Sanctum is an innovative zero-trust encrypted vault system designed specifically for high-risk individuals, including activists, journalists, whistleblowers, and anyone facing potential physical duress, device seizure, or censorship. This vault offers cryptographic plausible deniability through hidden layers that are derived from passphrases, all while utilizing decentralized storage via IPFS.

Key Features

• Plausible Deniability: Hidden layers that are indistinguishable from decoy content protect sensitive information.
• Military-Grade Encryption: Utilizes XChaCha20-Poly1305 to secure data with a split-key architecture, ensuring that access credentials are not stored on the server.
• RAM-Only Storage: Operates entirely in memory, meaning data is not written to disk, thereby minimizing the risk of forensic recovery.
• Decentralized Storage: Data is pinned to IPFS using free services like Pinata and Filebase, ensuring user control over their information.
• User-Controlled Access: Offering a panic passphrase feature, users can simply reveal the decoy layer under duress, maintaining the security of the hidden layer.
• Grace Period for Recovery: Vaults that expire can be recovered for 30 days, providing additional user security.

Use Cases

Sanctum is built for various real-world scenarios, such as:

• Journalists safeguarding sources: By storing decoy articles alongside confidential source documents, they remain protected even if their device is compromised.
• Activists in oppressive regimes: Users can keep sensitive coordination documents concealed behind innocent-looking content, ready to present under coercion.
• Whistleblowers: It secures evidence without exposing sensitive materials even during potential employer demands.
• Individuals in threatening personal situations: It allows users to keep critical safety information hidden from abusers.

Security Architecture

The architecture was created to facilitate maximum user security:

• Client-Side Encryption: All cryptographic processes occur within the users' browsers, with all keys remaining confidential.
• Zero Server Trust: The server only handles encrypted fragments and cannot compromise user vaults, ensuring strict privacy.
• Adaptive Security Features: Incorporates a variety of protective measures, including rate limiting, honeypot protections, and randomization against timing analyses.

Getting Started

Users can quickly set up their own vault by visiting sanctumvault.online and creating a vault with their personal decoy content and a secure passphrase. Developers looking to contribute can find source code and setup instructions on the repository.

Documentation and Support

In-depth documentation is available covering operational modes, security features, and best practices on the Sanctum GitHub repository. The community is encouraged to report any issues, seek support, and contribute enhancements to this important privacy tool.