Brussels / 3 & 4 February 2018



Encrypted collaborative editing without trusting the server

CryptPad is the world's first web based realtime collaborative editing platform where the server never sees the plaintext content. The realtime synchronization happens entirely in the client and the content is encrypted so that the server cannot read it. This lecture will present the encryption and key-management model, the sandboxing architecture which prevents a majority of CryptPad code from accessing the secret keys and some research into a solution to prevent backdoors in the javascript sent from the server. There will also be a discussion of how to reuse the CryptPad architecture (and source code) in developing other security/privacy conscious webapps.

CryptPad was created to show the world that end-to-end encryption can be as easy to use as any ordinary webapp. CryptPad allows anonymous collaboration similarly to Etherpad but the URL contains a key after the # (which is never sent to the server). CryptPad also allows registration and then organization of pads in a "CryptDrive" which is itself encrypted using a key derived from the username and password. The result of this is no plaintext content is ever sent to the server.

Because the server is unaware of any of the content which is being edited, all operational transformation and realtime synchronization must happen on the client side. This was achieved using a library called ChainPad which uses a Merkel DAG (simplified block chain) in order to seek consensus on the official version of the document without the server's help. The server is little more then a dumb message relay.

However, one still must trust the validity of the javascript which is hosted on the server. In order to mitigate the risk of javascript vulnerabilities leaking the secret keys from CryptPad, the browser's Cross Origin Policy is leveraged with a novel use of cross-domain iframes. Attacks are also limited using Content Security Policy, a new feature which is present of modern browsers.

Still, the integrity of the javascript sent by the CryptPad server remains of great importance. Cryptography software is traditionally installed as an application which theoretically receives independent code review at each release. Unfortunately this defeats the simplicity and ease of adoption of a webapp. We are studying a possible solution using notarized code signing with a browser extension to validate it.

CryptPad is a research and development effort to explore new ways of improving security in collaborative web applications while maintaining the usability that people demand. This architecture is not confined to use only for realtime editing, it can be extended to many types of application. When you design the next privacy-conscious technology consider whether you should be requiring your users to install it.


Caleb James DeLisle