How It's Secured

This page provides detailed technical information about the cryptographic mechanisms and data anonymisation used by Pain Recorder.

Encryption

Pain comments are encrypted client-side before transmission using the Web Crypto API, which is built into all modern browsers.

Algorithm	RSA-OAEP
Key size	4096-bit
Hash function	SHA-256
Encryption location	Client-side (in browser)
Server receives	Base64-encoded ciphertext only

The server acts as a transparent storage layer. It receives the opaque ciphertext and stores it as-is. It never has access to the plaintext content or the encryption key material.

Key Management

An asymmetric RSA key pair is generated in the browser at registration time:

Public key (encryption) — used to encrypt notes before sending. Stored in IndexedDB.
Private key (decryption) — used to decrypt notes when viewing. Stored in IndexedDB as a non-extractable CryptoKey object.

The non-extractable flag is a Web Crypto API feature that makes it impossible for any JavaScript code (including malicious scripts) to export the raw private key bytes. The key can only be used for decryption operations through the browser's built-in cryptographic engine.

The private key never leaves the device. It is not transmitted to the server, not included in API requests, and cannot be extracted from IndexedDB.

Data Anonymisation

User identifiers are pseudonymised before being stored alongside pain records in the time series database:

At registration, the server assigns a random UUID (v7) as the user identifier.
When storing pain records, the UUID is hashed with SHA-256 to produce a tenant identifier.
Only the hash is stored alongside the pain data. The raw UUID is not present in the time series store.

SHA-256 is a one-way cryptographic hash function. Given the hash output, it is computationally infeasible to recover the original UUID. This limits data correlation if the time series database is ever compromised.

Data in Transit and at Rest

In transit

All communication uses HTTPS (TLS). WebAuthn authentication requires HTTPS in production, ensuring that all data — including already-encrypted comments — is protected by an additional transport-layer encryption.

At rest (server-side)

The server stores the following data in its time series database:

Field	Format	Readable?
Pain level	Integer (0–4)	Yes (low sensitivity)
Timestamp	UTC microseconds	Yes
Comment	Base64 ciphertext	No
User identity	SHA-256 hash	No

What the Server Cannot Do

Cannot decrypt your notes — the private key exists only on your device and is non-extractable.
Cannot identify you — user identifiers are irreversibly hashed before storage in the time series database.
Cannot link records to real identities — no names, emails, or personal information are stored anywhere.
Cannot access your biometrics — fingerprint/face data never leaves the device hardware.

Encryption Flow

Plaintext Note

"Sharp pain in left knee"

↓

RSA-OAEP 4096-bit + SHA-256 (on device)

↓

Ciphertext (Base64)

                aGVsbG8gd29ybGQh...
            

↓

HTTPS / TLS

↓

Server Storage

Opaque ciphertext stored as-is (unreadable)