What Are Encryption Keys For?
When you use the Encrypt operator in anonym.plus, each detected PII entity is individually encrypted using AES-256-GCM, producing a ciphertext token that replaces the original value in the document. The encryption key is what makes this process reversible.
Keys enable the encrypt-share-edit-decrypt workflow: you anonymize a document with encryption, share it with collaborators who can edit the surrounding text freely, receive the modified document back, and then decrypt all intact encrypted tokens to restore the original PII. Without the correct key, encrypted tokens are unreadable to anyone.
Encryption keys are stored in a local vault on your machine. They never leave the Rust backend — the frontend references keys by ID only, and key values are never exposed to the JavaScript layer or transmitted to any server.
Key Generation and Storage
Encryption keys are generated and managed in Settings > Encryption Keys. anonym.plus supports three key lengths:
- 128-bit — Adequate for most use cases. Fastest encryption and decryption.
- 192-bit — Intermediate strength. Rarely needed in practice.
- 256-bit (recommended, default) — Maximum security. Standard for government and enterprise use. The performance difference from 128-bit is negligible on modern hardware.
Key storage follows a zero-knowledge architecture. Key values never leave the local vault. The frontend references keys by ID only — it never sees or handles raw key material. The vault itself is encrypted with AES-256-GCM, with the vault encryption key derived from your password via Argon2id (64 MB memory, 3 iterations, 32-byte output). This means even if someone gains access to the vault file on disk, they cannot extract key values without your password.
The Encrypt-Share-Edit-Decrypt Workflow
This is the core collaboration workflow that encryption keys enable:
- Anonymize with encrypt. Process your document using the Encrypt operator with your chosen key. All detected PII entities are replaced with AES-256-GCM ciphertext tokens.
- Share the anonymized document. Send the document via email, cloud storage, or any other channel. Recipients see only encrypted tokens in place of PII — the document is safe to transmit.
- Collaborators edit freely. Recipients can add text, rewrite paragraphs, insert comments, and modify the document around the encrypted chunks. The encrypted tokens look like opaque strings and should be left intact.
- Receive the modified document. When collaborators return the edited document, the encrypted tokens remain embedded in the text alongside the new content.
- Deanonymize. Drop the returned document into Deanonymize > File Drop. The app automatically detects all encrypted chunks in the document.
- Decrypt. Click Deanonymize. All intact encrypted chunks are decrypted using the original key, restoring the original PII values in their correct positions.
Important notes: Encrypted chunks must remain intact for decryption to work. Surrounding text can be freely edited. If a collaborator partially modifies a ciphertext block (changes even one character), that specific block cannot be decrypted. Missing or corrupted chunks are skipped — the app performs partial recovery, decrypting all intact tokens and leaving damaged ones as-is.
Encryption Specification
The following table details the complete cryptographic specification used by anonym.plus:
| Parameter | Value |
|---|---|
| Algorithm | AES-256-GCM |
| Nonce | Random per entity |
| Key lengths | 128, 192, 256 bit |
| Authentication | GCM provides AEAD (Authenticated Encryption with Associated Data) |
| Key storage | Zero-knowledge local vault |
| Key derivation (vault) | Argon2id, 64 MB memory, 3 iterations |
| Recovery | 24-word BIP39 mnemonic (256 bits entropy) |
Each PII entity is encrypted individually with a unique random nonce. This means identical PII values produce different ciphertext tokens, preventing frequency analysis attacks. The GCM authentication tag ensures that any tampering with the ciphertext is detected during decryption.
Key Rotation
Key rotation generates new key material for an existing key entry. When you rotate a key:
- New cryptographic key material is generated and replaces the old value.
- The old key value is permanently replaced — it cannot be recovered after rotation.
- Documents encrypted with the old key material require the old key for decryption. After rotation, these documents can no longer be decrypted with the rotated key.
Best practices for key rotation:
- Rotate keys periodically as part of your security policy — quarterly or after personnel changes.
- Before rotating, ensure all documents encrypted with the current key have been decrypted or are no longer needed.
- Keep records of which key encrypted which documents. This is especially important in batch workflows where many documents may share the same key.
- Consider creating a new key instead of rotating if you need to maintain access to previously encrypted documents.
Vault Protection
The encryption key vault uses multiple layers of protection to secure your key material:
- AES-256-GCM vault encryption. The vault file on disk is encrypted. Even with file system access, key values cannot be read without the vault password.
- Argon2id key derivation. The vault encryption key is derived from your password using Argon2id with 64 MB memory cost and 3 iterations. This makes brute-force attacks computationally expensive.
- 24-word BIP39 recovery phrase. When you create the vault, a 24-word mnemonic recovery phrase (256 bits of entropy) is generated. This phrase can restore vault access if you forget your password. Store it securely offline.
- Optional 4-8 digit PIN. For convenience, you can set a PIN for quick vault unlocking. After 3 failed PIN attempts, the vault requires the full recovery phrase.
- Auto-lock. The vault automatically locks after 15 minutes of inactivity. All key material is zeroed from memory on lock — no residual key data remains in RAM.
- Memory zeroing. When the vault locks or the application closes, all key material is securely overwritten in memory before deallocation, preventing memory dump attacks.
Ready to try it yourself? See encryption in action →