Built around modern authenticated encryption.

Encryption suite

XChaCha20-Poly1305 via libsodium

Digital Gun Vault uses XChaCha20-Poly1305 as an authenticated encryption construction. That means the vault payload is encrypted for confidentiality and carries an authentication tag so tampering is detected before decrypted data is used.

The extended XChaCha nonce design gives the app a large random nonce space, which is well suited to local encrypted file formats where accidental nonce reuse must be aggressively avoided.

Password hardening

Argon2id for master and recovery passwords

Passwords are not used directly as vault encryption keys. Digital Gun Vault derives wrapping keys with Argon2id, the hybrid Argon2 variant standardized by the IETF for memory-hard password hashing.

Each password and recovery envelope uses its own random salt, and the app separates master password, recovery password, and payload encryption domains.

Fail closed

Authenticate first, parse second

Vault authentication is verified before inventory JSON is parsed or displayed. If the password is wrong or the file has been modified, the vault should remain unreadable instead of exposing partial data.

The app does not intentionally log master passwords, recovery passwords, vault keys, decrypted JSON, or plaintext inventory records.

Local-first privacy

No cloud account required

Digital Gun Vault is designed around local files. Inventory data is stored in your `.dgv` vault file, not in a website account, and the website does not collect release signup data.

Update checks download public version metadata and packages only. The update manifest does not upload vault contents, serial numbers, passwords, or local inventory data.

Plaintext PDF and Excel exports are intentionally warned as sensitive. Treat exports as readable copies and store them only where you would store other sensitive documents.

Convenience unlock

Local cache without storing passwords

Recent desktop builds support a short-lived convenience unlock model that stores a locally wrapped vault key tied to the current `.dgv` file fingerprint. It does not store the master password.

If the vault file changes outside the app, the fingerprint check invalidates cached unlock material and the user is prompted again.

Biometrics

Windows Hello and Touch ID are convenience unlocks

Windows Hello and Touch ID support is designed as a local convenience unlock for a previously unlocked vault, not as a replacement for the master password or recovery password.

A synced or copied vault must remain unlockable on a new device with the master password or recovery password, even when biometrics are enabled on another device.

Safe update flow

Automatic updates use guarded metadata

The app checks the Digital Gun Vault website for update metadata. The website validates Azure update fragments before the app can see a direct install option. If update metadata is missing or rejected, the app falls back to a manual download page.

Direct updates are installed only after the downloaded package matches the expected SHA-256 checksum. Signed metadata and package signing remain planned release-blocking hardening before broad public automatic updates.

Attachments

Paperwork and images are restricted

Attachments are checked before they enter the encrypted vault. Firearm images allow common image formats, while NFA paperwork allows PDF plus approved images. Executables, scripts, archives, links, macro-capable documents, mismatched file headers, and oversized files are rejected.

Opened paperwork uses a randomly named temporary local copy that the app attempts to clean up when it closes, locks, switches vaults, or performs periodic cleanup.