Capsule

An open standard for secure, client-side article encryption

โšก

Easy & Fast

Simple integration with any web stack. Pre-encrypt content at build time, decrypt instantly in the browser.

๐Ÿ”’

Secure by Design

Uses Web Crypto API with envelope encryption. Private keys never leave the browser, stored with extractable: false.

๐ŸŒ

Open Standard

Language-agnostic specification. Implement in any languageโ€”Node.js, PHP, Python, or Go.

๐Ÿ”Œ

No Dependencies

Works independently of CMS, authentication, or permission systems. Pure encryption, nothing else.

How It Works

1

Pre-encrypt Content

Server encrypts articles with AES-256-GCM keys per subscription tier

โ†’
2

Embed in HTML

Encrypted content embedded in page, works offline and with caching

โ†’
3

Key Exchange

Browser sends public key, receives wrapped decryption key

โ†’
4

Decrypt Locally

Client decrypts content using cached keys, even offline

Get Started

Try the DemoRead the SpecClient Documentation