Offline-only, cross-platform Avalonia vault that keeps every byte of your data on-device, anchored to the OS keystore and hardened with Argon2id + AES-GCM.
- What makes SecureSharp different
- Security model at a glance
- Project layout
- Runtime behavior
- Data locations
- Quick start (dev)
- Build & publish
- Installers
- Testing & quality gates
- Release checklist
- Reset / data wipe
- Troubleshooting tips
- Offline by design: No sync, no telemetry, no background calls. Network namespaces are blocked at build time.
- Device-bound secrets: Master key material is wrapped by the OS keystore (DPAPI/CredMan on Windows, Keychain on macOS, Secret Service on Linux) before vault encryption.
- Strong crypto defaults: Argon2id for KDF, AES-GCM for envelope encryption, integrity manifests on every vault write.
- Guided onboarding: Generates a strong recovery password, stores it as a first entry, and enforces distinct master vs. recovery passwords.
- User-safety UX: TOTP prompts guard profile changes, master rotation, exports/imports, and backups.
- Portable UI: Avalonia 11 shell with Fluent styling and compiled bindings for perf.
- Release ready: Single-file, self-contained publish targets for Windows, macOS, and Linux.
If you're new to the codebase: start with SecureSharp.UI to see the navigation/view models, then open SecureSharp.VaultCore to understand orchestration, and finally skim SecureSharp.Crypto for the cryptographic glue.
- Master password -> Argon2id calibration (device-performance tuned) -> derived key.
- Derived key is wrapped with the platform keystore and combined with per-vault salts.
- Vault contents are encrypted with AES-GCM; manifests track fingerprints and integrity.
- Build gate:
build/OfflineScannerfails compilation ifSystem.Net*appears anywhere. Hooked viaDirectory.Build.targetsand runs before every project build.
Diagram: encryption and key flow
flowchart TD
A[Master password] --> B[Argon2id calibration<br/>per-device tuned]
B --> C[Derived key]
C --> D[Wrap with OS keystore<br/>DPAPI/CredMan / Keychain / Secret Service]
D --> E[Vault root key + salts]
E --> F[AES-GCM encrypt/decrypt<br/>entries + manifests]
F --> G[Integrity manifest<br/>fingerprints]
G --> H[Offline scanner gate<br/>fails build on System.Net*]
src/SecureSharp.UI- Avalonia desktop shell (navigation, theming, UX, TOTP/QR support).src/SecureSharp.VaultCore- vault orchestration, key wrapping, backup + integrity pipelines.src/SecureSharp.Crypto- Argon2id KDF + AES-GCM helpers.src/SecureSharp.Persistence- file-based storage layout and manifest handling.src/SecureSharp.OSIntegration- keystore bindings (Windows DPAPI/CredMan, macOS Keychain, Linux Secret Service).build/OfflineScanner- MSBuild task to enforce offline posture.build/SecureSharp.ps1/build/SecureSharp.sh- dev build + run helpers.tests/SecureSharp.Tests- integration and regression coverage for onboarding, unlock, vault entries, transfers/backups, keystore/crypto, and settings.
Diagram: component overview
flowchart TD
subgraph UI[SecureSharp.UI<br/>Avalonia shell]
end
subgraph Core[SecureSharp.VaultCore<br/>Vault orchestration]
end
subgraph Crypto[SecureSharp.Crypto<br/>Argon2id / AES-GCM]
end
subgraph Persist[SecureSharp.Persistence<br/>File storage + manifests]
end
subgraph OSI[SecureSharp.OSIntegration<br/>OS keystores]
end
subgraph Tests[Tests<br/>Integration/regression]
end
DBT[Directory.Build.targets<br/>Offline scanner hook]
UI --> Core
Core --> Crypto
Core --> Persist
Core --> OSI
Tests -. exercise .-> Core
DBT -. build gate .-> UI
DBT -. build gate .-> Core
- Offline posture: no telemetry, sync, or update checks; any
System.Net*usage fails the build via OfflineScanner. - Auto-lock: UI enforces re-authentication on inactivity (configurable inside app settings).
- TOTP-guarded operations: profile edits, exports/imports, backups, and master rotations prompt for TOTP.
- Recovery-first onboarding: generates a recovery password, saves it as the first vault entry (favorite + tagged), and requires master != recovery.
- Integrity-first writes: each save updates a manifest fingerprint; mismatches surface before decrypt attempts.
- Windows:
%AppData%\\SecureSharp\\vault\\(vault data) and%AppData%\\SecureSharp\\walkthrough.seen(onboarding marker). - macOS/Linux:
$XDG_DATA_HOME/SecureSharp/vault/(or~/.local/share/SecureSharp/vault/fallback). - Publish outputs:
src/SecureSharp.UI/bin/Release/net10.0/<rid>/publish/.
Follow these three steps to get the UI running locally:
- Install .NET 10 SDK
- Windows:
winget install --id Microsoft.DotNet.SDK.10 - macOS:
/bin/bash -c "$(curl -fsSL https://aka.ms/install-dotnet.sh)" -- --channel 10.0 --install-dir /usr/local/share/dotnetthen symlinkdotnetinto PATH. - Ubuntu/Debian:
sudo wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O /tmp/packages-microsoft-prod.deb && sudo dpkg -i /tmp/packages-microsoft-prod.deb && sudo apt-get update && sudo apt-get install -y dotnet-sdk-10.0 - Fedora/RHEL/CentOS:
sudo rpm -Uvh https://packages.microsoft.com/config/centos/8/packages-microsoft-prod.rpm && sudo dnf install -y dotnet-sdk-10.0 - Verify:
dotnet --info
- Windows:
- Clone and enter the repo:
git clone <repo> && cd SecureSharp-CSharp - Run the dev script (build + launch UI):
- Windows:
powershell -ExecutionPolicy Bypass -File .\build\SecureSharp.ps1 - macOS/Linux:
bash ./build/SecureSharp.sh(first run:chmod +x ./build/SecureSharp.sh) - Both scripts will verify/install .NET 10 and
dotnet-formatautomatically (Homebrew/apt/winget where available; otherwise they fall back to the official dotnet-install script).
- Windows:
- Windows x64:
dotnet publish src/SecureSharp.UI/SecureSharp.UI.csproj -c Release -r win-x64 --self-contained true /p:PublishSingleFile=true /p:UseAppHost=true - macOS x64:
dotnet publish src/SecureSharp.UI/SecureSharp.UI.csproj -c Release -r osx-x64 --self-contained true /p:PublishSingleFile=true /p:UseAppHost=true - Linux x64:
dotnet publish src/SecureSharp.UI/SecureSharp.UI.csproj -c Release -r linux-x64 --self-contained true /p:PublishSingleFile=true /p:UseAppHost=true - Outputs land in
src/SecureSharp.UI/bin/Release/net10.0/<rid>/publish. - Supported RIDs (current scripts):
win-x64,osx-x64,linux-x64. Add-r <rid>variants (e.g.,linux-arm64) as needed. - Common toggles: drop
--self-contained truefor framework-dependent publish; add/p:PublishReadyToRun=truefor faster cold start; leave trimming off for now (Avalonia + reflection-heavy UI). - Notes: warnings are treated as errors (
Directory.Build.props), nullable + latest language features are on by default.
-
Windows (.exe/.msi): Point WiX/MSIX/Inno/Advanced Installer at
.../win-x64/publish/with entrySecureSharp.UI.exe. Example (Inno Setup):[Setup] AppName=SecureSharp AppVersion=1.0.0 DefaultDirName={pf}\SecureSharp OutputBaseFilename=SecureSharp-Setup [Files] Source: "src\SecureSharp.UI\bin\Release\net10.0\win-x64\publish\*"; DestDir: "{app}"; Flags: recursesubdirs [Icons] Name: "{group}\SecureSharp"; Filename: "{app}\SecureSharp.UI.exe" -
macOS (.dmg):
mkdir -p SecureSharp.app/Contents/MacOS cp src/SecureSharp.UI/bin/Release/net10.0/osx-x64/publish/SecureSharp.UI SecureSharp.app/Contents/MacOS/ hdiutil create -volname SecureSharp -srcfolder SecureSharp.app -ov -format UDZO SecureSharp.dmg
Sign + notarize with your Developer ID.
-
Linux (.AppImage/.deb/.rpm): Wrap
.../linux-x64/publishwith your preferred packager (e.g., appimagetool orfpm). Entry point:./SecureSharp.UI.
- Unit/integration suite:
dotnet test tests/SecureSharp.Tests/SecureSharp.Tests.csproj- Coverage areas: onboarding + unlock, vault CRUD, transfers/backups, crypto/keystore bindings, settings/regression checks.
- Offline enforcement: runs automatically before every build via
Directory.Build.targets; build fails ifSystem.Net*is referenced. - Analyzer posture:
TreatWarningsAsErrors=true, nullable enabled,AnalysisLevel=latest. - Optional local checks:
dotnet format(code style) anddotnet build /p:RunAnalyzers=truefor quick static analysis.
- Bump version and changelog (if applicable); verify app icon and signing assets are current.
- Clean + rebuild:
dotnet cleanthen publish for each target RID. - Run tests:
dotnet test tests/SecureSharp.Tests/SecureSharp.Tests.csproj. - Verify offline gate: insert a dummy
using System.Net;locally to confirm the build fails, then revert. - Smoke test artifacts: launch each published binary, confirm onboarding, unlock, and backup/import paths offline.
- Package/sign: wrap outputs per platform (Inno/WiX/MSIX, dmg with notarization, AppImage/deb/rpm) and sign where required.
All vault data is stored under %AppData%\SecureSharp. Close the app, delete that folder (including vault/* and walkthrough.seen), then re-run onboarding to start fresh.
- Build fails with offline scanner: remove any
System.Net,System.Net.Http, orSystem.Net.Socketsreferences/imports. - First run on Unix: ensure
./build/SecureSharp.shis executable (chmod +x). - Publish size: single-file self-contained builds embed the runtime; disable
--self-containedif you prefer framework-dependent output. - Keystore errors on Linux: confirm a Secret Service provider (e.g., gnome-keyring) is running for the current session.