Skip to main content
Alvin QuachFull Stack Developer
HomeProjectsExperienceBlog
HomeProjectsExperienceBlog
alvinquach

Full Stack Developer building systems that respect complexity.

Open to opportunities

AQ

Projects

  • All Projects
  • Hoparc Physical Therapy
  • OpportunIQ
  • Hoop Almanac
  • SculptQL

Knowledge

  • Blog
  • Experience
  • Interview Prep

Connect

  • Contact
  • LinkedIn
  • GitHub
  • X

Resources

  • Resume
© 2026All rights reserved.
Back to Blog
March 15, 2026 1 min read

Building Zero-Knowledge Encryption for a Web App

Build Log
Featured
Depth: ●●●○○
Share:

AES-256-GCM + PBKDF2 210K iterations + group key sharing. How I built E2E encryption where the server never sees plaintext.

Why Zero-Knowledge?

Users upload photos of home interiors and financial records. Server-side encryption means a breach exposes plaintext. E2E ensures the server is zero-knowledge — even a full database dump reveals only ciphertext.

Three-Layer Architecture

Layer 1 (Key Management): AES-256 master key encrypted with owner's password via PBKDF2 (210K iterations). Layer 2 (Client-Side): Web Crypto API encrypts media before upload. Layer 3 (Hooks): 11 encryption hooks handle encrypt/decrypt transparently.

The Race Condition

Two members loading encrypted evidence simultaneously competed for key derivation. Fixed with per-member salts and idempotent PBKDF2 derivation. Validated with unit, integration, and Playwright E2E tests.

Related Projects

OpportunIQ

Share

Share:

Explore more

ProjectsExperienceRequest a call

Importance

★★★★★