What is Ciphertext?

Ciphertext is the counterpart to plaintext. When an encryption algorithm processes plaintext with a key, the output is ciphertext — data that appears random and reveals nothing about the original content to anyone who does not possess the decryption key. The transformation is reversible only with the correct key.

Good ciphertext is indistinguishable from random data. Modern encryption algorithms like AES-256-GCM ensure that there are no detectable patterns, no statistical biases, and no partial information leakage in the ciphertext. An attacker examining the ciphertext cannot determine the length of the original message beyond a coarse range, the language it was written in, or any of its content.

Ciphertext is safe to store in untrusted environments — databases, cloud storage, or third-party servers — because its security depends on the key, not on the storage medium's access controls. This is the principle behind encrypting data at rest: even if the storage is compromised, the data remains protected as long as the key is secure.

How Vaulted uses Ciphertext

The only form of your secret that ever exists on Vaulted's server is ciphertext. When you create a secret, AES-256-GCM encryption in your browser transforms the plaintext into ciphertext, which is then base64url-encoded and stored in Redis along with the initialization vector. The server stores, serves, and deletes ciphertext without ever having the ability to decrypt it back to plaintext.