A deep dive into how Bloodwork protects your health data with client-side encryption that the server cannot bypass.
When you create your account, you choose a password. This password never leaves your browser. Instead, it's fed into PBKDF2 with 100,000 iterations and a random 16-byte salt to derive two separate keys:
Encryption Key — An AES-256 key used to encrypt and decrypt your health data. This key only exists in your browser's memory while the vault is unlocked.
Auth Token — A separate derived value sent to the server (after hashing) to prove your identity. The server stores only a SHA-256 hash of this token, so even the auth credential can't be reversed.
All encryption uses the Web Crypto API built into your browser — no third-party libraries. AES-256-GCM provides both confidentiality and integrity: if even one bit of the ciphertext is tampered with, decryption will fail.
A fresh 12-byte initialization vector (IV) is generated for every encryption operation, ensuring that encrypting the same data twice produces completely different ciphertext.
Your encrypted data is stored in a self-describing binary format with a 4-byte magic header (BWDB), format version, schema version, salt, IV, and the encrypted payload. This means you can decrypt your data with any compatible tool — you're not locked into this application.
The server stores: your username, a hash of your auth token, your salt (needed for key derivation), and opaque encrypted blobs. It cannot see:
Your password, your encryption key, your biomarker names, your lab values, your reference ranges, or any other health data. Even with full database access, an attacker would only see random-looking binary blobs.
Sessions use cryptographically random 256-bit tokens stored as SHA-256 hashes in the database. Sessions expire after 30 days and can be individually revoked from your dashboard. On password change, all existing sessions are invalidated.
Free, encrypted, and private. No credit card required.
Create Your Account