Fordan Documentation
Local-first: open any archive or encrypted file, re-encrypt into any format.
Product
What Fordan does, who it's for, and what ships in MVP.
Threat Model
Assets protected, adversaries considered, explicit non-goals.
Vault Format
Byte-exact spec for the encrypted vault container.
File Format (.sec)
Streaming authenticated-encryption container for single files.
Security Status
Current audit state and cryptographic assurances.
Non-Negotiables
- Never touch the source disk — read-only access enforced by the type system.
- No homemade crypto — only vetted RustCrypto primitives (Argon2id, ChaCha20-Poly1305, AES-GCM, BLAKE3).
- Public versioned documented format — all formats specified before any code lands.
- Local-first — the core library and CLI contain zero network calls.
- Tamper-evident — every encrypted artifact carries an AEAD tag; verification is mandatory.