Privnote allows users to send private messages that self-destruct after reading. Secure and confidential information is protected with powerful encryption techniques.
Hashing the note
Privnote’s encryption process begins by hashing the note content using SHA-256. Notes are represented as fixed-length strings of numbers and letters. There is no way to reverse a hash back into its original value, which makes it important for maintaining confidentiality. It allows the note content to be securely verified later in the process without exposing the plaintext.
Generating a symmetric key
Next, Privnote generates a random 256-bit symmetric encryption key. After generating the hashed note in the previous step, we will use this key to encrypt it. It uses the same key to encrypt and decrypt data using symmetric key encryption. It lets the intended recipient decrypt the note later without compromising its security. The symmetric key changes randomly each time to maximize security.
Encrypting the hashed note
Using the previously generated symmetric key and AES-256 symmetric encryption, Privnote encrypts the hashed note. Cryptographically strong and secure, AES (Advanced Encryption Standard) is a block cipher algorithm. It’s extremely secure against brute force attacks because it uses a 256-bit key. A hashed note is encrypted so that only someone with access to the symmetric key can decrypt and reveal the hash.
Encrypting the symmetric key
At this point, the hashed note is secured using the symmetric key. The recipient must find a way to obtain this key to decrypt it. Privnote uses RSA to encrypt the symmetric key that earlier was created. RSA is a public-key algorithm that uses a public and private key pair. The public key encrypts data that only the private key decrypts. Privnote encrypts the symmetric key using the recipient’s public key. This encrypted key is attached to the encrypted hashed note. Now only someone with access to the recipient’s private key decrypt the symmetric key and unlock the note.
Generating the link
After all the encryption steps, Privnote has an encrypted hashed note and an encrypted symmetric key. It combines these into a URL that is generated specifically for the recipient. When the recipient visits the URL, Privnote uses its privatemessage RSA key to decrypt the symmetric key attached to the note. It then uses the decrypted symmetric key to decrypt the hashed note. After decryption, the note content is displayed for the recipient to view. Privnote immediately deletes the note after reading. The unique one-time URL effectively acts as the key that unlocks the encrypted note.
Why this encryption is secure?
Privnote’s use of hashing, symmetric encryption, and public-key encryption makes it very difficult for unauthorized parties to read note content:
- The note is hashed initially so the content is never exposed.
- The hashed note is encrypted symmetrically with a random password.
- The symmetric key itself is encrypted with the recipient’s public key so only their private key unlocks it.
- The URL acts as a one-time key and decrements after use.
Together, these techniques ensure end-to-end security. Not even Privnote’s servers decrypt the encrypted payload. Only the intended recipient unlocks and views the private note.