ShhhsDocs
Trust Updated 2026-06-22

Security whitepaper

Technical security boundary for Shhhs algorithms, fragments, passphrase wrapping, request-key wrapping, private rooms, metadata, and review limits.

Review status

Shhhs is an independent service. This document describes deployed product boundaries; it is not a third-party audit, certification, formal proof, or open-source verification.

  • Independent service
  • No dependency on similarly named projects
  • External audit evidence must be published separately

Payload encryption

Supported secret-content flows encrypt before upload using Web Crypto compatible primitives in the browser or local crypto in CLI/MCP tooling. Payload data keys are AES-GCM 256-bit keys, and payload encryption uses AES-GCM with 12-byte IVs.

  • AES-GCM 256-bit data keys
  • 12-byte IVs
  • base64url transport encoding

Passphrase wrapping

When a passphrase or opening code wraps a data key, Shhhs derives an AES-GCM wrapping key with PBKDF2-SHA-256, a 16-byte salt, and 310,000 iterations. The passphrase itself must remain out-of-band.

  • PBKDF2-SHA-256
  • 16-byte salt
  • 310,000 iterations
  • No plaintext passphrase storage

Request credentials

Request links use owner key wrapping so a recipient can submit encrypted content and the owner reveals later from the console. The current public-key wrapping mechanism uses RSA-OAEP 2048-bit keys with SHA-256.

  • Owner-only reveal
  • RSA-OAEP 2048
  • SHA-256

URL fragment boundary

Non-passphrase secret links normally carry raw decryption key material in the URL fragment after #. Browsers do not send that fragment in HTTP requests, but complete links remain sensitive because local software, screenshots, extensions, or copy/paste tools can expose them.

  • Fragment key placement
  • No key material in server-readable paths
  • Complete private links remain sensitive

Private Rooms

Invite rooms keep room key material in the browser fragment or a passphrase-wrapped fragment. Direct token rooms wrap room access for known account tokens. The Worker stores encrypted room messages and operational metadata.

  • Invite fragments
  • Passphrase-wrapped room key
  • Direct token room wrapping

Non-goals

Shhhs does not claim total absence of metadata, external audit, SOC 2, ISO certification, formal proof, or identical properties across every integration. Public claims must stay aligned with deployed behavior and evidence.

  • No certification claim
  • No formal-proof claim
  • Metadata boundary stays explicit