Skip to main content

Introduction to Document Vault

The Hadinet Document Vault is an end-to-end encrypted document storage system that gives individuals full control over their sensitive documents. Built on IPFS for decentralized storage and secured with AES-256-GCM encryption inside Trusted Execution Environments (TEEs), the vault ensures that only you can access your documents -- no one else, not even Hadinet.

Why a Document Vault?

Identity verification generates documents. Passports, national IDs, bank statements, university transcripts, and medical records are all part of the identity ecosystem. Traditional systems store these documents in centralized databases controlled by third parties, creating honeypots for data breaches and leaving users with no sovereignty over their own records.

The Document Vault solves this by placing document storage under the user's cryptographic control. Documents are encrypted before they leave your browser session, stored on IPFS through a private gateway, and can only be decrypted by you through your wallet's cryptographic keys.

Supported Document Types

The vault supports a wide range of document categories relevant to identity and financial verification:

CategoryExamplesUse Cases
IdentityPassport, National ID, Driver's License, BVN SlipKYC verification, age proof, citizenship proof
FinancialBank Statements, Tax Returns, Pay Slips, Utility BillsIncome verification, address proof, financial compliance
EducationUniversity Transcripts, Diplomas, CertificatesCredential verification, employment screening
LegalCourt Orders, Affidavits, Power of Attorney, ContractsLegal proceedings, authorization proof
MedicalVaccination Records, Medical Reports, Insurance CardsHealthcare access, travel requirements

Security Properties

PropertyImplementationGuarantee
Encryption at restAES-256-GCM with unique key per documentDocuments are ciphertext on IPFS; unreadable without your key
Key derivationPBKDF2 with unique salt per documentKeys are derived deterministically from your wallet; never stored
Key isolationTEE-based encryption and decryptionKeys only exist inside the hardware enclave during operations
Storage decentralizationIPFS via Pinata private gatewayNo single point of failure for file availability
On-chain metadataCartesi rollup on ArbitrumTamper-proof record of document existence and type
Access controlWallet-based authenticationOnly the wallet that uploaded a document can decrypt it
DeletionIPFS unpinning + on-chain soft deleteDocuments can be made permanently inaccessible

How It Differs from Cloud Storage

Unlike Google Drive, Dropbox, or iCloud, the Document Vault:

  • Never sees your documents in plaintext. Encryption happens inside the TEE before the file reaches IPFS. Hadinet infrastructure cannot read your files.
  • Uses your wallet as the key. There are no passwords to forget or reset. Your wallet's cryptographic identity is the key to your vault.
  • Stores nothing centrally. Files live on IPFS. Metadata lives on-chain. There is no central database to breach.
  • Supports verified and self-attested documents. Documents verified by institutional attestors carry cryptographic proof of their authenticity, while self-uploaded documents are stored with equal security but without third-party attestation.

Architecture at a Glance

User Browser --> TEE Attestor --> [AES-256-GCM Encryption] --> IPFS (Pinata)
                     |
                     v
              On-chain Metadata (Cartesi Rollup / Arbitrum)
  1. The user selects a file and document type in the vault interface.
  2. The file is sent to the TEE attestor over a secure channel.
  3. Inside the TEE, the attestor derives an encryption key using PBKDF2 with a unique salt.
  4. The file is encrypted with AES-256-GCM and uploaded to IPFS via the Pinata private gateway.
  5. The IPFS content identifier (CID), document type, encryption salt, and timestamp are recorded on-chain.
  6. The encrypted file is retrievable only through the private gateway, and decryptable only inside the TEE with the user's wallet signature.

Next Steps