All posts
·5 min read

Building Witflo: Why We Built a Zero-Trust Encrypted Notes Platform

The technical story behind Witflo, our open-source zero-trust encrypted notes platform built with Flutter. From cryptographic decisions to cross-platform challenges.

fluttersecurityencryptionopen-sourceprivacy

The Problem: Your Notes Are Training Someone Else's AI

In 2026, note-taking apps hold some of our most intimate data — journal entries, business strategies, therapy reflections, passwords, ideas. Yet mainstream tools like Evernote, Notion, and Google Keep store this data in plaintext on their servers.

The reality:

  • Your notes can become AI training data
  • Data breaches expose millions of accounts every year
  • Cloud providers can read everything you write
  • Your thoughts become ad targeting signals

We built Witflo to solve this. A zero-knowledge encrypted notes app where your data is encrypted on your device before it touches the disk. No cloud provider, no AI model, no one can read what you write — except you.

Our Approach: Security First, Then Features

Most encrypted apps get this wrong. They build features first, then try to bolt on encryption. We started with the security model and built everything else around it.

The Encryption Architecture

Zero-knowledge, zero-trust. Even if someone gets full access to your device's storage, they can't read your notes without your password.

Here's the key hierarchy we designed:

Why this matters:

  • Argon2id — Memory-hard password hashing makes brute-force attacks impractical
  • XChaCha20-Poly1305 — Authenticated encryption ensures data integrity
  • Unique keys per note — Even if one key leaks, others remain safe
  • Memory-only keys — Master keys are zeroized on lock, never touch disk

Technical Decisions

Every cryptographic choice was deliberate:

  • Argon2id over bcrypt — Better resistance to GPU/ASIC attacks with configurable memory cost
  • XChaCha20 over AES-GCM — No AES-NI dependency needed (better for ARM/mobile)
  • HKDF for key derivation — Proper cryptographic key isolation per note
  • File-based storage — Enables "bring your own cloud" sync without trusting the cloud provider

Storage Architecture

Content-addressed encrypted blobs in a Git-like layout:

Each note is:

  1. Encrypted with a unique derived key
  2. Hashed with BLAKE2b for integrity
  3. Stored in content-addressed layout
  4. Deduplicated automatically

Sync Strategy: "Bring Your Own Cloud"

Instead of forcing users to trust our cloud, we let them use their own:

Key features:

  • Google Drive, OneDrive, Dropbox, or Syncthing
  • Cloud provider only sees encrypted blobs
  • File system monitoring detects remote changes
  • CRDT-based conflict resolution handles concurrent edits
  • Works offline, syncs when you reconnect

Why Flutter?

Cross-platform without compromise. Witflo runs on:

  • 🖥️ macOS, Linux, Windows
  • 📱 iOS, Android (coming soon)
  • 🌐 Web browsers

One codebase, six platforms. Native performance everywhere.

Platform Abstractions

Dart conditional imports let us write platform-agnostic code:

  • Native: Direct file system access via Dart FFI to libsodium
  • Web: IndexedDB for storage, WASM-compiled crypto
  • Unified API: Same code works everywhere

What Makes Witflo Different

🔒 Zero-Knowledge Encryption

Your password never leaves your device. We can't read your notes even if we wanted to.

📴 Offline-First

Works without internet. Notes are always available, sync when you're ready.

🗂️ Multi-Workspace

Isolated encrypted vaults for work, personal, projects. Each with its own password.

🎨 Built for Focus

Dark/light themes, distraction-free editor, markdown support.

🌍 Open Source

Don't trust us? Audit the code yourself. Licensed under MPL-2.0.

The Stack

Frontend:

  • Flutter & Dart
  • Riverpod for state management
  • Flutter Quill for rich text editing
  • go_router for navigation

Crypto:

  • libsodium (Argon2id, XChaCha20-Poly1305, HKDF, BLAKE2b)
  • Dart FFI for native crypto access
  • Memory safety patterns (key zeroization)

Storage:

  • File-based content-addressed storage
  • CRDT-based sync (coming soon)
  • Platform-specific abstractions

Try It Yourself

Witflo is open source and free to use:

Lessons Learned

Building a security-first app taught us:

  1. Start with the threat model — Define what you're protecting against before writing code
  2. Cryptography is hard — Use battle-tested libraries (libsodium), don't roll your own
  3. Platform abstractions matter — Design for multi-platform from day one
  4. File-based storage is powerful — Enables sync without trusting a cloud provider
  5. Open source builds trust — Users can audit the security claims themselves

What's Next for Witflo

We're actively building:

  • 🔄 End-to-end encrypted sync across devices
  • 📱 iOS and Android apps (in beta)
  • 🔐 Biometric unlock (Face ID, Touch ID, Fingerprint)
  • 🔍 Encrypted search with full-text indexing
  • 📎 File attachments (encrypted PDFs, images, documents)
  • 🔮 Post-quantum cryptography for future-proofing

Witflo is open source under MPL-2.0. Try it at witflo.com or view the source at github.com/nativewit/witflo.

Need a secure, privacy-first mobile or web app? Let's talk →

Have questions about this post? Get in touch.