Cloud Vault is a secure file storage solution where files are encrypted client-side using AES-GCM. Encryption keys are derived by the client and server through a password-authenticated key exchange (PAKE), where the password itself is never revealed or stored in plaintext. The server never stores a crackable password hash. Even if the server database is compromised, attackers cannot perform offline brute-force or dictionary attacks to recover your master key.
- End-to-End Encryption: Files are encrypted using AES-GCM before leaving your device.
- Hardened Key Derivation: Cloud Vault uses Argon2id for client-side key stretching.
- Install the dependencies:
npm install-
Set up .env file, see
.env.exampleto get started. -
Run the development server:
npm run devOpen http://localhost:3000 with your browser to see the result.
To build the project for production:
npm run build
npm startsrc/app: Contains the Next.js App Router pages and server actions.src/components: Reusable UI components.src/lib: Utility functions, including client-side crypto logic and server-side session management.prisma: Database schema and configuration.
This project uses Next.js and Tailwind CSS. Additional, thank you to serenity-kit and MetaOpenSource for the OPAQUE PAKE implementation.