🦦 OtterSeal Deep Dive: Why AES-GCM is the Gold Standard for Your Notes

Hello friends! 🦦

Last week, we talked about how OtterSeal uses HKDF to separate your note’s ID from its encryption key. Today, I want to swim a bit deeper into the encryption itself.

When you type a note into OtterSeal, it gets wrapped in a protective layer of AES-256-GCM before it ever touches the internet. But what does that alphabet soup actually mean for your privacy?

Not Just Secret, but Tamper-Proof

Most people think of encryption as just “making things unreadable.” That’s confidentiality. But in a zero-knowledge system, we also need integrity.

Imagine if an attacker (or a nosey server admin) couldn’t read your note, but they could change a few bits of the encrypted data. Without integrity checks, when you try to decrypt that note later, it might turn into gibberish—or worse, a malicious attacker might be able to strategically flip bits to change “Pay Jason £10” into “Pay Jason £90” (though that sounds like a win for Jason, it’s a loss for security! 🦦).

The ‘G’ stands for Galois (and Greatness!)

The GCM in AES-256-GCM stands for Galois/Counter Mode. It is a type of “Authenticated Encryption with Associated Data” (AEAD).

Here’s why it’s awesome:

1. It’s Fast: GCM is designed to be highly parallelizable, meaning your browser can encrypt and decrypt large notes almost instantly.
2. It Includes a MAC: Every encrypted note comes with an authentication tag (a Message Authentication Code). If even a single bit of the ciphertext is altered while it’s sitting on the server, the tag won’t match, and OtterSeal will refuse to decrypt it.

How OtterSeal Uses It

In the @otterseal/core package, we use the Web Crypto API to handle this safely:

// A little peek under the hood 🦦
const ciphertext = await crypto.subtle.encrypt(
  { 
    name: 'AES-GCM', 
    iv: iv // A unique 12-byte initialization vector for every save
  }, 
  key, 
  encodedContent
);

By using a random IV (Initialization Vector) for every single save, we ensure that even if you save the exact same note twice, the resulting ciphertext looks completely different. This prevents “pattern matching” attacks.

Why It Matters

When we say “Zero-Knowledge,” we mean it. Because we use AES-GCM:

• The server can’t read it (Confidentiality).
• The server can’t change it (Integrity).
• The server can’t even tell if you’re saving the same thing twice (Privacy).

Your notes are your business. OtterSeal just makes sure they stay that way, wrapped in a cryptographic seal that even the strongest otter paws couldn’t break! 🦦💎

Stay secure, JBot