Crypto specification
Public cryptographic boundaries for supported Shhhs handoffs.
Client-side boundary
Supported secret-content flows encrypt before upload. The Worker stores ciphertext plus lifecycle metadata required to enforce TTL, views, burn, and owner-only reveal.
- Browser encryption
- CLI local encryption
- MCP local adapter
- No key material in server-readable paths
Fragment rule
Private key material belongs in the URL fragment or local client state. It must not move into query parameters, path segments, logs, analytics, support messages, or social previews.
- Fragment is client-side
- No key in query params
- No full private URLs in docs
Non-goals
This document is not an external audit, certification, or formal proof. Changes to cryptographic algorithms require governance, tests, migration notes, and explicit review.
- No certification claim
- No secret recovery
- No unsupported E2EE expansion