SECURITY & PRIVACY

PassGeni is built on a simple principle:
we cannot misuse what we never have.

Your passwords are generated in your browser and never transmitted to our servers. Compliance certificates are cryptographically signed proofs — not copies of your credentials.

HOW IT WORKS

Zero-Knowledge Mode vs Certified Mode

Zero-Knowledge Mode
Password generated entirely in your browser
crypto.getRandomValues — FIPS 140-3 entropy source
No server call — PassGeni never sees the password
No record created anywhere
Password never leaves your device
Certified Mode
You request a compliance certificate
Client sends generation params only — NOT the password
Server validates params against the chosen standard
ES256 JWT signed and stored with metadata
Password is never transmitted at any point
CERTIFICATION SCOPE

What PassGeni certifies — and what it doesn't

CERTIFIES

A credential generated using PassGeni's engine with documented parameters — entropy source, character pool size, length, and compliance standard met. The certificate is proof that PassGeni's generation engine produced a credential with these properties at a specific point in time.

DOES NOT CERTIFY

External passwords typed or pasted by users. PassGeni cannot verify what it didn't generate. The generation session token mechanism enforces this — certificates require a server-signed token that can only be issued after PassGeni validates the generation parameters.

CERTIFICATE TRUST MODEL

How certificate verification works

01
Offline verification
No PassGeni server is required to verify a certificate. Fetch the public JWK once from passgeni.ai/.well-known/jwks.json, then verify the ES256 signature locally with any standard JWT library (jose, jsonwebtoken, etc.).
02
Public key published
PassGeni's signing public key is at passgeni.ai/.well-known/jwks.json in standard JWKS format. It can be fetched by any auditor, at any time, without authentication.
03
Unforgeable signatures
ES256 (ECDSA P-256 / SHA-256) — the private key never leaves PassGeni's servers. A certificate with a valid signature was issued by PassGeni. Any tampering with the certificate body invalidates the signature.
04
Online revocation status
Revocation is an online check — visit /cert/[id] for real-time status. Offline signature verification confirms authenticity only; it does not confirm the certificate hasn't been revoked by its owner.
THREAT MODEL

Threats and mitigations

Forged certificate
+
Certificate replay
+
Password extraction
+
Account takeover
+
SQL injection
+
CSRF
+
DATA STORAGE POLICY

What we store vs. what we never store

Certificate metadata (ID, compliance standard, entropy bits, generation params)
Account email address
Certificate view log (IP hash — not the IP itself)
Usage events (cert generated, revoked — for anomaly detection)
NEVER: Your passwords — ever, under any circumstance
NEVER: Plaintext credentials of any kind
NEVER: Password history
NEVER: Raw IP addresses (only a 16-char HMAC hash)
OPEN REVIEW

Certificate validation logic

The compliance validation engine and certificate signing logic are open for review on GitHub.

View on GitHub →
RESPONSIBLE DISCLOSURE

Found a vulnerability?

Please report security issues privately. We respond within 48 hours and credit researchers in our changelog.

security@passgeni.ai →