Security Framework Version: 2026.1 • Audit Status: Verified
PassCrypt follows strict regulatory standards for data security. The client-side symmetric block cipher utilizes AES-256-GCM (Galois/Counter Mode), conforming directly to the FIPS 197 security framework. The initialization parameters generate 12-byte cryptographically secure random nonces for every record transaction, preventing any reuse vectors.
In alignment with directives issued by the Indian Computer Emergency Response Team (CERT-In), PassCrypt stores zero-knowledge transaction audit markers:
At the database level, the AuditLog registry enforces row-level security. PostgreSQL access configurations prevent any UPDATE or DELETE operations on logs, ensuring a complete, tamper-proof audit trail for enterprise accounts.
Our core implementation has zero external dependencies on third-party security libraries. By building directly on top of browser-native WebCrypto primitives, PassCrypt is immune to supply-chain attacks and runtime compromises typical in standard node package trees.
If you detect a potential vulnerability in our key wrap mechanism or API authentication layers, please contact our security desk immediately at security@passcrypt.online. We execute rapid patching logs within 24 hours of audited report confirmation.