Security Policy

This document is the threat model and security posture for the Kryptos sync server (kryptos-api) — the only internet-facing component. Kryptos Mobile is a local-only, end-to-end-encrypted vault; when the optional self-hosted sync is used, the server stores and routes ciphertext it cannot read. This file states exactly what that means, what the server can and cannot observe, and how it defends itself.

It reflects the posture as of kryptos-api 0.28.0. It is versioned with the code and updated as the posture changes.

Supported versions

Security fixes target the latest released api-v* minor. Older minors are not maintained; upgrade to the latest release.

What the server can and cannot see

The vault is encrypted on the device with a key derived from the user’s secret; that key never leaves the device. Sync ships already-encrypted records and blobs. Therefore:

The server CANNOT see:

The server CAN see (and an operator should treat as observable metadata):

The design intent is that compromising the server yields metadata, not vault contents — the end-to-end encryption is the backstop that holds even if the server is fully popped.

Pairing & transport trust model

Abuse & authentication posture

At-rest integrity & backup

Caveats & non-goals

Reporting a Vulnerability

Please report security issues privately — do not disclose them publicly before a fix is available.

Include a description, affected version, reproduction steps, and impact. Expect an acknowledgment within a few days; fixes are prioritized by severity and released as a new api-v* version, credited to the reporter unless anonymity is requested. Please allow a reasonable disclosure window before publicizing.