Security

Threat model · v1.0 · 2026-05-09

This page is the short version. The exhaustive document lives in SECURITY.md in the repository, alongside the audit log of cryptographic decisions.

What zz-drop protects

Your profile at rest. Profile files (~/.config/zz-drop/profiles/*) are sealed with XChaCha20-Poly1305 using a 256-bit key derived from your passphrase via Argon2id. The v1 baseline is m=64MiB, t=3, p=1; this is rotated upward when the maintainer ships a new default — see the parameter-rotation note in the repository.
Your passphrase. Stays in memory only as long as needed; zeroized on drop. Never written to disk in plaintext, never sent over the network.
Your OAuth tokens. Stored only inside the encrypted profile. A leaked, decrypted profile would give an attacker the same access the provider's own client would.

What zz-drop does not protect — yet

File content in flight to the provider. v1 uploads file bytes as-is over TLS to the four active providers. They see plaintext exactly as their first-party clients would.
File content at rest with the provider. Same caveat. Provider-side encryption depends on the provider.
End-to-end encryption of file content is on the v1.1 roadmap. We will not ship it before it has been independently reviewed.

Out of scope

Compromised endpoint (your machine, after passphrase entry, while profile is unlocked).
Coercion against you or the cloud provider operator.
Cryptographic primitives themselves; we trust the upstream Rust crypto crates that wrap these primitives (chacha20poly1305, argon2) and the RustCrypto / sodiumoxide ecosystems they depend on.

Verifying the install script

The Linux one-liner downloads install.sh over TLS. Before executing, you can verify its minisign signature against the public key below.

curl -fsSLO https://zz-drop.net/install.sh
curl -fsSLO https://zz-drop.net/install.sh.minisig
minisign -Vm install.sh -P <draft — replaced at v1.0.0>
sh install.sh

🚧 Draft key. This is a placeholder. The real release-signing key is generated when the v1.0.0 build pipeline ships and will appear here before the first public release. Do not verify production binaries against this string.

Public key

untrusted comment: zz-drop release signing key v1 (DRAFT) <draft — replaced at v1.0.0>

The same key signs every release tarball and the standalone Linux binaries. Key rotation, if it ever happens, will be announced via a signed advisory in the repository and a new key published here with a 30-day overlap.

Reporting a vulnerability

Email security@zz-drop.net. PGP fingerprint and disclosure window are in SECURITY.md. We aim to acknowledge within 72 hours and ship a fix within 30 days for severity high or critical.