CryptPad — End-to-End Encrypted Collaboration Suite

Introduction

CryptPad is a privacy-focused collaboration suite that encrypts all content client-side before it reaches the server. It provides real-time collaborative editing for documents, spreadsheets, presentations, code, forms, kanban boards, and whiteboards, all without the server ever seeing plaintext data.

What CryptPad Does

• Provides end-to-end encrypted real-time collaborative editing for multiple document types
• Supports rich text, spreadsheets, code, slides, kanban, forms, and whiteboard apps
• Stores encrypted data on the server so administrators cannot access user content
• Allows sharing via links with configurable read-only or edit permissions
• Includes encrypted file storage (CryptDrive) for personal and team resources

Architecture Overview

CryptPad is a Node.js application with a client-heavy architecture. All encryption and decryption happens in the browser using the NaCl cryptographic library. Documents are synchronized in real time via WebSocket using an operational-transform algorithm. The server stores only encrypted blobs and metadata hashes. The backend uses a flat-file storage system by default, with optional support for object storage.

Self-Hosting & Configuration

• Requires Node.js 16+ and a reverse proxy with WebSocket support
• Configure the instance in config/config.js for domain, storage paths, and limits
• Set up Nginx with the provided example config for HTTPS and WebSocket proxying
• Deploy via Docker using the official cryptpad/cryptpad image for simpler management
• Adjust storage quotas and registration settings for public or private instances

Key Features

• Zero-knowledge encryption ensures the server never sees document content
• Eight built-in applications cover most collaboration needs
• CryptDrive provides encrypted personal and team file storage
• Teams feature supports shared folders, access management, and chat
• Self-destructing pads allow temporary sharing with automatic deletion

Comparison with Similar Tools

• Etherpad — unencrypted text editor; CryptPad adds end-to-end encryption and multiple app types
• OnlyOffice — full office suite without built-in encryption; CryptPad prioritizes privacy
• HedgeDoc — collaborative Markdown without encryption; CryptPad encrypts everything client-side
• Nextcloud — broader cloud platform; CryptPad focuses specifically on encrypted collaboration
• Google Workspace — proprietary and managed; CryptPad is self-hosted with zero-knowledge design

FAQ

Q: Can the server admin read documents? A: No. All encryption keys are derived client-side. The server only stores ciphertext and cannot decrypt content.

Q: Does CryptPad support real-time collaboration? A: Yes. Multiple users can edit any document type simultaneously with changes synchronized in real time.

Q: What happens if a user loses their password? A: There is no password recovery since the server has no access to keys. Users should store their credentials securely.

Q: Can I integrate CryptPad with other tools? A: CryptPad is designed as a standalone suite. It supports embedding pads via iframe and basic API access for automation.

Sources

• https://github.com/cryptpad/cryptpad
• https://docs.cryptpad.org