cloak.business

Zero-Knowledge Authentication

Last Updated: 2026-02-09

cloak.business uses a zero-knowledge authentication model. Your password never leaves your device -- not during sign-up, not during sign-in, not ever. Our servers verify your identity without ever seeing or storing your actual password.

What It Means#

In traditional authentication, your password is sent to a server where it is checked against a stored hash. If the server is compromised, attackers gain access to password hashes.

With zero-knowledge authentication, your password never travels over the network. The server has no knowledge of your password -- it only receives a cryptographic proof that you know it.

How It Works#

The process is designed to be invisible to you while providing significantly stronger security:

  1. You enter your email and password on your device.
  2. A deterministic salt is derived from your email using Blake2b — this means the same email always produces the same salt, enabling cross-device key consistency without storing the salt on the server.
  3. Argon2id (64 MB memory, 3 iterations) derives a 64-byte master key from your password and salt. This step is intentionally slow to resist brute-force attacks.
  4. Six independent 32-byte keys are derived from the master key using HKDF-Blake2b, each with a unique domain context string:
    • auth — authentication proof
    • data-encryption — encrypts your presets and entities on the server
    • key-encryption (KEK) — wraps your reversible encryption keys
    • recovery, verification, session — account recovery and session binding
  5. Only SHA256(authKey) is sent to the server for login — a one-way hash of one derived key. Your password, master key, and all other keys remain on your device.
  6. The server verifies the hash and returns an API token.

This happens automatically every time you sign in. From your perspective, it feels like a normal login.

Encryption Keys#

Your password drives two independent encryption systems:

Local Vault — AES-256-GCM#

The vault stored on your device (history, API tokens, reversible encryption keys) is encrypted with AES-256-GCM. The vault key is derived from your 24-word BIP39 recovery phrase via Argon2id — not from your login password. This separation means your vault remains protected even if your account password is compromised.

  • Recovery phrase: 24 BIP39 words generated from 256 bits of OS randomness (OsRng). Write it down — we do not store it.
  • PIN quick-unlock: a separate Argon2id derivation used for faster vault access on the Desktop App.
  • All keys use ZeroizeOnDrop — securely wiped from memory when no longer needed.

Server-Synced Data — XChaCha20-Poly1305#

Your presets, entities, and other synced data are encrypted before leaving your device using XChaCha20-Poly1305 with your data-encryption key. Each record uses a random 24-byte nonce. The server stores only ciphertext — it cannot decrypt your data.

This means your data is protected at rest even if our storage were accessed by an unauthorized party.

Recovery Phrase#

Because we never have access to your password, we cannot reset it for you. Instead, when you create your account, the system generates a 24-word recovery phrase.

This recovery phrase is the only way to recover your account if you forget your password.

  • It is displayed once during signup.
  • It is not stored on our servers.
  • It cannot be retrieved later.

How to Store Your Recovery Phrase#

  • Write it down on paper and store in a secure physical location.
  • Save it in a trusted password manager.
  • Do not store it in plain text on your device, in email, or in cloud notes.
  • Consider storing copies in two separate secure locations.

What We Store#

What We StoreWhat We Never Store
SHA256(authKey) — login verification hashYour actual password
SHA256(sessionKey) — session binding hashMaster key or any of the 6 derived keys
Server data encrypted with XChaCha20-Poly1305Your data-encryption key (cannot decrypt your data)
Account metadata (email, plan)Your recovery phrase

Our servers hold only the minimum data needed to verify your proof and store your encrypted information.

Why It Matters#

  • Database breach protection -- even if our database were compromised, your password remains safe because it was never stored.
  • No insider risk -- no employee or system at cloak.business can access your password.
  • End-to-end encryption -- your vault data is encrypted with a key derived from your password, which never leaves your device.
  • Compliance-friendly -- zero-knowledge architecture helps meet strict data protection requirements.

Important Reminders#

  • Save your 24-word recovery phrase immediately after signup. Without it, a forgotten password means permanent loss of access to your encrypted vault.
  • We cannot reset your password. There is no "forgot password" email flow that bypasses the recovery phrase.
  • Your password strength matters. Since the encryption key is derived from your password, a strong password directly strengthens your vault encryption.

SDK Client-Side Encryption#

The same zero-knowledge principles power our official SDKs. The ClientCrypto module provides true client-side encryption where keys never leave your device:

JavaScript/TypeScript#

import { ClientCrypto } from '@cloak-business/sdk';

// Generate a random encryption key (store securely!)
const key = await ClientCrypto.generateKey();

// Encrypt data locally before sending anywhere
const encrypted = await ClientCrypto.encrypt(key, 'sensitive data');

// Decrypt locally - key never transmitted
const decrypted = await ClientCrypto.decrypt(key, encrypted);

Python#

from cloak_business import ClientCrypto

# Generate a random key
key = ClientCrypto.generate_key()

# Encrypt locally
encrypted = ClientCrypto.encrypt(key, "sensitive data")

# Decrypt locally
decrypted = ClientCrypto.decrypt(key, encrypted)

Security Model:

  • AES-256-GCM encryption (the SDK uses a standalone key you generate — independent of ZK platform authentication which uses XChaCha20-Poly1305)
  • Keys are never transmitted to any server
  • All operations use the Web Crypto API (browser) or cryptography library (Python)

See the SDK Reference for complete documentation.

Frequently Asked Questions#

Can cloak.business read my encrypted data? No. Your vault is encrypted with a key derived from your password, which never leaves your device. We store only the encrypted form.

What happens if I forget my password and lose my recovery phrase? Your account and encrypted data become permanently inaccessible. We cannot recover them. This is the tradeoff of zero-knowledge architecture -- maximum security means we genuinely cannot bypass it.

Is my password sent during sign-in? No. Your device performs the Argon2id key derivation locally and sends only the resulting cryptographic proof.

Can I change my password? Yes. Changing your password re-derives your encryption keys on your device and updates the server-side verification data. You will need your current password or recovery phrase to do this.

Document maintained by cloak.business