How Cryptovox Works

An overview of the recording, encryption, and decryption processes in Cryptovox.

Introduction

Cryptovox is designed to provide a secure way to record, encrypt, and share voice messages. The entire process, from recording to encryption and decryption, happens locally in your browser. This means Cryptovox never has access to your unencrypted audio data or your passkeys.

Recording Process

When you start a recording, Cryptovox uses your browser's built-in MediaRecorder API. This API captures audio directly from your microphone.

The audio is temporarily stored in your browser's memory as chunks. Once you stop recording, these chunks are combined into a single audio blob (e.g., a WebM or MP4 file, depending on browser support).

Encryption

Before you can download your message, it must be encrypted:

  • Passkey Input: You provide a secret passkey. This passkey is crucial and is known only to you (and anyone you share it with).
  • Key Derivation: The passkey is not used directly for encryption. Instead, it's combined with a randomly generated cryptographic "salt" and processed through a Key Derivation Function called PBKDF2 (Password-Based Key Derivation Function 2). This process creates a strong encryption key. Using a salt ensures that even if two users choose the same passkey, their derived encryption keys will be different.
  • Encryption Algorithm: The derived key is then used with the AES-GCM (Advanced Encryption Standard - Galois/Counter Mode) algorithm to encrypt your audio data. AES-GCM is a highly secure and widely trusted symmetric encryption algorithm. It also generates an Initialization Vector (IV), which is another random piece of data needed for decryption.
  • Local Process: All encryption operations occur entirely within your web browser. Your original audio data and passkey are never sent to any server.

Cryptovox does NOT store your passkey or your unencrypted audio. You are solely responsible for your passkey.

Downloading the Encrypted Message

After successful encryption, Cryptovox bundles the following into a single JSON file (e.g., your_message_title.cryptovox.json):

  • The message title you provided.
  • A timestamp of when the message was created.
  • The encrypted audio data (as a Base64 encoded string).
  • The salt used for key derivation (as a Base64 encoded string).
  • The Initialization Vector (IV) used during encryption (as a Base64 encoded string).
  • The MIME type of the original audio (e.g., audio/webm).

This JSON file is what you download and store locally on your device or share with your intended recipient.

Decryption

To listen to an encrypted message:

  • Upload File: You upload the .cryptovox.json file back into the Cryptovox application.
  • Enter Passkey: You must provide the exact same passkey that was used to encrypt the message.
  • Local Decryption: Using the provided passkey, the salt, and the IV (all extracted from the JSON file), Cryptovox re-derives the encryption key and decrypts the audio data using AES-GCM. This process also happens entirely in your browser.
  • Playback: If the passkey is correct and the data is valid, the decrypted audio will be available for playback directly in the browser.
Security & Privacy Summary
  • Local Processing: All sensitive operations (recording, encryption, decryption) occur in your browser.
  • No Server Storage: Cryptovox does not store your passkeys, unencrypted audio, or encrypted files.
  • User Responsibility: You are responsible for managing and securely sharing your passkeys and the encrypted .cryptovox.json files.
  • Strong Encryption: Uses industry-standard PBKDF2 for key derivation and AES-GCM for encryption.

The security of your messages relies on the strength of your passkey and how securely you manage both the passkey and the encrypted file.