Encryption
End-to-End Encryption
Strayfiles Pro uses end-to-end encryption for Stray Cloud. Your notes are encrypted before leaving your device - we never see the plaintext.
How It Works
Your Password
↓
Argon2id Key Derivation (64 MiB memory, 4 iterations)
↓
Derived Key (256-bit)
↓
Unlocks Encrypted Key File
↓
Master Key (256-bit)
↓
AES-256-GCM Encryption
↓
Encrypted content synced to Stray CloudKey File Location
Your encryption keys are stored locally:
~/.strayfiles/keys.encThis file contains your master key, encrypted with a key derived from your password. Keep this file safe - it’s required to decrypt your notes.
Security Properties
| Component | Implementation |
|---|---|
| Encryption | AES-256-GCM (authenticated) |
| Key Derivation | Argon2id |
| Memory Cost | 64 MiB |
| Time Cost | 4 iterations |
| Parallelism | 4 threads |
| Nonce | 96-bit random per encryption |
Setting Up Encryption
When you first enable Pro sync, you’ll be prompted to create an encryption password:
- Choose a strong password (minimum 12 characters, counted by Unicode grapheme clusters)
- Strayfiles generates a random master key
- Master key is encrypted with your password
- Encrypted key file saved to
~/.strayfiles/keys.enc
Local-Only Files
Mark sensitive files to skip Stray Cloud sync entirely:
---
title: API Keys & Secrets
strayfiles:
enabled: true
sync: false
---Files with sync: false:
- Stay on your local device only
- Never uploaded to Stray Cloud
- Still indexed and searchable locally
- Still have local version history
Key Rotation
The encryption system tracks usage to prevent cryptographic issues:
- Each key has a usage counter
- Limit: 2^32 encryption operations
- When approaching limit, rotate keys
- Strayfiles warns you before reaching limit
In practice, you’d need to encrypt billions of notes to hit this limit.
Memory Safety
All cryptographic material uses secure memory handling:
- Keys zeroed immediately when no longer needed
- No plaintext keys in swap files
- Protected against memory forensics
What’s Encrypted
| Data | Encrypted |
|---|---|
| Note content | Yes |
| Note titles | No |
| File paths | No (needed for sync logic) |
| Metadata (timestamps) | No |
| Tags/workspaces | No |
Recovery Key
You can export a recovery key as a safeguard against forgetting your encryption password:
- Export: Generate a base64-encoded recovery key from the encryption settings
- Import: Restore access to your encrypted notes by importing the recovery key
- Storage: Store the recovery key securely offline (e.g., printed on paper in a safe, or in a hardware-encrypted drive)
The recovery key is a complete backup of your master key material. Anyone with access to it can decrypt your notes, so treat it with the same care as a password.
Recovery
If you forget your password and have no recovery key:
- Your encrypted notes cannot be recovered
- We don’t have your password or master key
- Local unencrypted files remain accessible
Backup recommendations:
- Export and securely store your recovery key offline
- Copy
~/.strayfiles/keys.encto a safe location - Store your password in a password manager
Disabling Encryption
You can’t disable encryption for existing synced notes. To remove encrypted notes:
- Export notes locally
- Delete from Stray Cloud
- Re-add without Pro sync
Limits
| Constraint | Value |
|---|---|
| Minimum password length | 12 characters (grapheme clusters) |
| Maximum note content size | 10 MiB per note |
Notes exceeding 10 MiB cannot be encrypted and will not sync to Stray Cloud. Split large notes or use sync: false to keep them local-only.
Technical Details
Encryption format:
nonce (12 bytes) || ciphertext || auth_tag (16 bytes)Key file format:
{
"version": 1,
"salt": "base64-encoded-salt",
"params": {
"memory_cost": 65536,
"time_cost": 4,
"parallelism": 4
},
"encrypted_master_key": "base64-encoded-ciphertext"
}Why These Choices?
AES-256-GCM: Industry standard authenticated encryption. Provides both confidentiality and integrity.
Argon2id: Winner of the Password Hashing Competition. Resistant to GPU and ASIC attacks.
64 MiB memory: High memory cost makes brute-force attacks expensive.
Random nonces: Each encryption uses a fresh random nonce - no nonce reuse possible.