GPG VaultSecure cryptography workspace

Product overview

Take the GPG Vault workspace across web and iOS

Security assurance: GPG Vault stores your encrypted secret key in the cloud, but your secret passphrase never travels over the internet—it stays on your device so only you can unlock the key.

GPG Vault pairs a browser-native cryptography toolkit with a Capacitor iOS shell so you can manage OpenPGP keys, encrypted credentials, contacts, and hashing utilities from any device that can sign into Firebase. This page explains how the pieces fit together and how to stay safe while using them.

Web app: Angular + Firebase HostingiOS app: Capacitor + WKWebViewIdentity & data: Firebase Auth, Firestore, Storage

Unified crypto workspace

Manage OpenPGP keys, AES-256 passphrases, credential vault items, contact fingerprints, and hashing utilities from a single view backed by Firebase.

Verified sync via Firebase

Secrets you choose to persist are encrypted client-side, then stored in Firestore and Storage so every signed-in device—web or iOS—receives the same profile.

Guided operations

Status badges, validation, and inline helpers keep encryption, signing, backups, and credential edits transparent, even when juggling multiple identities.

Privacy-first telemetry

Only anonymous analytics events (page views, feature adoption) leave the device, allowing the team to spot regressions without touching key material.

Web workspace

How to use GPG Vault in the browser

  1. Sign in or create an account

    Use email plus password or Google Sign-In through Firebase Auth. Email verification is required before secrets sync to Firestore.

  2. Import or generate keys

    Drop in ASCII-armored private keys, upload backups, or create fresh OpenPGP pairs directly in the browser. You can keep keys local or store encrypted copies.

  3. Build your encrypted workspace

    Contacts, vault credentials, AES defaults, and verification hashes all live inside the same profile so you can encrypt, decrypt, and share with confidence.

  4. Execute crypto workflows

    Use the Encrypt, Decrypt, Sign, Verify, Hash, and AES panels. Each action emits status updates and copies results to the clipboard on success.

  5. Back up and export

    Download armored keys, export vault entries, or trigger a Firebase Storage backup so that another browser or the iOS app can restore the same state.

iOS app

How the iOS build mirrors the web

  1. Install the Capacitor shell

    Run `npm run build` followed by `npm run cap:sync:ios` and open the included Xcode project, or grab the latest TestFlight build shared by the team.

  2. Sign in with the same Firebase account

    The iOS app hosts the Angular bundle inside a WKWebView, so the regular email/password or Google workflow applies. Once authenticated, Firestore syncs your workspace.

  3. Use native quality-of-life features

    iOS shares the Clipboard, system share sheet, and offline caching provided by the Firebase web SDK, so copied ciphertext or keys move seamlessly between apps.

  4. Stay current with web releases

    Every native build simply wraps the latest `dist/gpg-vault/browser` assets, meaning UI changes and new crypto tools appear on iOS after each Capacitor sync.

Need to ship a build? Run npm run build, npm run cap:sync:ios, then npm run cap:open:ios to launch Xcode and archive for TestFlight or ad-hoc installs.

Cross-platform data flow

How sync, storage, and deletion stay consistent

The browser and iOS experiences reuse the same Firebase project. As soon as you authenticate, listeners attach to users/<uid> documents plus encrypted blobs in Firebase Storage so everything you create or remove is reflected everywhere else in near real time.

  • Profile data resides in `users/{uid}` documents plus a Storage backup, giving each device a single source of truth.
  • Long-running encryption jobs stay local to the device; only the resulting ciphertext or exported files touch the network when you explicitly upload them.
  • Deleting a key or credential in one client propagates through Firestore listeners so stale data disappears everywhere else in real time.
  • Support and analytics endpoints only see anonymized metadata, so operational data never intersects with telemetry.

Release checklist

Keep both platforms aligned before shipping

  1. Verify Firebase configuration

    Populate `src/app/firebase-config.ts` before building for production or shipping to the App Store/TestFlight so Auth, Firestore, Storage, and Analytics resolve.

  2. Enable App Check in production

    Add the reCAPTCHA Enterprise site key to `firebaseAppCheckConfig` or `index.html` to protect web and iOS sessions from automated abuse.

  3. Align release cadence

    Create a new web build every time features change, then re-run `npm run cap:sync:ios` so the native shell includes the same assets and Firebase schema.

  4. Test mission-critical flows

    Encrypt/decrypt round-trips, credential lookups, and AES operations should be exercised on both platforms prior to distributing a release.

Need help or security review?

Email support@ero.solar for deployment reviews, incident response, or deeper architecture questions. Expect a response within one business day.

Bug reports should include repro steps, platform info, and whether the issue appears on both clients.