VaultSort Logo
VaultSort
HomeEncryption Whitepaper
SECURITY DESIGN DOCUMENT · FREE

See exactly how
we encrypt your files.

No black boxes, no “trust us.” The complete technical account of VaultSort's V4 encryption — the threat model, the cryptography, and the limitations we're honest about.

Download the WhitepaperPlain-language version
PDF · No email requiredVersion 1.0 · Current format
VaultSort V4 Encryption — Security Design Document cover

Encryption you can't inspect is just a promise.

Plenty of people held off on VaultSort because a proprietary “encrypted file format” with no documentation is a reasonable thing to be skeptical of. Fair. So we wrote it all down — the algorithms, the key-derivation chain, the file layout, the threat model, and the parts we deliberately don't claim to solve. Read it, poke at it, and decide for yourself.

What's inside

Eight chapters, written for technically literate readers — not marketers.

01

Threat Model

What V4 protects against — and the scenarios it explicitly does not.

02

Why V4 — Addressing V3 Weaknesses

The architectural gap we found in V3 and how V4 closes it.

03

V4 Cryptographic Design

Hardware-bound key derivation via WebAuthn PRF, step by step.

04

Touch ID — Security Model

Platform vs. cross-platform credentials, and the iCloud trade-off.

05

File Format Reference

Byte-level header layout and wrapped key-slot schemas.

06

Algorithm Selection Rationale

Why each primitive was chosen, with the standard it implements.

07

Backward Compatibility

How V1–V3 files stay readable and how re-registration works.

08

What This Document Does Not Cover

The boundaries of the format’s guarantees, stated plainly.

The key never touches the file

Every V4 file is protected by a key that only your hardware can produce.

  1. 1
    Hardware authenticator

    Your YubiKey or Touch ID computes an HMAC with a secret that never leaves the device — 32 bytes of entropy nothing else can reproduce.

  2. 2
    HKDF-SHA-256

    That output is combined with a random per-file salt and your credential ID to derive a unique wrap key for this exact file.

  3. 3
    AES-256-KWP (RFC 5649)

    The wrap key encrypts the file’s random 256-bit key using authenticated key wrapping. Tampering is detected at unwrap.

  4. 4
    AES-256-GCM

    The file key encrypts the body, with the entire metadata header authenticated as additional data. Any modification aborts decryption.

The full byte-level format and algorithm parameters are in the whitepaper.

Built on standard, audited primitives

AES-256-GCM · NIST SP 800-38DHKDF-SHA-256 · RFC 5869AES-256-KWP · RFC 5649Argon2id · RFC 9106WebAuthn PRF · FIDO2Crockford Base32

No homemade ciphers. No proprietary cryptography. V4 composes well-established standards in a documented, verifiable chain.

Read it. Then trust it on your terms.

The whitepaper is free and always will be. If you want the plain-language tour first, start with the encryption overview.

Download the WhitepaperLoading...
How encryption works →Touch ID support →Hardware keys →

Stay Updated with VaultSort

Get the latest updates, security tips, and feature announcements delivered to your inbox.

🔒We respect your privacy. Unsubscribe at any time.