LiberVault Security
Zero trust.
Zero servers.
Every cryptographic operation in LiberVault happens locally on your device. Your private keys never touch a server — not ours, not anyone's.
Architecture
How keys flow through the extension
The popup UI never receives your private key. Signing requests travel to the isolated background worker and only the resulting signature comes back — by design, not policy.
DApp
Sends tx request via EIP-1193
→
Popup UI
Shows tx details · user confirms
→
Background Worker
Only place keys are decrypted · signs tx
→
Signature Only
Returned to popup · key stays isolated
// Popup sends signing request — never the key
chrome.runtime.onMessage.addListener(async (msg) => {
if (msg.type === 'SIGN_TX') {
// Decrypt vault in worker memory only
const seed = await vault.decrypt(sessionKey);
const privKey = derive(seed, msg.chainPath);
const sig = await sign(privKey, msg.txHash);
privKey.fill(0); // zero memory immediately after use
// Return only the signature — key never leaves this scope
return { signature: sig };
}
});
Encryption
The vault encryption model
Your seed phrase is never stored in plain text. It lives as an AES-256-GCM ciphertext derived from a password you never type twice the same way.
Core Protection
PBKDF2-SHA256 + AES-256-GCM
When you set a password, LiberVault runs 600,000 rounds of PBKDF2-SHA256 with a cryptographically random 16-byte salt to derive a 256-bit encryption key. This stretched key is used to encrypt the seed phrase with AES-256-GCM, producing an authenticated ciphertext.
The result:
The result:
{ iv, salt, ciphertext, tag } stored in chrome.storage.local. Even if that storage were extracted, brute-forcing a strong password would require hundreds of years on modern hardware.
Session Key in Memory Only
After unlock, the decryption key lives only in the background service worker's JavaScript heap. It is never written to disk, never passed to the popup, and is wiped when the worker is terminated (auto-lock, browser close, or explicit lock).
Cryptographic Entropy
Seed phrases are generated using
crypto.getRandomValues() — the browser's CSPRNG. The resulting 128 or 256 bits of entropy are mapped to a BIP-39 mnemonic. No custom RNG, no seeded PRNG, no server-side randomness.Auto-Lock
The wallet locks automatically when the browser is closed or the background service worker is terminated by Chrome's MV3 lifecycle. The session key is not persisted — reopening the extension always requires password entry.
GCM Authentication Tag
AES-256-GCM produces a 128-bit authentication tag alongside the ciphertext. Any tampering with the encrypted vault data will cause decryption to fail with an authentication error — making silent modification detectable.
Cryptographic Stack
Audited libraries. No shims.
LiberVault uses exclusively the noble/scure family — the most thoroughly audited JavaScript cryptography libraries available. Zero Node.js shims, zero native modules, zero untrusted dependencies.
@noble/curves
Elliptic curve operations
secp256k1 (ETH/BTC), ed25519 (SOL/XMR), sr25519 (DOT/LLD). Pure JavaScript, no native bindings.
Independently audited
@scure/bip32
HD key derivation
BIP-32 hierarchical deterministic wallet derivation from seed. Used for all secp256k1 and ed25519 chains.
Independently audited
@scure/bip39
Mnemonic generation
BIP-39 word list and mnemonic-to-seed derivation. Produces and validates 12 or 24-word seed phrases.
Independently audited
@polkadot/api
Substrate signing
sr25519 signing for Polkadot and Liberland chains via Schnorrkel. Used only for tx construction and signing.
Community maintained
monero-javascript
Monero RingCT
Full ring signature support via WASM. The spend key never leaves the background worker; view key used only for scanning.
Community maintained
Web Crypto API
Vault encryption
Browser-native
SubtleCrypto for PBKDF2-SHA256 key derivation and AES-256-GCM vault encryption. No library required.Browser native
Non-Negotiables
What LiberVault will never do
Sovereignty by architecture, not policy. These aren't features we can toggle on — they're structural properties of the design.
No server-side key storage
There is no LiberVault server that holds, syncs, or backs up your keys. Your seed phrase exists only on your device, encrypted only by you.
No plaintext key in the popup
The extension popup never receives a private key — only signatures. Content scripts and injected providers have zero access to key material.
No telemetry or analytics
LiberVault contains no tracking code, no analytics SDK, no crash reporting that leaks usage data. Zero bytes of behavioral data leave your machine.
No seed phrase recovery service
There is no "forgot your password" flow. If you lose your seed phrase and forget your password, your funds are permanently inaccessible. That's sovereignty.
No window.ethereum overwrite
LiberVault implements EIP-6963 multi-wallet discovery — it coexists safely with MetaMask and other wallets without overwriting the global provider.
No closed source
Every line is GPL v3 licensed and publicly auditable on GitHub. Trust the math and the code — not our promises.
Audit it yourself.
The entire codebase is on GitHub. Read the signing logic, inspect the encryption flow, run it locally. We welcome scrutiny.