I built this because I wanted a note-taking tool that offers the convenience of cloud sync but strictly ensures privacy and that anyone could read the data.
The Architecture: Unlike apps that manage keys on the server, ZeroNotes is built on a strict zero-knowledge architecture.
Frontend: Angular (hosted on Nginx). All crypto operations happen here.
Backend: Node.js + Supabase (PostgreSQL) for storage and auth.
Encryption: We use Argon2id for key derivation (from your password + salt) and AES-256-GCM for the content encryption. Keys are never sent to the server, only the ciphertext. All meta data is encrypted.
Sharing: This was the hardest part. I implemented ECIES (Elliptic Curve Integrated Encryption Scheme) to allow secure sharing of categories between users without sharing the master password.
Why another note app? Most "secure" apps are either clunky to use or closed source/proprietary. I wanted something fast, clean, and transparent about its cryptography. Mobile app (iOS/Android) and file storage is on the way.
I'd love some feedback on the Pro features, so here is a code for 1 month free on the Pro Monthly subscription (limited to 10 redemptions): ZERONOTES_PRO_FREE_MONTH (Can be cancelled immediately in the Dodo user dashboard)
Feedback / Bugs / Security? You can reach me directly at bjoern [at] zeronotes.me.
I'd love your feedback on the crypto implementation and the UX!