# ctx.cat Security Model

ctx.cat private shares are zero-knowledge by default: content and metadata are
encrypted before upload, and decrypt keys remain in URL fragments.

Hosted ctx.cat does not sign plaintext user content. `CTX_CAT_ENABLE_REMOTE_SIGNING`
defaults to disabled, so `/signing/sign` is only for local, self-hosted, or
explicitly trusted deployments.

Author signatures should be created by local clients such as `ctxcat` or
`ctxcat-mcp`. Server provenance receipts cover hashes only: signature envelope
version, content hash, metadata hash, public key fingerprint, GitHub username
claim, author signature timestamp, and backend receipt timestamp.

Private owner URLs use `#key=<decryptKey>&owner=<ownerCapability>`. Legacy
reader URLs using `#<decryptKey>` still load. The owner capability authorizes
encrypted edits, deletion, expiration changes, and owner-marked encrypted
comments.