Security Engineering 12 min read
End-to-End Encryption Without a Key Server
A deep dive into implementing client-side AES-256-GCM encryption using PBKDF2 key derivation — with zero plaintext in the database.
The Constraint
My Data Manager needed to store sensitive user data (passwords, API keys, notes) with an ironclad guarantee: even if the database is compromised, the data is unreadable. The constraint was no external key management service — the solution had to be self-contained.
Key Derivation with PBKDF2
The user's master password is never stored. Instead, PBKDF2 (Password-Based Key Derivation Function 2) with 200,000 iterations is used to derive a 256-bit encryption key from the password + a per-user random salt. The salt is stored in the database; the derived key never is.
Implementation
Verified Outcomes
Zero plaintext data in the database — verified via direct DB inspection
Successfully resists offline dictionary attacks due to PBKDF2 iteration count
Full data recovery possible only with the correct master password
Passed a security review as part of a university research project