Encryption Standards

The Context Vault uses strong encryption by default:

AES-256-GCM for symmetric encryption of vault content.

Argon2id for password-based key derivation (KDF).

ECDSA for signing vault updates and authorizing agent access.

Optional biometric unlock (on mobile devices with secure enclave support).

Every vault segment can be encrypted separately. This allows fine-grained permissioning for different apps or agents.

PreviousLocal vs Decentralized Storage OptionsNextSelective Disclosure (ZK-compatible design)

Last updated