Browser Extension

How does the Sprouted browser extension work?

After installing the browser extension, log into Sprouted, right-click the extension icon in your browser, and choose the Options menu item. Enter your encryption key in the form that is presented. This must be the same key that you use to encrypt user data before calling the Sprouted API.

How do I send encrypted data to Sprouted?

For instance, if you want to encrypt the user's name you first encrypt the name on your end (usually on your server), and you send the encrypted payload to the Sprouted API. The "encrypted_fields" attribute must contain the name of the field you have encrypted e.g. "encrypted_fields": "full". The encryption key you use on your end must be the same key you've entered in the browser extension's options page.

Is my secret key safe?

Neither the Sprouted site nor any other browser extensions you may have installed are able to access the encryption key from the extension's local storage. Data isolation is a safeguard that is built into the browser extension framework.

What happens if I lose the encryption key?

Since Sprouted is unable to read your encrypted data you would lose access to the user data. However, if this happens you would still have the core of your user data stored on your end.

Which encryption algorithm is used?

Sprouted uses symmetric-key cryptography based on Libsodium.

Is the extension open source?

Yes, the source code is here:

Where can I find the browser extension?

The Chrome extension can be installed from the Chrome Web Store. Versions for Firefox and IE Edge are in the works.