Squyr Squyr. Bilateral Cryptographic Data Exchange
SIGN IN ↗
✓ Email Shield — 8 Steps Verified
The message traveled from sender compose to recipient inbox without any sensitive data appearing in plaintext on the wire. Pre-send DLP intercepted PII/PHI, bilateral encryption sealed the payload, and the recipient proved identity via their private key to unlock the message.
01 · Compose 02 · DLP Scan 03 · Redact 04 · Encrypt 05 · Transmit 06 · Receive 07 · Key Unlock 08 · Decrypt
Squyr.
Home How It Works Mail Verify Protocol Downloads Protocol Demo Email Shield
Web Crypto · Live Demo   8-STEP BILATERAL PROTOCOL

Cryptographic Protocol
Step-by-Step

Real Web Crypto API operations. Every transformation rendered live — from raw PHI input to verified decryption on the receiving end.

Session
Sender
Recipient
Protocol Demo Press Step 1 to begin
01 Data Intake — plaintext PHI/SSN/email
AWAITING

User submits raw plaintext data — patient name, SSN, email, or any PHI field. This is the only moment the data exists in readable form. In production this happens client-side within an encrypted session. Nothing is stored.

— Raw plaintext appears here after ingestion —
02 SHA-256 Hash — 256-bit fingerprint
LOCKED

The plaintext is fed through SHA-256. The result is a deterministic 32-byte fingerprint — a unique, irreversible representation of the original data. The original is then discarded from memory.

— 64 hex chars · 256 bits · one-way function —
03 HKDF Key Derivation — ECDH → 256-bit key
LOCKED

Using ECDH (Elliptic Curve Diffie-Hellman) with curve X25519, both parties derive an identical 256-bit session key. Each side combines their private key with the other's public key — a shared secret that only the two parties can compute.

— ECDH shared secret → HKDF-Expand → 256-bit AES key —
04 AES-256-GCM Encrypt — symmetric auth. encryption
LOCKED

The data is encrypted with the derived session key using AES-256-GCM — AEAD (authenticated encryption with associated data). A random 12-byte IV is generated per message. The auth tag guarantees the ciphertext hasn't been tampered with.

— iv[12] ‖ ciphertext ‖ auth_tag[16] · format: hex —
05 Ed25519 Signing — sender private key
LOCKED

The sender's Ed25519 private key signs the encrypted package. This creates a 64-byte cryptographic signature that proves the package originated from the sender and was not modified in transit. The private key never leaves the sender's device.

— sig[64 bytes] = Ed25519-Sign(sender_sk, package_hash) —
06 Recipient Verifies — Ed25519 public key check
LOCKED

The recipient receives the sender's Ed25519 public key and the signature. Using the public key alone, the signature is verified against the package. This confirms the package is authentic and unmodified — without any knowledge of the sender's private key.

— verify(sender_pk, sig, package_hash) → true/false —
07 Key Unlock — recipient private key decrypts
LOCKED

After signature verification, the recipient's Ed25519 private key participates in the ECDH key exchange to re-derive the shared session key. Only the recipient (who holds the correct private key) can compute this key. This is zero-knowledge proof of identity — the key proves who you are.

— ECDH(recipient_sk, sender_pk) = shared_secret —
08 Decrypt & Deliver — AES-256-GCM decryption
LOCKED

The recipient uses the re-derived session key to decrypt the AES-256-GCM payload. The auth tag is checked — if it fails, decryption is rejected. The plaintext is delivered to the authorized recipient. All intermediate values are zeroed from memory.

— AES-GCM-Decrypt(key, iv‖ct‖tag) → plaintext · auth_tag verified —
✓ Protocol Complete — Zero Knowledge Verified
All 8 steps completed. The data was transmitted, verified, and decrypted — without the plaintext ever crossing the wire in an identifiable form. The recipient proved identity via their private key without revealing it.
01 · Data Intake 02 · SHA-256 Hash 03 · HKDF Key Derivation 04 · AES-256-GCM 05 · Ed25519 Sign 06 · Signature Verify 07 · Key Unlock 08 · Decrypt & Deliver

All operations run locally in your browser. SHA-256 hashing, AES-256-GCM encryption, and Ed25519 signing/decryption are performed via the native Web Crypto API and TweetNaCl.js. No plaintext PHI is transmitted over the network. Only hashed or encrypted values cross the wire.

● LIVE · SESSION
Session ID
Sender
Recipient
Completed0 / 8
8-STEP PROTOCOL
01Data Intake
02SHA-256 Hash
03HKDF Key Derivation
04AES-256-GCM Encrypt
05Ed25519 Signing
06Recipient Verify
07Key Unlock
08Decrypt & Deliver
● SECURITY
PHI on wireNO
Hash transmittedNO
Ciphertext sentNO
Signature sentNO
ALGORITHMS
HashSHA-256
Key exchangeX25519 ECDH
Key derivationHKDF-SHA256
EncryptionAES-256-GCM
SigningEd25519

No PII on the wire. Real TweetNaCl.js + Web Crypto API. Zero network transmission of plaintext PHI.