Link37 uses the famous openpgpjs algorithm (used by Proton) to do the end-to-end encryption. See what is PGP here.
When you signup:
1. Your device generates a public & private key pair.2. Then your device encrypts the private key with your password;3. Then your device sends your username, public key, encrypted private key to server;Your password never leaves your device!!! Most websites send your password in plain text to their server, like Google, Facebook etc.
When you sign in:
1. Your device makes a request with your username to get your public key, encrypted private key, and a challenge encrypted with your public key;2. Your device decrypts the encrypted private key with your password;3. Then it uses the decrypted private key to decrypt the challenge, and send the decrypted challenge to server;4. Server checks if the challenge is solved, if yes, it will return an access token and a refresh token back to your device, and you are logged in. So again, your password never leaves your device!!!
When you create / update a page / link:
1. Your device generates a strong password;2. Then your device encrypts the page's / link's name, link, description with this password;3. Then your device encrypts this password with your public key;4. Then your device sends the encrypted contents to server, which will be saved in database;
When you make a page public:
1. Your device decrypts the password for this page with your private key, and sends the plain text password to server, which will be saved in database;2. When someone views this public page, he / she decrypts this page and its links with the plain text password, then he / she can view the page content;