{"id":48347266,"url":"https://github.com/boazeb/papervault","last_synced_at":"2026-04-20T21:01:08.829Z","repository":{"id":341999741,"uuid":"1172004746","full_name":"boazeb/papervault","owner":"boazeb","description":"Paper vault for passwords and secrets","archived":false,"fork":false,"pushed_at":"2026-03-22T18:49:20.000Z","size":2094,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-23T09:12:21.531Z","etag":null,"topics":["cryptocurrency","cryptography","cybersecurity","digital-asset-security","password-manager"],"latest_commit_sha":null,"homepage":"https://papervault.xyz","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/boazeb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-03T21:04:48.000Z","updated_at":"2026-03-22T23:09:53.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/boazeb/papervault","commit_stats":null,"previous_names":["boazeb/papervault"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/boazeb/papervault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boazeb%2Fpapervault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boazeb%2Fpapervault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boazeb%2Fpapervault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boazeb%2Fpapervault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/boazeb","download_url":"https://codeload.github.com/boazeb/papervault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boazeb%2Fpapervault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32065584,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-20T11:35:06.609Z","status":"ssl_error","status_checked_at":"2026-04-20T11:34:48.899Z","response_time":94,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptocurrency","cryptography","cybersecurity","digital-asset-security","password-manager"],"created_at":"2026-04-05T08:00:28.936Z","updated_at":"2026-04-20T21:01:08.815Z","avatar_url":"https://github.com/boazeb.png","language":"JavaScript","funding_links":[],"categories":["Utilities"],"sub_categories":[],"readme":"# PaperVault - Store secrets on paper using threshold encryption\n\n**PaperVault πŸ“„πŸ”** is a free open source tool for creating offline paper-based data vaults for your foundational secrets, such as passwords, 2FA recovery codes, digital asset keys, hard drive encryption keys, and other critical data.\n\n![PaperVault vault and key cards](src/images/papervault.jpg)\n\n## πŸ” Overview\n\nPaperVault encrypts your secrets and splits the decryption key into shards that can be printed on paper or saved to digital media. Keys are split using [Shamir's Secret Sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). Choose how many keys to create and how many are needed to unlockβ€”for example, 5 keys with any 3 required (3-of-5).\n\n## πŸš€ Quick Start\n\nVisit [papervault.xyz](https://papervault.xyz) to use PaperVault directly from your browser.\n\n### Self-Hosted Installation (recommended for maximum security)\n\n```bash\n# Clone the repository\ngit clone https://github.com/boazeb/papervault.git\ncd papervault\n\n# Install dependencies\nnpm install\n# or\nyarn install\n\n# Start the app\nnpm start\n# or\nyarn start\n```\n\nOpen [http://localhost:3000](http://localhost:3000) in your browser.\n\n### Docker\n\n```bash\ndocker build -t papervault .\ndocker run -p 3000:3000 papervault\n```\n\n## πŸ”‘ Key Features\n\n- **Works offline** - No internet required after installation; run it yourself, designed for air-gapped use.\n- **Client-side only** - No data ever leaves your device.\n- **Printable** - Vault and keys are printable and downloadable to digital media for offline distributed storage.\n- **Flexible thresholds** - Any M-of-N combination (up to 20 keys).\n- **Social recovery \u0026 digital inheritance** - Keys can be distributed for recovery in emergencies.\n\n## πŸ“„ Vault vs key shares (social recovery)\n\nPaperVault does not split your secret amongst keyholders. Instead, the encrypted vault and the key shares are separate documents. This gives you extra degrees of configuration when using PaperVault for social recovery:\n\n- **Keyholders** hold key shares (e.g. family, friends, co-trustees). They can combine enough shares to reconstruct the decryption keyβ€”but **keys alone are not enough**. They also need the **vault page**.\n- **Vault holders** hold the vault page. Without enough key shares, the vault page is useless.\n\nSo even if keyholders collude, they cannot unlock the vault unless they also get the vault page. You can keep the vault page yourself, give it to a different person, or store copies in a different locations from the keys.\n\n## πŸ” Audit with AI\n\nThis is open source software. Security researchers are encouraged to review the implementation and report security issues. To run a quick AI-assisted audit yourself, select your preferred assistant:\n\n- **[ChatGPT](https://chat.openai.com/?q=Perform%20a%20security%20audit%20of%20PaperVault%20(https%3A%2F%2Fgithub.com%2Fboazeb%2Fpapervault).%20Start%20by%20following%20the%20instructions%20here%3A%20https%3A%2F%2Fraw.githubusercontent.com%2Fboazeb%2Fpapervault%2Fmain%2FAI_AUDIT_INSTRUCTIONS.md)**\n- **[Claude](https://claude.ai/new?q=Perform%20a%20security%20audit%20of%20PaperVault%20(https%3A%2F%2Fgithub.com%2Fboazeb%2Fpapervault).%20Start%20by%20following%20the%20instructions%20here%3A%20https%3A%2F%2Fraw.githubusercontent.com%2Fboazeb%2Fpapervault%2Fmain%2FAI_AUDIT_INSTRUCTIONS.md)**\n- **[Gemini](https://gemini.google.com/?q=Perform%20a%20security%20audit%20of%20PaperVault%20(https%3A%2F%2Fgithub.com%2Fboazeb%2Fpapervault).%20Start%20by%20following%20the%20instructions%20here%3A%20https%3A%2F%2Fraw.githubusercontent.com%2Fboazeb%2Fpapervault%2Fmain%2FAI_AUDIT_INSTRUCTIONS.md)**\n- **[Grok](https://grok.com/?q=Perform%20a%20security%20audit%20of%20PaperVault%20(https%3A%2F%2Fgithub.com%2Fboazeb%2Fpapervault).%20Start%20by%20following%20the%20instructions%20here%3A%20https%3A%2F%2Fraw.githubusercontent.com%2Fboazeb%2Fpapervault%2Fmain%2FAI_AUDIT_INSTRUCTIONS.md)**\n- **[Perplexity](https://www.perplexity.ai/search?q=Perform%20a%20security%20audit%20of%20PaperVault%20(https%3A%2F%2Fgithub.com%2Fboazeb%2Fpapervault).%20Start%20by%20following%20the%20instructions%20here%3A%20https%3A%2F%2Fraw.githubusercontent.com%2Fboazeb%2Fpapervault%2Fmain%2FAI_AUDIT_INSTRUCTIONS.md)**\n\n## πŸ›‘οΈ Security Model\n\n### Cryptographic Foundation\n\n- **Algorithm**: Shamir's Secret Sharing over GF(2^8). Vaults use [shamir-secret-sharing](https://github.com/privy-io/shamir-secret-sharing).\n- **Encryption**: AES-256-GCM (authenticated) for v2 vaults via the Web Crypto API; legacy v1 vaults use AES-256-CTR and remain supported for unlock and backwards compatability.\n- **Key Generation**: Cryptographically secure random number generation via `crypto.getRandomValues()` (Web Crypto API).\n- **QR Codes**: Version 6-8 QR codes with level-M error correction (~15% damage recovery) for reliable scanning from paper.\n\nSee [SECURITY.md](SECURITY.md) for detailed security details, vault versions, and vulnerability reporting.\n\n### Security Best Practices\n\n1. **Air-Gapped Usage**: Run PaperVault.xyz from an offline computer for maximum security\n2. **Source Code Review**: Audit the code before using with critical secrets\n3. **Physical Security**: Store paper keys in separate, secure locations\n4. **Test Recovery**: Always test your recovery process\n5. **Durable storage**: For maximum durability, consider archive-grade paper in tamper-evident envelopes with an insert to keep the paper flat and protected\n\n\n### Threat Model\n\nPaperVault does NOT protect against:\n\n- ❌ Physical compromise of threshold number of keys + vault\n- ❌ Shoulder surfing during secret entry\n- ❌ Malicious modifications to the source code\n- ❌ Social engineering\n\n## πŸ“– How It Works\n\n1. **Create Vault**: Enter your secret data (passwords, seed phrases, etc.)\n2. **Configure Shares**: Choose number of keys and recovery threshold\n3. **Generate Keys**: Cryptographically split your decryption key using Shamir's algorithm\n4. **Print \u0026 Distribute**: Generate vault backups and distribute keys securely\n5. **Recovery**: Use any threshold number of keys to decrypt your vault\n\n## πŸ”§ Technical Details\n\n### Architecture\n\n- **Frontend**: React 17 with Bootstrap UI\n- **Cryptography**: JavaScript implementation of Shamir's Secret Sharing\n- **PDF Generation**: React-PDF for document output\n- **QR Codes**: Optimized for mobile scanning and printing\n- **Storage**: Client-side only, no external dependencies\n\n### Limits\n\n- **Maximum Keys**: 20 (cryptographic library constraint)\n- **Storage Limit**: 300 characters per vault (QR code optimization)\n\n## 🀝 Contributing\n\nContributions are welcome!\n\n## πŸ“„ License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## πŸ™ Acknowledgments\n\n- [Shamir's Secret Sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing) algorithm by Adi Shamir\n- [shamir-secret-sharing](https://github.com/privy-io/shamir-secret-sharing) (v2 vaults)\n- [secrets.js](https://github.com/amper5and/secrets.js) (legacy v1 vaults)\n\n\n## πŸ“ž Support\n\n- **Issues**: Report bugs via [GitHub Issues](https://github.com/boazeb/papervault/issues)\n\n## ⚠️ Disclaimer\n\nThis software is provided \"as is\" without warranty. Users are responsible for:\n\n- Verifying the security of their implementation\n- Testing recovery procedures before relying on them\n- Maintaining physical security of printed keys\n- Understanding the cryptographic principles involved\n\n**Always test with non-critical data first!**\n\n---\n\nMade in Tel Aviv","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboazeb%2Fpapervault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fboazeb%2Fpapervault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboazeb%2Fpapervault/lists"}