eassy.click uses the same encryption algorithms (OpenPGP) as Proton email, you can check the details here. And this is how eassy.click does the encryption:
1. Your device generates a public & private key pair;
2. Then your device encrypts the private key with your password;
3. Then your device sends your username, public key, encrypted private key to server;
Your password never leaves your device!
1. Your device makes a request with your username to get your public key, encrypted private key, and a challenge encrypted with your public key;
2. Your device decrypts the encrypted private key with your password;
3. Then it uses the decrypted private key to decrypt the challenge, and send the decrypted challenge to server;
4. Server checks if the challenge is solved, if yes, it will return an access token and a refresh token back to your device, and you are logged in.
So again, your password never leaves your device!!
1. Your device generates a strong password;
2. Then your device encrypts the link / note with this password;
3. Then your device encrypts this password with your public key;
4. Then your device sends the encrypted texts and the encrypted password to server;
1. Your device gets the encrypted texts and the encrypted password from server;
2. Your device decrypts the encrypted password with your private key;
3. Then your device decrypts the encrypted texts with the decrypted password;
Check the source code, let me know if you have feedback.
1. If you forget your password, there is no way to decrypt your private key, and without your private key, you can't decrypt your data! So keep your password in a password manager;
2. You can still reset your password, but you will get a new key pair, which still means you can't decrypt your data;
3. So keep your password in a password manager.