Features Security How it works Privacy GitHub Launch App →
Open Source · Local First · No Cloud

Your Vault.
Your Device.

CryptHub is a local-first password manager that encrypts everything with AES-256-GCM. No cloud. No accounts. No telemetry. Your passwords never leave your device.

Launch Web App View on GitHub
256
BIT KEY
GCM
AUTH MODE
0
CLOUD BYTES
MIT
LICENSE
Why CryptHub

Everything you need.
Nothing you don't.

Built for people who want full control over their passwords without handing them to a third party.

AES-256-GCM Encryption
Every password is individually encrypted with a random IV before storage. Authenticated encryption that detects tampering.
Local-Only Storage
Your data lives in your browser's IndexedDB. No internet connection required — ever. Zero server-side storage.
Master Password Auth
Your master password is never stored. Only a PBKDF2-derived hash with a random salt. Session key lives in memory only.
Vault Migration
Export your entire vault as a signed, encrypted .crypthub file. Import on any device with your master password.
Password Generator
Cryptographically random passwords with configurable length and character sets. Built-in strength meter.
Search & Categories
Instantly filter by label, username, or category. Organise into Social, Work, Finance, Dev, and more.
How It Works

Simple. Private. Yours.

No accounts to create. No emails to verify. Just open the app and start.

Step 01
Set a Master Password
Choose a strong master password. It's never stored — only used to derive your encryption key via PBKDF2 (310,000 iterations).
Step 02
Add Your Passwords
Create entries with labels, usernames, passwords, and categories. Use the built-in generator to create strong passwords instantly.
Step 03
Access Anywhere
Export your vault as a .crypthub file and import it on any device or browser. Your data travels with you — fully encrypted.
Vault Migration Flow
🖥️
Your Browser
Unlock vault
Export
Migrate Vault
🔐
vault.crypthub
Encrypted file
Import
Verify password
💻
Any Device
Vault restored
Security Model

Cryptography you
can verify.

Open source. Read the code, audit it yourself, or run it locally. No black boxes.

01
Master Password → PBKDF2
Never stored. Run through PBKDF2 (310,000 iterations) with a random 32-byte salt to produce a hash.
PBKDF2(password, salt, 310000) → masterHash
02
Session Key in Memory Only
256-bit key held in memory only — cleared immediately on lock or tab close. Never written to disk.
PBKDF2(password, salt) → sessionKey
03
AES-256-GCM Per Entry
Each password encrypted individually with a unique random IV. The GCM auth tag detects any tampering.
AES-256-GCM(password, sessionKey, iv)
04
Export Signature Chain
Two-layer key derivation chain for export files. Tamper with the file and auth tag verification fails on import.
PBKDF2(masterHash, exportSalt) → exportKey
Security Summary
Password hashingPBKDF2 — 310,000 iterations, 32-byte salt
Vault encryptionAES-256-GCM, random IV per entry
Export fileAES-256-GCM, signed via PBKDF2 chain
Session keyIn-memory only, never written to disk
Master passwordNever stored — salted hash only
Tamper detectionGCM auth tag on every encrypted value
Transparency

Privacy & Data Control

We believe you have the right to know exactly what happens to your data. No fine print. No ambiguity.

What stays on your device
  • All passwords and vault entries
  • Your master password (never transmitted)
  • All encryption keys and session data
  • Exported .crypthub backup files
  • All IndexedDB storage in your browser
What we never collect
  • No passwords or vault data
  • No account registration or email
  • No analytics or usage tracking
  • No cookies or third-party scripts
  • No telemetry of any kind
Your Data Rights
Export
Export your entire vault at any time as an encrypted .crypthub file. You own it completely — no lock-in.
Delete
Clear all data via your browser's storage settings or the app's built-in clear vault option. Gone permanently.
Portability
Your vault is not tied to any account or service. Move it between browsers and devices freely at any time.
Important — Please Read
  • If you forget your master password, there is no recovery option. It is never stored anywhere.
  • If you clear your browser data, your vault will be erased. Export a backup regularly.
  • CryptHub has not undergone a formal third-party security audit. Use at your own discretion.
  • On shared or public computers, always lock your vault and clear browser data after use.
FAQ

Common questions.

What happens if I forget my master password?
There is no recovery option. Your master password is never stored anywhere. If you forget it, your vault cannot be decrypted. Store it safely offline.
Is my data backed up anywhere?
No. Your vault lives entirely in your browser's IndexedDB. Use the Export feature regularly to keep a .crypthub backup on a USB drive or secure external storage.
Does CryptHub work offline?
Yes. After the first load, CryptHub works fully offline. No internet connection is required to access or manage your vault.
Can I use it on multiple devices?
Yes — use the Migrate Vault feature to export your vault and import it on any other device or browser. Each import fully restores your vault.
What browsers are supported?
Any modern browser with the Web Crypto API and IndexedDB — Chrome, Firefox, Safari, Edge, and Opera are fully supported.
Has CryptHub been audited?
No formal third-party audit has been conducted. CryptHub is open source — read the code, audit it yourself, and report issues via GitHub.
What happens on import?
Import is destructive. It permanently replaces all current vault data with the imported vault. There is no undo. Always export a backup first.
Legal

Terms of Use

1. Acceptance

By using CryptHub, you agree to these terms. CryptHub is provided free of charge for personal use under the MIT License.

2. No Warranty

CryptHub is provided "as-is" without any warranty of any kind. This includes warranties of merchantability, fitness for a particular purpose, or non-infringement. Use at your own risk.

3. No Liability for Data Loss

The developers are not responsible for any loss of data, loss of vault access, or security breaches resulting from forgotten master passwords, browser data deletion, hardware failure, or any other cause. You are solely responsible for maintaining backups.

4. No Security Audit

CryptHub has not undergone a formal third-party security audit. While it uses industry-standard primitives (AES-256-GCM, PBKDF2, Web Crypto API), no guarantee of security is made. Review the source code yourself before trusting it with sensitive credentials.

5. Open Source — MIT License

CryptHub is open source under the MIT License. You are free to use, copy, modify, distribute, and sell the software, provided the copyright notice is included in all copies.

6. Changes to Terms

These terms may be updated at any time. Continued use of CryptHub after changes constitutes acceptance. The most current version is always published on this page.

Get Started

No install.
No account.
Just open it.

Run CryptHub directly in your browser. Works on any modern device. Your data never leaves your machine.

Open CryptHub View Source
No Install Works Offline Chrome Firefox Safari Edge