openfirst
Security

Built to be trusted —
and honest about the limits.

OpenFirst runs entirely on your device and hands your loved ones a single file they open offline. Here's what that protects, what it deliberately doesn't, and how to check every claim yourself. The full threat model lives in SECURITY.md.

No server

The app is static files. Nothing you type is uploaded — there is nowhere to upload it to.

A map, not a vault

The plan records where secrets live — never the secrets. The app refuses to store a raw one.

Outlives the company

Open, documented formats — plain JSON, Markdown, one HTML file — readable in 20 years without us.

Verifiable

Open source, and the whole app builds to one auditable file.

What is protected

Locked with the same recipe banks use — and the recipe is public.

Provably offline

A strict Content-Security-Policy forbids every network connection — even a maliciously crafted plan can't phone home. Everything is inlined; nothing is fetched.

Strong, standard encryption

Every parameter is stored in the file, so it decrypts with standard tools — no OpenFirst needed. The password hint is tamper-evident: it can't be rewritten without breaking decryption.

The draft is encrypted too

While you build, the auto-saved draft can be locked with a passphrase (Settings → Draft protection). A copied disk or backup reveals nothing.

Safe rendering

Guide text goes through a small hand-written renderer that escapes all HTML. A tampered plan can't inject scripts or dangerous links.

AES-256-GCM PBKDF2-SHA256 · 600,000 iterations connect-src 'none' 6-word passphrase ≈ 77 bits
Entropy is the real lever. The app nudges you toward a 6-word passphrase — that makes brute force infeasible. A short PIN doesn't; treat it as friction, not protection.
What is not protected

Four things stay your job.

Your unlocked device

Malware, a rogue extension, or someone at your unlocked screen while you edit — no app can protect against that.

Secrets don't belong here

No seeds, keys, passwords or PINs — even in notes. Keep them on hardware, paper or a password manager, and point to them.

A lost passphrase is gone

No reset, no backdoor — that's the point. Keep your encrypted export somewhere safe.

Delivery is human

Your heir has to find the plan and receive the password — a sealed letter, a lawyer, family. Test it with a dry run.

Verify it yourself

Don't trust us. Check.

  1. Read the source — small and dependency-light: one runtime dependency for zip, everything else native Web Crypto.
  2. Reproduce the build, go offline, open dist/build/index.html from disk. It works — it never needed the network.
  3. Inspect an encrypted export — plain JSON showing algorithm, KDF, iterations, salt and IV; decrypt it with Node.js alone.
  4. Watch the network tab while a reader loads: zero requests.

Found a vulnerability? Email security@openfirst.io with steps to reproduce — we'll credit you unless you'd rather we didn't.