Designing a zero-knowledge encrypted storage app with only two features. Looking for feedback.
​
I've been working on the architecture for a privacy-first encrypted storage app, and I'm intentionally keeping it as simple as possible.
The core idea is that every additional feature increases the attack surface, so the application only does two things:
Upload (encrypt locally before upload)
Download (decrypt locally after download)
Some design decisions:
Users receive a 24-word recovery phrase during registration.
The recovery phrase derives the Master Key.
The Master Key is never used directly. It only derives purpose-specific keys using HKDF.
Every file has its own derived encryption key.
File metadata is encrypted with a separate key hierarchy.
The server never sees plaintext, encryption keys, or the recovery phrase.
The local password is only used to unlock an encrypted Master Key vault stored on the device.
A maximum of two authorized devices can be linked to an account.
Users can export an encrypted Vault containing all ciphertext and encrypted indexes at any time.
The long-term goal is that even if the company shuts down, users can still recover all their files using only their 24-word recovery phrase and the exported Vault.
The philosophy is simple:
The server stores data. The client owns trust.
I'm not trying to build another cloud drive with collaboration, document editing, AI features, or social functionality. The goal is to build a storage system that does one job extremely well: protecting user data.
I'm interested in feedback from people with experience in cryptography, secure storage, or zero-knowledge systems.
What potential weaknesses or design mistakes do you see in this approach?