Security guide

Security guide

A plain-language guide to what OzCrypt Basic protects, what stays local, and which locks are strong security versus helpful policy checks.

OzCrypt Basic

Know the boundary

OzCrypt should be clear about what protects the encrypted content and what only helps guide local use.

Local-only processing

Files, text, passwords, answers, gestures, and key files are handled in your browser. OzCrypt Basic is designed so these secrets are not uploaded.

Strong cryptographic locks

Password, answer, gesture, file-key, and environment factors can participate in key derivation. Their strength still depends on how hard they are to guess or reproduce.

Soft policy locks

Local date checks and visible environment warnings help guide use, but local device state can be changed or simulated. Treat them as policy controls, not guarantees.

Unrecoverable secrets

If a required password, answer, gesture, or key file is lost, OzCrypt cannot recover the encrypted content for you.

Privacy boundary

An .ozc header can reveal metadata such as file names, factor types, dates, and algorithm choices. It must not contain unlock secrets.

No exaggerated claims

Avoid claims such as “unbreakable encryption”. Strong encryption is about careful implementation, strong secrets, and honest limits.

OzCrypt Basic

How to use it safely

A few habits make local encryption much safer and reduce accidental lockouts.

What strong encryption depends on

The encrypted payload uses AES-GCM with a key derived from your selected factors. A long unique password or a well-kept key file is usually stronger than a short memorable secret.

Metadata is not secret

.ozc headers can describe algorithms, factor types, dates, and file names. They must never contain passwords, answers, gesture sequences, key-file hashes, or private keys.

Recovery reality

Test decryption before deleting originals. Keep recovery notes and required key files separate from the encrypted package.

Browser requirements

Modern browsers with Web Crypto and File API support are required for the core app. Service Worker and Clipboard support improve convenience.

Recommended

  • Use a long, unique password for important files.
  • Keep key files backed up separately if you use File Key.
  • Test decryption before deleting the original file.
  • Save recovery instructions separately from the encrypted package.

Limitations

  • Local time lock can be affected by system clock changes.
  • Environment lock is a soft policy control, not strong security.
  • Lost passwords, answers, gestures, or key files cannot be recovered.
  • Large files may depend on browser memory limits in this preview build.