How LegaKeep Encryption Works
Your key never leaves your device. Here's what that changes - and what it doesn't.
The problem
In January 2026, the DGFIP (France's tax authority) suffered an unauthorized breach of FICOBA, the national bank account database. 1.2 million bank accounts exposed - identities, addresses, banking details. Not a small startup - the French government, with serious security budgets and ANSSI (France's national cybersecurity agency) backing them up.
The word "encrypted" does not mean "private." When services like Google Drive say your files are encrypted, they're right. But they hold the encryption key on their servers. If a hacker reaches those servers, they get the key AND the files. It's like a safe where the owner keeps a spare key under the doormat.
The question isn't if a service will be breached. The question is: what does the hacker get when it happens?
Standard encryption vs zero-knowledge encryption
The difference comes down to one question: who holds the key?
| Standard encryption | LegaKeep (zero-knowledge) | |
|---|---|---|
| Encryption key | On their server | On your device only |
| Can the service read your documents? | Yes, technically | No, mathematically impossible |
| If hacked | Hacker gets key + files | Hacker gets unreadable data |
| Algorithm | AES-256 (often), server-side key | AES-256-GCM, key derived via Argon2id |
| Key derivation | Generated by the server | Argon2id (64 MB, 3 iterations, on your device) |
In practice: when you create your LegaKeep vault, you choose a passphrase (a string of words). This passphrase is transformed on your device - phone or browser - into an encryption key using the Argon2id algorithm (64 MB of memory, 3 iterations, 1 thread). This key then protects every document with AES-256-GCM.
Your passphrase never leaves your device. Our servers never receive it. This is not a promise - it is a technical impossibility.
The Breach Simulator
Here's what happens when a document is encrypted by LegaKeep - with real AES-256-GCM output, not an illustration.
Step 1 - Your document
My will is with Maître Dupont, 12 rue de la Paix, Paris.
Step 2 - After AES-256-GCM encryption
b9buCZlP/KGP+mZK0wv2l+qIIsfiC/LqIJAYKW53OHQl5kLtOZdOBqMnGjpatqS89vuSgTswlxuKMdF0SdzNyLGvfyQOsyOdtxgs0SUvFiis6e/M0BVNrsdnmFQ=
Step 3 - Decryption with the wrong key
¤∆÷≈ç√∫~µ≤≥÷ƒ∂ßå©˙∆˚¬…æ≈ç√∫~µ≤≥÷ƒ∂ßåΩ≈ç√∫~µ≤≥÷ƒ∂ß
AES-256-GCM rejects any incorrect key. The hacker doesn't even get noise - they get an authentication error.
Step 4 - Decryption with your passphrase
My will is with Maître Dupont, 12 rue de la Paix, Paris.
Instant recovery. No data lost.
What you see
My will is with Maître Dupont, 12 rue de la Paix, Paris.
What a hacker sees
b9buCZlP/KGP+mZK0wv2l+qIIsfiC/LqIJAYKW53...
The ciphertext above is real AES-256-GCM output from LegaKeep's encryption module. This is not an illustration.
What LegaKeep knows - and doesn't know
We prefer transparency over reassurance. Here is exactly what our servers contain.
| Data | Visible to LegaKeep? | Detail |
|---|---|---|
| Email address | Yes | Required for authentication |
| First and last name | Yes | Displayed in the household |
| Login timestamps | Yes | Tamper-proof audit log |
| Number of documents | Yes | Storage metadata |
| Document contents | No | Encrypted, key on your device |
| Document titles | No | Encrypted with the same mechanism |
| Passphrase | No | Never transmitted, never stored |
| Encryption key (KEK) | No | Exists only in memory, erased on lock |
Let's be honest
Zero-knowledge encryption doesn't protect you from everything. While your vault is open, your documents are decrypted in the application's memory. But on a modern phone, that memory is isolated: iOS and Android place each application in a sealed compartment (sandbox), preventing any other application from reading LegaKeep's data.
To access that memory, an attacker would need government-grade spyware (like Pegasus, estimated at several million dollars) or physical access to your unlocked phone with specialized forensic tools. To date, no password manager - neither 1Password nor Bitwarden - has suffered a documented memory extraction incident on a phone.
The real risk is simpler: someone picking up your phone while the vault is open. That's why LegaKeep automatically locks your vault after a period of inactivity (30 minutes by default, configurable). On lock, the encryption key is erased from memory. It no longer exists anywhere - not on our servers, not on your device - until you enter your passphrase again.
This model isn't perfect. It's the best known compromise between security and accessibility. The same experts who recommend 1Password for your passwords recommend this architecture for your documents.
Our commitment
We don't ask you to take our word for it. We are going to publish the source code of LegaKeep's encryption module - the code that derives your key, encrypts and decrypts your documents - so that security experts worldwide can verify it and try to break it.
No other digital vault in France does this. Not the big ones, not the small ones. They ask you to trust their institution, their brand, their certifications. We offer you verifiable proof.
This is Kerckhoffs' principle, the same one we applied in our password generator: security relies on the key, not on secrecy of the method. If the code is solid, publishing it makes it stronger.
From Stéphane Eloit, founder of LegaKeep
Before LegaKeep, I built photALL, a platform where fashion creators entrust entire collections before their runway presentations. Files worth millions, sent to teams working remotely. When you manage that level of sensitivity daily, encryption isn't a checkbox - it's the foundation of everything.
That experience convinced me of one thing: security that works is security people actually use. A perfect but unusable system is a system nobody uses. LegaKeep is designed to be as simple as a photo folder - with a level of encryption that even we cannot bypass.
We will probably be hacked one day. Everyone will. The difference is what happens after. With us, the hacker gets digital noise. Your documents remain yours.
Protect your documents with encryption that even we cannot read:
Organize my documents for free →