou/Secure-Notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

76 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secure Notes

A secure note-taking app built around envelope encryption. Each note is encrypted with a freshly generated AES-256 data-encryption key (DEK), and the DEK is itself encrypted with a per-user RSA master key held in Azure Key Vault (RSA-OAEP-256). Only ciphertext is stored at rest, and deleting a user also purges their master key from Key Vault — cryptographically shredding their notes.

Encryption flow

  1. Generate a random AES-256 DEK and encrypt the note with it (AES-CBC, fresh IV)
  2. Encrypt the DEK with the user's master key in Azure Key Vault
  3. Persist encryptedDEK:encryptedNote; decryption reverses the steps via Key Vault

Structure

Directory Contents
client/ Svelte + TypeScript SPA — login and note CRUD
server/ .NET Azure Functions API — JWT auth, envelope encryption, Azure Table Storage
infrastructure/ Terraform for the Azure resources (Key Vault, storage, static site)

Side project from 2023, no longer actively maintained.

About

Source code for a secure notes application utilizing envelope-encryption

Topics

Resources

Stars

0 stars

Watchers

1 watching

Forks

Contributors