eassy.click uses the same encryption algorithms (OpenPGP) as Proton email, you can check the details here. And this is how eassy.click does the encryption:
1. Your device generates a public & private key pair;
2. Then your device encrypts the private key with your password;
3. Then your device sends your username, public key, encrypted private key to server;
Your password never leaves your device!
1. Your device makes a request with your username to get your public key, encrypted private key, and a challenge encrypted with your public key;
2. Your device decrypts the encrypted private key with your password;
3. Then it uses the decrypted private key to decrypt the challenge, and send the decrypted challenge to server;
4. Server checks if the challenge is solved, if yes, it will return an access token and a refresh token back to your device, and you are logged in.
So again, your password never leaves your device!!
1. Your device generates a strong password;
2. Then your device encrypts the link / note with this password;
3. Then your device encrypts this password with your public key;
4. Then your device sends the encrypted texts and the encrypted password to server;
1. Your device gets the encrypted texts and the encrypted password from server;
2. Your device decrypts the encrypted password with your private key;
3. Then your device decrypts the encrypted texts with the decrypted password;
Check the source code, let me know if you have feedback.