Encryption
Capsule's security model is designed so that the server never needs to be trusted. Encryption happens on your device before upload. The server receives only ciphertext. Your key and your plaintext never reach it.
Client-side encryption
Zero-knowledge encryption model
Encryption runs entirely on your device before
anything leaves it. Whether you use the
Encrypt checkbox in the web UI, the
CLI's upload-encrypted subcommand, or
the Android app, the process completes locally. The
server receives only the resulting ciphertext plus
an encrypted=true query parameter. Your
key and your plaintext never touch the server.
The encryption standard
Capsule uses the age v1 binary format with a scrypt passphrase recipient. The cipher is ChaCha20-Poly1305 (authenticated encryption). The key is derived with scrypt from a 12-word English BIP39 mnemonic generated from 128 bits of entropy. The mnemonic is generated locally on your device and never transmitted.
Works across all clients
A file encrypted on the web can be decrypted by the
CLI, and vice versa. The web UI (age-encryption
+ @scure/bip39), CLI (age
crate + bip39 crate), and Android app
all produce compatible age v1 ciphertext with no
proprietary format. If you lose access to one
client, any other can still decrypt.
What the server sees
What the server stores
The server stores the encrypted file bytes at a
temporary path and a boolean flag
IsEncrypted. On download, it returns an
X-Encrypted: true response header so
clients know whether to prompt for a mnemonic. That
is all. No key material, no metadata about the
original file beyond its name and size.
Transport & infrastructure
Transport security
All connections go through Cloudflare Tunnels. TLS is terminated at Cloudflare's edge. Cloudflare also enforces the 100 MB file size limit at the edge before traffic reaches the origin server.
Automatic deletion
Files are stored in a temporary directory and deleted by the server's cleanup routine after 60 minutes. There are no backups of uploaded files. Once the expiry window passes, the file cannot be recovered, even with the mnemonic.
Transparency
Open source server
The Capsule server is published under the AGPL-3.0 license on GitHub ↗. You can read every line of code that handles your upload, run your own instance, or propose changes.
No accounts, no breach surface
Capsule has no user accounts and collects no personal information. There is no database of credentials, no email list, and no login system. There is nothing to steal.
Privacy-friendly analytics
The web interface uses Plausible Analytics ↗ for aggregate visit counts. No cookies, no personal identifiers, no cross-site tracking.
Contact
Report a vulnerability
If you find a security issue, please open an issue on GitHub ↗ or contact Sean directly via byseansingh.com ↗.