How encryption works?

Encryption looks like this

"Your own Instagram, encrypted."

becomes

wy4ECQMIEBxRNEeIF4bgdM7Y+SQ7tISQ57p1ZjndMSjTgY9TfjHeuM3eV4uJ

ScYG0loBx5NmvvYropaF6BNKyE15YsOZhGUmJLoOKhYvEdagyOXNhzp4Ajd4

j8TARG9Cve1sZgcdVr/2zHE5iq5BX3zG+hSpr3tnlcnx8UVFBi9DsRy7/ivL

lgD0L+g=

=kxgU

Same for your photos, and these encrypted-nobody-can-understand things are saved in server.

How encryption works in notenote.cc?

notenote.cc uses the same encryption algorithms (OpenPGP) as Proton email, you can check the details here. And this is how notenote.cc does the encryption:

When you sign up:

1. Your device generates a public & private key pair.
2. Then your device encrypts the private key with your password;
3. Then your device sends your username, public key, encrypted private key to server;

Your password never leaves your device!

When you sign in:

1. Your device makes a request with your username to get your public key, encrypted private key, and a challenge encrypted with your public key;
2. Your device decrypts the encrypted private key with your password;
3. Then it uses the decrypted private key to decrypt the challenge, and send the decrypted challenge to server;
4. Server checks if the challenge is solved, if yes, it will return an access token and a refresh token back to your device, and you are logged in.

So again, your password never leaves your device!!

When you create a note:

1. Your device generates a strong password;
2. Then your device encrypts the texts and files with this password;
3. Then your device encrypts this password with your public key;
4. Then your device sends the encrypted texts, the encrypted files and the encrypted password to server;

When you fetch a note from server:

1. Your device gets the encrypted texts, encrypted files and the encrypted password from server;
2. Your device decrypts the encrypted password with your private key;
3. Then your device decrypts the encrypted texts or files with the decrypted password;

Check the source code, let me know if you have feedback.