How CipherWrite Encrypts Your Data
A technical deep-dive into CipherWrite's encryption architecture: AES-256, PBKDF2 key derivation, and client-side encryption flow.
CipherWrite uses a multi-layered encryption approach to protect your writing:
Encryption Standard: AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode). This is the same standard used by governments, banks, and military organizations worldwide.
Key Derivation: PBKDF2-HMAC-SHA256 with a high iteration count. Your password is never stored — instead, it's used to derive a cryptographic key that exists only in your browser's memory.
The Flow: 1. You type in CipherWrite's editor → text stays in browser memory 2. On save → your password-derived key encrypts the text locally 3. Only the encrypted ciphertext is sent to our servers via TLS 1.3 4. On another device → you enter your password → key is regenerated → text is decrypted locally
What we store: Encrypted blobs, your email address (for login), and basic metadata (creation date, encrypted note count). We never store your password or encryption key.
For more details, visit our Security & Trust page.