# Source Locker

Luarmor by default, does not store the source code. However, if you use **Source Locker** feature, you will be able to encrypt the script with a private key & upload it to Luarmor. \
\
If you ever lose access to your source code on your PC, you will be able to recover all sources through the locker. This encryption & decryption process runs entirely on your browser, and server will never know what the raw content is. 

For the cryptographic implementation, refer to the scheme below.

<figure><img src="https://3136584356-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwOpQH2LpMjsOwgeFM5gE%2Fuploads%2FwtbhG8BlsRsAQKXoYoKq%2Fimage.png?alt=media&#x26;token=238c39d1-7747-4f73-8bc1-198c3e0dfba3" alt=""><figcaption></figcaption></figure>

This implementation ensures that the "private RSA key" is only decryptable via the 108-bit master seed, which is only shown once to the user during setup process, and never stored anywhere in browser storage.

{% hint style="warning" %}
The "108 bit seed" is used as a seed for the derivation algorithm "PBKDF2" with 100k SHA256 iterations, "AES" stands for "AES-GCM" with 256 bit key length in this context. There is also a seeding mechanism involved, but it has no meaningful effect on the process.
{% endhint %}

<figure><img src="https://3136584356-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwOpQH2LpMjsOwgeFM5gE%2Fuploads%2FscxT1g3rVIO5nwDr8fuB%2Fimage.png?alt=media&#x26;token=1a53d3e7-dab4-4d77-bf47-554374a30401" alt=""><figcaption></figcaption></figure>

**RSA Public Key** (created during the setup process) is used to **encrypt the AES-GCM seed** that's responsible from the **encryption of the actual script data** including:

* File name&#x20;
* File size (how many bytes)
* Time
* File Content

Metadata and file content is encrypted in browser, which means that server has no way to verify their authenticity. Therefore you should **keep in mind** that if you're sharing your API key with other people, they can technically manipulate file name, file content and file size during the upload process. And it will appear "normal" to the server.

<figure><img src="https://3136584356-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwOpQH2LpMjsOwgeFM5gE%2Fuploads%2F1FGp19zbvjlSdx9ZLEky%2Fimage.png?alt=media&#x26;token=9a354e53-64e3-4524-bf11-615ce95dad28" alt=""><figcaption></figcaption></figure>

The actual implementation is a bit more complicated than this, where a "proof" mechanism and a 2FA control mechanism are involved before serving the actual encrypted file data. There is also a on-the-fly key generation to avoid storing private key within browser storage. Instead, it stores a "temp\_key" to decrypt the private RSA key stored in server in an **encrypted form.**&#x20;

**All of this implementation can be audited @** [**https://luarmor.net/locker\_api.js**](https://luarmor.net/locker_api.js)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.luarmor.net/source-locker.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.