Akarguard logoAkarguard
Back to home

Akarguard Security Suite

AkarPass

A post-quantum, zero-knowledge password manager. Your vault is encrypted entirely on your device before it ever leaves — the server stores only an opaque, encrypted blob it cannot read.

Download v0.1.0View on GitHub
ML-KEM-768
Post-Quantum KEM
NIST FIPS 203
AES-256-GCM
Vault Encryption
Authenticated AEAD
Argon2id
Key Derivation
64 MiB · 3 iter · RFC 9106
0 bytes
Plaintext to server
Zero-knowledge design

Overview

AkarPass is the credential management component of the Akarguard security suite. It is designed for individuals and teams who require verifiable assurance that their passwords cannot be exposed through a server-side breach — because the server never holds plaintext to begin with.

All cryptographic operations are performed exclusively on the client using three independent layers: Argon2id for password hardening, ML-KEM-768 for post-quantum key encapsulation, and AES-256-GCM for authenticated vault encryption. Only the resulting ciphertext is transmitted to and stored on Akarguard infrastructure.

The implementation uses exclusively open-source, externally audited cryptographic libraries —@noble/post-quantum andhash-wasm. No proprietary cryptographic primitives are used.

Zero-Knowledge Design

"Zero-knowledge" means Akarguard is technically incapable of reading your vault contents. There is no back door, no server-side recovery key, and no mechanism by which Akarguard personnel can access your credentials. Even a complete database compromise yields only authenticated ciphertext with no decryption path.

Master Password (never stored, never transmitted) │ ▼ Argon2id (salt, 64 MiB, 3 iter, 4-way parallel) │ Master Key (32 bytes, ephemeral in RAM) │ ├──► AES-256-GCM(masterKey, ML-KEM private key) ──► encryptedPrivKey │ │ ML-KEM-768 keypair (per-vault) │ ┌──────────────────────────────────────┐ │ │ Public key (stored in cleartext) │ │ │ Private key (encrypted, see above) │ │ └──────────────────────────────────────┘ │ ▼ ML-KEM.encapsulate(publicKey) │ Shared Secret (32 bytes, ephemeral) │ ├──► AES-256-GCM(sharedSecret, DEK) ──────────► wrappedDek │ │ DEK — Data Encryption Key (32 random bytes) │ └──► AES-256-GCM(DEK, vaultJSON) ──────────────► encryptedBlob

All key material (master key, DEK, shared secret, private key) is zeroed from memory immediately after use.

Vault data is encrypted on-device before transmission
The server receives and stores only an opaque, authenticated ciphertext
Master password never leaves your device
All key material (master key, DEK, shared secret) is zeroed immediately after use
Open-source cryptography — @noble/post-quantum and hash-wasm; no proprietary primitives
Independent key separation: each vault uses its own ML-KEM keypair and DEK
EU GDPR data minimisation: server holds only email address and encrypted blob

Cryptographic Architecture

01Argon2id Key Derivation

Your master password is never used or stored directly. Argon2id derives a 256-bit master key using 64 MiB of memory, 3 iterations, and 4-way parallelism — making GPU and ASIC brute-force attacks computationally impractical. Parameters follow OWASP 2023 recommendations.

Full specification in ENCRYPTION.md
02ML-KEM-768 (NIST FIPS 203)

A post-quantum key encapsulation mechanism standardised by NIST in FIPS 203 (August 2024). Lattice-based design resists attacks from both classical and quantum computers. Implemented via @noble/post-quantum — zero transitive dependencies, externally audited.

Full specification in ENCRYPTION.md
03AES-256-GCM Vault Encryption

Each vault is encrypted with a unique, randomly generated data encryption key (DEK) using AES-256-GCM — an authenticated encryption scheme that detects any tampering via a 128-bit auth tag. A fresh 12-byte IV is generated for every encryption operation; nonce reuse is structurally prevented.

Full specification in ENCRYPTION.md

ML-KEM fallback mode

If ML-KEM WASM fails to load in restricted environments, AkarPass falls back to AES-256-GCM only — wrapping the DEK directly with the Argon2-derived master key. This mode is explicitly flagged in the stored payload ("fallback": true). AES-256 remains quantum-safe for data encryption; only the key-exchange layer is affected.

Security Properties

The full threat model — including adversaries considered, attack surfaces, and mitigations — is documented in SECURITY.md.

PropertyImplementation
ConfidentialityAES-256-GCM
Integrity & AuthenticityGCM 128-bit auth tag
Post-quantum key exchangeML-KEM-768
Password hardeningArgon2id
Forward secrecyPer-vault fresh keys
XSS preventionReact + strict CSP
CSRF protectionBearer JWT (no cookies)

Known Limitations

No master password recovery

By design, there is no server-side recovery mechanism. If you forget your master password, your vault data is permanently inaccessible. Store your master password in a secure backup location.

JavaScript memory hygiene is best-effort

JavaScript engines may internally copy buffers before zeroing. Key material is zeroed immediately after use, but complete erasure cannot be guaranteed due to garbage collection. The Tauri desktop application can leverage OS-level memory protections (mlock) for stronger guarantees.

Clipboard auto-clear after 30 seconds

Passwords copied to the clipboard are automatically cleared after 30 seconds via navigator.clipboard.writeText(""). This does not prevent clipboard managers from capturing the value.

Available Platforms

All releases are available at github.com/AkarGuard/AkarPass/releases.

Web ApplicationAvailable

Next.js 15 — works in any modern browser

Desktop (Windows)v0.1.0

Tauri 2 — native offline-capable client

Chrome Extensionv0.1.0

Manifest V3 — auto-fill across sites

React Native mobile application (iOS & Android) is under active development and not yet available for release.

Technical Documentation

README

Project overview & architecture

ENCRYPTION.md

Full cryptographic design

SECURITY.md

Threat model & security properties

SETUP.md

Self-hosting & development setup

Privacy & Legal

AkarPass processes personal data in accordance with the Akarguard Privacy Policy. By its zero-knowledge design, server-side personal data is limited to your account email address and an authenticated ciphertext — Akarguard cannot associate vault contents with any individual.

Use of AkarPass is subject to the Akarguard Terms of Service and Cookie Policy. Security certifications and compliance posture are detailed on the Compliance page.

Because vault contents are encrypted before transmission, Akarguard is technically unable to fulfil data subject access requests with respect to vault contents — there is no plaintext to disclose. Account metadata (email address, account creation date) is subject to standard GDPR data subject rights. To exercise your rights, contact privacy@akarguard.net.

Reporting a Vulnerability

If you discover a security vulnerability in AkarPass, please report it responsibly. Do not open a public GitHub issue.

  1. Email security@akarguard.net
  2. Include: description, steps to reproduce, and impact assessment
  3. We acknowledge within 48 hours and aim to patch within 7 days

Full disclosure policy is documented in SECURITY.md.

Ready to get started?

Download AkarPass v0.1.0 from GitHub Releases or explore the source code.

Download v0.1.0View on GitHub