✦ Introduction to ZeroNote
The Problem
Most cloud note applications store your data in plain text, meaning server administrators or hackers who breach the system can read your personal thoughts, passwords, or confidential information. Trusting a third party with your unencrypted data is a significant security risk.
The ZeroNote Architecture
ZeroNote is designed with a **Zero-Knowledge Architecture** and applies **End-to-End Encryption (E2EE)** directly within your browser. This means that unencrypted data, encryption keys, and Master Keys *never* leave your device. The server only sees and stores blobs of unreadable encrypted garbage.
How It Works
- Session Security: We use stateless, cryptographic HMAC-signed session tokens and strict CSRF protection to secure communication with our API.
- Data Hashing: Your username is hashed before storage; passwords are securely hashed using SHA-256 with random salts, ensuring even we cannot access your account without the correct password.
- Browser-side Crypto: When you provide your *Master Basic Key* or a specific *Secure Key*, ZeroNote uses industrial-grade PBKDF2 (100,000 iterations) to derive robust encryption keys and AES-GCM 256-bit algorithm to encrypt or decrypt data on the fly, right inside your browser.
- Server Role: Our Cloudflare Pages server and D1 database only act as a blind storage locker, saving and delivering encrypted titles and contents without any capability to read them.
In ZeroNote, you alone hold the keys to your kingdom.
Welcome to ZeroNote
The ultimate End-to-End Encrypted note-taking application. Zero-knowledge architecture ensures your basic keys and unencrypted data never touch our servers.
Sign In
New here? Create an account
Create Account
Already registered? Sign In
Vault Locked
Enter your Master Basic Key to decrypt your workspace. This key is never sent to the server.