FaceVault is a cutting-edge web application that combines military-grade encryption with biometric face authentication to provide unparalleled security for your sensitive files. Files are encrypted end-to-end on your device before being stored, ensuring that only you can access them using your face as the key.
- π End-to-End Encryption: Files are encrypted client-side before upload using AES-256-GCM
- π€ Face-Based Authentication: Your face acts as the key to unlock your encrypted files
- π‘οΈ Zero-Knowledge Architecture: Server never sees your private keys or face data
- π± Multi-Device Support: Works on any modern browser with camera access
- π Military-Grade Security: RSA-OAEP 2048 + AES-GCM 256 encryption
- π Self-Hostable: Run your own instance with Docker
- Registration: Create an account with email/password and enroll your face
- File Encryption: Files are encrypted on your device before upload
- Secure Storage: Encrypted files are stored on the server (never decrypted)
- Face Authentication: Your face unlocks the decryption key locally
- File Access: Files are decrypted on your device for viewing/downloading
- Asymmetric key pairs (RSA-OAEP 2048) generated entirely client-side
- Private keys are wrapped with a KEK derived from your face template
- Public keys stored on server for file encryption
- Zero plaintext private keys ever leave your device
- Face detection and recognition performed entirely client-side
- Multi-angle enrollment with liveness detection
- Face templates stored only in your browser's IndexedDB
- No raw face images stored or transmitted
- Files encrypted with AES-GCM 256 before leaving your device
- AES keys encrypted with your public key
- Server only stores encrypted blobs and metadata
See ARCHITECTURE.md for detailed system architecture and data flow diagrams.
- React with TypeScript
- Tailwind CSS for styling
- shadcn/ui components
- Web Crypto API for encryption
- face-api.js for face recognition
- IndexedDB for local storage
- Node.js with Express
- TypeScript for type safety
- PostgreSQL for metadata storage
- Drizzle ORM for database operations
- RSA-OAEP for asymmetric encryption
- AES-GCM for symmetric encryption
- PBKDF2 for key derivation
- Rate limiting and security middleware
- Node.js 18+
- PostgreSQL database (local or Neon.tech)
- Modern web browser with camera access
- Clone the repository:
git clone https://github.com/yourusername/facevault.git
cd facevault- Install dependencies:
npm install- Set up environment variables:
# For local PostgreSQL database
cp .env.example .env
# Edit .env with your configuration
# For Neon.tech database
cp .env.neon.example .env
# Edit .env with your Neon.tech configuration- Database Configuration: The application supports two database options that can be configured via environment variables:
- Local PostgreSQL: Set
DATABASE_TYPE=local(default) - Neon.tech: Set
DATABASE_TYPE=neon
Example for local PostgreSQL:
DATABASE_URL=postgresql://username:password@localhost:5432/database_name
DATABASE_TYPE=localExample for Neon.tech:
DATABASE_URL=postgresql://username:password@ep-xxx.us-east-2.aws.neon.tech/neondb
DATABASE_TYPE=neon- Start the development server:
npm run devdocker-compose up -dRun unit tests:
npm testRun integration tests:
npm run test:integrationPOST /api/register- User registrationPOST /api/login- User loginPOST /api/logout- User logoutPOST /api/recovery/request- Password recovery requestPOST /api/recovery/verify- Password recovery verification
POST /api/files/upload- Upload encrypted fileGET /api/files- List user filesGET /api/files/:id/download- Download encrypted fileDELETE /api/files/:id- Delete file
GET /api/user- Get user infoPOST /api/user/keys- Update user keys
See SECURITY.md for detailed security considerations, privacy choices, and potential risks.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- face-api.js for face recognition
- Web Crypto API for client-side cryptography
- shadcn/ui for UI components
- All the open-source libraries that made this project possible
For a complete list of third-party dependencies and their licenses, see THIRD-PARTY-NOTICES.md.
This is a demonstration project for educational purposes. While it implements strong security measures, it has not been audited by security professionals. Use at your own risk in production environments.