Security Architecture
How SnapPwd keeps your secrets safe with Zero-Knowledge encryption.
Zero-Knowledge Architecture
SnapPwd is built on a "Zero-Knowledge" principle. This means we cannot read your secrets, even if we wanted to. The server acts only as a blind storage for encrypted data.
- Browser-Based Encryption: Encryption happens entirely in your browser using the Web Crypto API (AES-GCM). Your secret is turned into gibberish before it ever leaves your device.
- The Key Lives in the Fragment: The encryption key is part of the URL fragment (the part after
#). Browsers never send the fragment to the server. We see the URL path, but we never see the key.
How It Works
1
Encrypt
You type your secret. Your browser generates a random key and encrypts the text locally using AES-GCM.
2
Upload
The encrypted data is sent to our server. We store it, but we can't read it because we don't have the key.
3
Share
You get a link containing the key (after the #). You send this link to the recipient. They use it to decrypt the secret locally.