ZeroLink Documentation Index

April 5, 2026 · View on GitHub

Language: English | 中文

ZeroLink Documentation Index

Quick Lookup

I want to learn about...

Project Concepts

Technical Architecture

Security Design

Core Mechanisms

Cryptography

API Protocol

Implementation Details

UX Design

Testing

Build Integrity


Reading by Role

Frontend Developer

  1. QUICK_START.md - Set up the project
  2. TECH_STACK.md - Tech stack overview
  3. ARCHITECTURE.md § Data Flow Diagrams - Frontend responsibilities
  4. PRD.md § 7 - Cryptography implementation
  5. PRD.md § Appendix C - Lock Secret implementation
  6. PRD.md § Appendix E - Padding implementation

Backend Developer

  1. QUICK_START.md - Set up the project
  2. ARCHITECTURE.md - System architecture
  3. SELF_HOSTED_CONTRACT.md - Self-hosted backend contract
  4. PRD.md § 10 - Full API
  5. PRD.md § Appendix D - Lock API Schema
  6. PRD.md § Appendix H - WebAuthn verification

Security Auditor

  1. SECURITY.md - Full security model
  2. SECURITY.md § Attack Scenario Analysis - Threat analysis
  3. SECURITY.md § Security Invariants - Audit checkpoints
  4. SECURITY.md § Cryptographic Specification - Encryption parameters
  5. PRD.md § 14 - Test vectors

DevOps / Deployment

  1. DEPLOYMENT.md - Full deployment guide
  2. SELF_HOSTED_DEPLOYMENT.md - Docker Compose self-hosting
  3. VERIFY.md - Build integrity verification

FAQ

Q: Why use URL Fragment to store lock_secret?

SECURITY.md § TOFU Preemptive Lock

Q: How does Padding prevent length leakage?

ARCHITECTURE.md § Ciphertext Length Leakage Mitigation

Q: Can WebAuthn private keys be exported?

SECURITY.md § Admin Private Key Non-Exportable

Q: Can the server see plaintext?

SECURITY.md § Server Zero-Knowledge

Q: How to prevent man-in-the-middle attacks?

SECURITY.md § Man-in-the-Middle Attack

Q: What's the difference between Quick Share and Secure Share?

PRD.md § 4. Product Modes and Security Tiers

Q: How to verify frontend code hasn't been tampered with?

VERIFY.md