VILLAGGIO DI ALBERTO
a brief life, a lasting impact
← Back to the public site
Technical demo · local privacy

How we protect the records.

This is a real demo: the data you enter is encrypted with AES-GCM 256 inside your browser and saved only here. Nothing leaves this page. Close the browser, close the vault.

What happens when you create a record

  1. You unlock with a passphrase (in production: a hardware passkey).
  2. The passphrase generates, via PBKDF2 (250,000 iterations), an AES-256 GCM key. The key lives only in the browser's RAM.
  3. You fill out a sample educational record form.
  4. On save, the data is encrypted with a 96-bit random IV and a SHA-256 hash of the plaintext is computed as integrity proof.
  5. The ciphertext is saved in localStorage on this demo page (in production: a local DB inside the walls).
  6. To read a record back you need to re-enter the passphrase: without it, the data is unreadable, even to you.