How does PingVaults protect my digital assets?

Your asset clues are encrypted in your browser using AES-256-GCM. The encryption key is derived from your personal question answers via PBKDF2. The server only ever receives ciphertext and can never read your data.

What is an Inactivity Switch?

An inactivity switch is an automatic trigger mechanism. The system sends periodic check-in emails. If you stop responding, it automatically delivers decryption hints to your pre-configured emergency contacts, ensuring your digital estate is passed on.

Can I access my data if PingVaults shuts down?

Yes. All encrypted data is permanently stored on the Arweave blockchain, accessible forever via TxID. We also provide a standalone offline HTML decryptor that works without any network connection or account.

Is PingVaults open source?

The encryption core (PBKDF2 key derivation, AES-256-GCM encryption, offline decryptor) is fully open source under MIT license. Anyone can audit it. The business logic is proprietary, but the server only holds ciphertext it can never decrypt.

How is PingVaults different from a password manager?

Password managers protect credentials you use daily. PingVaults is designed for when you can no longer act — it auto-delivers decryption hints to your emergency contact after prolonged inactivity. Password managers lack inactivity triggers, permanent on-chain storage, and zero-knowledge architecture.

$ ./verify.sh --deployment

Deployment Verification

Name: PingVaults
Author: PingVaults

This page lets you confirm that the code running on this server matches the public open-source repository, and that the cryptographic implementation in your browser is correct.

Live Verification

Open Source Policy

PingVaults uses a "core open, business closed" model. The encryption layer — the only code that ever touches your plaintext or answers — is fully open source and auditable. The rest (UI, Inactivity Switch engine, database operations) is proprietary commercial code.

📂

pingvaults-crypto ↗

Encryption core · MIT license · Includes test vectors and offline decryptors

🔒

PingVaults (main) — Proprietary

UI · Business logic · Inactivity Switch · API routes

// Why this model: open-sourcing the crypto layer means you don't have to blindly trust our algorithm. Keeping the business layer closed protects against wholesale copying. Even if the closed layer were to "act maliciously", the server only ever holds ciphertext it can never unlock.

Critical Source File Hashes

SHA-256 computed at build time

The hash on the right = result of runningsha256sum <file>on each GitHub raw file at build time. Run the command below locally to reproduce and compare.

FileSHA-256 (build-time)

lib/crypto.tsopen source

cc5d4fcab2e1…

Verify locally:

curl -sL "https://raw.githubusercontent.com/milshop/pingvaults-crypto/main/src/crypto.ts" | sha256sum

Expected: cc5d4fcab2e13d7e14e9f0b63f92dd4832e0f68797ed9a57109c030755c9bde3

components/VaultForm.tsxopen source

c87bbacb7e8e…

Verify locally:

curl -sL "https://raw.githubusercontent.com/milshop/pingvaults-crypto/main/components/VaultForm.tsx" | sha256sum

Expected: c87bbacb7e8e77404b4ed2f2a43479fd97c82bb154bf97ef69e0526227b32529

If the command output matches the expected value, the source used to build this deployment is identical to GitHub — no tampering.

One-click Batch Verify Script

Automatically checks all critical files and prints ✓ / ✗

How to run (after copying the script):

macOS pbpaste | bash

Linux xclip -o | bash (or save as verify.sh && bash verify.sh)

The script downloads each source file from GitHub and computes its SHA-256. If all results match the expected hashes, the build is verified as untampered.

Browser Outbound Request Restrictions (CSP)

Content Security Policy is a browser-enforced rule that restricts which origins the JavaScript on this page can send network requests to. This means your answers and derived keys, which exist only in your browser, cannot be sent to any server not listed here — the browser itself enforces this, not our promises.

How to verify: Open DevTools (F12) → Network → click any request → Response Headers → find Content-Security-Policy

Allowed outbound destinations (connect-src):

'self'Same-origin /api/* routes (see details below)

/api/vault/saveSave vault (ciphertext + TxID + key schema → database)

/api/vault/fetchFetch vault metadata (TxID, salt, iv, key schema)

/api/vault/deleteDelete vault record

/api/ping/*Query/reset/delete Inactivity Switch config and check-ins

/api/auth/*Email OTP send & verify, Google OAuth, session management

uploader.irys.xyzIrys upload endpoint

gateway.irys.xyzIrys read gateway

arweave.netArweave fallback gateway

ar-io.devArweave fallback gateway

accounts.google.comGoogle OAuth login

How to verify that 'self' APIs don't send your answers?

CSP only restricts which external domains JS can reach — it can't stop JS from sending sensitive data to its own /api. Use either method below to verify yourself:

L1Live network inspection (most direct)

1. Open DevTools (F12) → Network tab

2. Go to the vault page, fill in asset clues, click Encrypt & Upload

3. Find /api/vault/save → click it → inspect Payload / Request Body

✓ You'll see: ciphertext (encrypted blob), txId, salt, iv, keySchema (question text) — no answer fields whatsoever

L2Read the open-source API routes (code-level)

The following API routes are published in pingvaults-crypto. Read the source to confirm what the server actually receives:

app/api/vault/save/route.ts app/api/vault/fetch/route.ts app/api/ping/reset/route.ts

Any fetch() call to an unlisted origin (e.g. a third-party data collection server) is immediately blocked by the browser and logged as a CSP violation in DevTools Console.

JS Bundle Integrity

The main repository is proprietary, so local-build bundle verification is not possible. However, all critical source files are published in the open-source pingvaults-crypto repo, and the source file hashes above cover the most important parts. The three tiers below offer different levels of verification.

// L1 (source verification) is the primary method. L2 is an advanced supplement. L3 is unavailable because the main repo is private.

L1 · Source File Hash Verification (Recommended)

Use the batch verify script above to curl all critical source files from the public pingvaults-crypto repo, recompute SHA-256, and compare against build-time hashes. This is the strongest available verification.

→ See the batch verify script above

L2 · Live Bundle Hash (Advanced)

Download the compiled JS chunks your browser actually loads and compute their SHA-256. Repeat from different networks or at different times to confirm the CDN hasn't swapped the bundle in transit.

→ Find the chunk filename in DevTools → Network, replace HASH in the command below

curl -sL "https://www.pingvaults.com/_next/static/chunks/HASH.js" | openssl dgst -sha256 -binary | base64

// For most users, L1 is sufficient: source file hashes + CSP restrictions = answers cannot be sent to any unauthorized server, and the encryption logic is independently auditable.

Cryptographic Self-Test

Runs a live AES-256-GCM encrypt → decrypt round-trip entirely in YOUR browser using the same code that protects your vault. No data leaves your device.

Test vector:

plaintext "PingVaults crypto OK ✓"

name "Alice"

question "Verify?" → "yes"

algo PBKDF2-SHA256 × 600,000 → AES-256-GCM

Offline Decryptor (Zero Server Dependency)

These single-file HTML tools implement the full decryption flow with zero external dependencies. Download them, open in any browser, and verify the source with Ctrl+U.

↓ decrypt.html (EN)↓ decrypt-zh.html (中文)

These files are the ultimate fallback: even if PingVaults.com shuts down, your emergency contact can decrypt the vault using only this HTML file + the metadata JSON.