Security guide

Security guide

A practical guide to what OzCrypt protects, what remains local, and where the honest privacy boundary sits.

OzCrypt

Know the boundary

OzCrypt should be clear about what protects the encrypted content and what only helps guide local use.

Local-only processing

Files, text, passwords, answers, gestures, and key files are handled in your browser. OzCrypt is designed so these secrets are not uploaded.

Strong cryptographic locks

Strong protection comes from AES-GCM encryption plus secrets that are hard to guess. Long unique passwords and well-kept key files are stronger than short answers or simple gestures.

Soft policy locks

Local time windows and environment checks are useful reminders and workflow controls, but device time and browser characteristics can be changed. Treat them as soft policy locks.

Unrecoverable secrets

OzCrypt does not have an account recovery back door. If a required password, answer, gesture, or key file is lost, the encrypted content cannot be recovered by the app.

Privacy boundary

OzCrypt works locally in the browser. The public .ozc header is now minimal and authenticated; file names, questions, dates, and notes are encrypted as protected metadata.

No exaggerated claims

Avoid exaggerated promises. Strong encryption is about careful implementation, strong secrets, and honest limits.

OzCrypt

How to use it safely

A few habits make local encryption much safer and reduce accidental lockouts.

What strong encryption depends on

The encrypted payload uses AES-GCM. The public header is authenticated as AES-GCM additional data, so changing header fields causes unlock to fail.

Metadata is not secret

.ozc keeps only minimal public header data outside the ciphertext: format/version, app id, algorithm, KDF settings, salt, and required factor types. User-facing details are protected inside the encrypted payload.

Recovery reality

Always test decryption before deleting originals. Keep passwords, answers, gesture reminders, and key-file backups separate from the encrypted package.

Browser requirements

Modern browsers with Web Crypto and File API support are required for the core app. Service Worker and Clipboard support improve convenience.

QR and camera processing

QR codes and camera frames are processed locally in the browser. They are not uploaded to OzCrypt.

QR limits

QR export is best for short encrypted notes. Larger encrypted text blocks should usually be copied as text or saved as .ozc files instead.

Configuration templates

.ozcfg templates only save non-secret settings. They must not contain passwords, answers, gestures, key-file hashes, derived keys, or unlock secrets.

Recommended

  • Use a long, unique password for important files.
  • Keep key files backed up separately if you use File Key.
  • Test decryption before deleting the original file.
  • Save recovery instructions separately from the encrypted package.

Limitations

  • Local time lock can be affected by system clock changes.
  • Environment lock is still a soft policy control. It is not a substitute for a strong password or key file.
  • Lost passwords, answers, gestures, or key files cannot be recovered.
  • Large files may depend on browser memory limits in this preview build.
Future Plus / Pro online features

Features such as recipient sharing, remote revocation, cloud backup, cross-device sync, or hardware-key enrollment would require a future online service. They are not active in this local-only build.

OzVault

Encrypted vault safety

OzVault stores vault items in an encrypted .ozv file and keeps the unlocked database only in page memory.

Master password cannot be recovered

The master password is not stored. If it is lost, OzVault cannot recover the encrypted vault.

Local-only by default

Vault creation, unlock, editing, export, search, generator, and dashboard checks happen locally. The current build has no cloud sync or hosted account.

Clipboard and auto-lock limits

Copied passwords may remain in the operating-system clipboard. Auto-lock clears the page memory state after inactivity, but it is not a substitute for locking your device.

Future online services

Sync, hosted backup, team vaults, hosted audit history, and online breach monitoring would require backend infrastructure and are not part of this offline local build.

OzPurge

Metadata cleaning has limits too

OzPurge helps remove common metadata locally, but it should stay honest about what it can and cannot guarantee.

Metadata cleaning stays local

Photos and documents are processed locally in your browser. OzPurge does not upload files, metadata previews, or reports.

Best-effort, not forensic-grade

OzPurge removes common metadata such as EXIF, text chunks, comments, or document properties when supported, but it does not guarantee complete hidden-content removal for every format.

Review cleaned files before sharing

Always open the cleaned file, confirm it still looks correct, and keep the original backup if you may need it later.

Cleaning can be irreversible

Once metadata is removed and the cleaned file is shared, you may not be able to restore timestamps, comments, camera details, or document properties.

OzGen

Synthetic identities are for testing only

OzGen can generate fake identities locally for demos, mockups, and privacy-friendly placeholders, but those records must never be presented as real people.

No impersonation or fraud

Use generated identities only for testing, development, demos, and mock data. They should never be used to impersonate real people or bypass verification systems.

Local generation only

Names, usernames, emails, addresses, phone numbers, and test card values are generated locally in the browser using built-in lists and randomness. OzGen does not fetch remote identity data.

OzStegano

Steganography does not replace encryption

OzStegano helps hide content inside PNG carriers locally, but hiding and cryptographic confidentiality are different goals.

Carrier files stay local

Carrier PNG files, hidden payloads, passwords, extracted files, and checksums are processed locally in the browser. OzStegano does not upload them.

Hidden is not undetectable

LSB steganography can still be detected by specialist or forensic tools. Optional AES encryption protects the payload contents, but it does not make the presence of hidden data impossible to detect.

Lossy formats break payloads

JPEG, WebP, MP3, AAC, OGG, and other lossy formats may destroy hidden bits. The current build intentionally focuses on PNG to keep the carrier lossless.

Review and test output

Open the stego PNG locally, confirm it still looks acceptable, and test extraction before relying on the file for transport or backup.

OzChat

Manual peer-to-peer chat has real network limits

OzChat is a local-first WebRTC preview for 1:1 encrypted chat and small file transfer without a signaling server in the default build.

No server by default

The static app does not upload messages or files. In this preview, users manually exchange WebRTC offer and answer text to establish a DataChannel.

Protected signaling is for the exchange channel

Offer/Answer metadata must be readable by the receiving peer. A pairing code can encrypt the package while you share it, but the peer decrypts it before connecting.

Compare the fingerprint

OzChat adds an app-layer ECDH/AES-GCM session on top of WebRTC. Compare the displayed fingerprint with your peer over a trusted channel before relying on the session.

QR and camera stay local

Signal QR codes, uploaded QR images, and camera frames are processed locally. Camera scanning depends on browser support and usually requires HTTPS or localhost.

Offline use requires preparation

A static web app can only open offline after it has already loaded and cached on that device. Open or install OzChat before travel, and keep the tab open if Service Worker support is unavailable.

WebRTC metadata and LAN limits

Connection setup metadata may reveal network information to peers. Browser LAN auto-discovery is limited, and AP/client isolation, VPNs, or restrictive networks can block direct connections.

Room cards are not cloud rooms

A room card is just portable setup data for manual signaling. It is not stored by OzChat, does not create an online room, and does not upload messages.

No plaintext history by default

Chat messages and transferred files stay in page memory only and are cleared when the session disconnects, refreshes, or closes. Future encrypted local history would require an explicit local passphrase.

Diagnostics avoid content

OzChat diagnostics summarize browser support, connection state, signaling mode, fingerprint status, and ICE candidate counts without including messages, keys, pairing codes, raw signaling payloads, file contents, or IP addresses.

Future relays would change metadata exposure

Future signaling, TURN, or SFU services could help blocked networks, but they require online infrastructure and may expose setup metadata to those services. They are not active in this static build.

Use carefully

OzChat is an experimental local secure-chat tool. Do not use it for life-critical or high-risk communications without independent security review.