Security model

StashVlt is designed as a zero-knowledge relay for test and review. It reduces server trust but does not replace product security review.

What the server sees

• Opaque blind inbox IDs.
• Encrypted package JSON, ciphertext, nonce, tag, wrapped session descriptor, and public key identifiers.
• Request metadata such as IP address and timestamps from normal web serving logs.

What the server does not receive

• Device private keys.
• Sender private keys.
• Plaintext package contents.
• Decrypted QR bundle content.

Client-side cryptography

• AES-256-GCM for package payloads.
• ECDSA P-256 signatures for sender authenticity.
• RSA-OAEP-SHA256 recipient wrapping.
• Authenticated metadata binds ciphertext and headers.

Test-release caveats

This public deployment is for online testing. Before regulated or high-risk production use, add formal cryptographic review, sender onboarding policy, abuse controls, quota management, backup/restore runbooks, privacy review, and monitored incident response.