v0.1 pre-alpha · open source

Encrypted markdown notes.
No email at signup.

Myne is a notes app that encrypts on your device before anything leaves it. The server stores ciphertext. Your account is a number you generate, not an email we keep.

How it works See the specs

myne-protocol-v0.1 — summary

protocol         = myne-protocol-v0.1
kdf              = Argon2id (m=256 MiB, t=3, p=2, v=1.3)
aead             = XChaCha20-Poly1305 + CTX commitment
subkey-derivation= HKDF-SHA-256 (libsodium)
recovery         = BIP-39 24-word → Argon2id
account-number   = MY‑XXXX‑XXXX‑XXXX‑XXXX‑XXXX click to reroll
aad-prefix       = "myne.v0.1|"
on-disk-magic    = MY01 (note blob), MYV1 (vault.meta)
library          = libsodium (RustCrypto fallback)
audit-status     = unaudited (pre-alpha)

See the full specs

How it works

End-to-end encryption, the boring way.

No new crypto. No proprietary protocol. Argon2id, XChaCha20-Poly1305, BIP-39 — well-studied primitives, composed plainly.

01 — KEY DERIVATION

Your password becomes a key.

Argon2id stretches your master password and 24-word recovery phrase into independent wrap keys. Each unwraps a copy of your random root key. The server never sees any of them.

kdf       = Argon2id v1.3
m         = 256 MiB
t         = 3
p         = 2

02 — ENCRYPTION

Notes encrypt before sync.

Each note is sealed with XChaCha20-Poly1305 plus a CTX commitment. The server stores opaque ciphertext blobs.

aead    = XChaCha20-Poly1305
commit  = CTX
subkey  = HKDF-SHA-256
nonce   = 24 bytes random

03 — IDENTITY

An account number, not an email.

You sign up by generating a 20-character Crockford-base32 account number. We store its hash. There is no email field.

id        = MY‑XXXX‑XXXX‑XXXX‑XXXX‑X
encoding  = Crockford-base32
id-hash   = SHA-256(account_no)[:32]

Identity

Your account is a number you keep.

No email field, no phone field, no recovery question. Signup gives you an account number — yours to write down, store offline, or hand to a password manager.

The server keeps only its hash. We can't reset it, sell it, or mail you about it. There is nothing to mail.

95 bits of entropy across 19 Crockford-base32 characters
1 Damm-32 check character — single-typo detection
Non-breaking hyphens — never wraps mid-group
Single click selects the whole value
Slashed-zero monospace — no 0/O ambiguity

MY‑XXXX‑XXXX‑XXXX‑XXXX‑XXXX

MY Fixed prefix — distinguishes Myne account numbers from arbitrary base32. 1–4 First entropy group. Non-breaking hyphens (U+2011) — never wraps mid-group. 20 Damm-32 check character. Single-typo detection, single-adjacent-transposition detection. · Demo — fresh CSPRNG draw on every click. Production includes the spec §4 Damm-32 check.

Recovery

24 words. That's the whole recovery story.

A BIP-39 24-word phrase is generated once, on-device, when you create your vault. Either your password or the phrase unwraps your root key — the phrase is an independent credential, not a second factor.

If you lose both your password and recovery phrase, your notes are unrecoverable. We cannot help. We say this in the product, before you click "create vault" — and we mean it.

BIP-39 English wordlist, 256-bit entropy
Generated client-side; never transmitted
Fed directly to Argon2id (no PBKDF2 step)
Compatible with paper, password managers, hardware wallets

1 abandon

2 ability

3 able

4 about

5 above

6 absent

7 absorb

8 abstract

9 absurd

10 abuse

11 access

12 accident

13 account

14 accuse

15 achieve

16 acid

17 acoustic

18 acquire

19 across

20 act

21 action

22 actor

23 actress

24 actual

Sample words from the BIP-39 English wordlist — not a real phrase.

By design

Things Myne does not do.

A privacy product is defined by its no's. These are not on the roadmap. They will not appear later.

Email-based password reset
Server-side search
AI features that read your notes
Analytics, telemetry, crash reports
Social login (Google, Apple, GitHub)
Public sharing of decrypted notes
Recovery support tickets
Marketing email (we have no email)

Specifications

No proprietary anything.

Every primitive is well-studied and standard. The protocol is documented and versioned. The client is open source.

protocol myne-protocol-v0.1

kdf Argon2id (m=256 MiB, t=3, p=2, v=1.3)

aead XChaCha20-Poly1305 + CTX commitment

subkey-derivation HKDF-SHA-256 (libsodium)

recovery BIP-39 24-word → Argon2id

account-number Crockford-base32, 19 entropy + 1 Damm-32 check

transport TLS 1.3 (mandatory)

desktop-runtime Tauri 2 + React + TypeScript

license CC0 (docs, today) → AGPL-3.0 (client, on Phase 1)

audit-status unaudited (pre-alpha)

Roadmap

Phased, in public.

PHASE 1 — NOW

Desktop client

Tauri 2 app with single-vault editor, wikilinks, backlinks, and a minimal graph view. Local-only until Phase 2 lands.

PHASE 2

Sync server + hosted sync

Same protocol, same trust boundary for self-hosted and hosted. Hosted sync is the only paid tier; the local app stays free.

PHASE 3

Mobile

iOS and Android clients sharing the protocol library. Same crypto, same account number, same vault format.

PHASE 4

Real-time collaboration

Multi-cursor co-editing via CRDT (Yjs). Lands only after the rest of the product is solid — earliest, not soonest.

Updates as we ship them.

We post on the ledger when there's a meaningful change to the threat model, protocol, or spec. No cadence promise — read when you want.

Show updates