Caja Fuerte

About

Caja Fuerte keeps your private links in an encrypted, local-only vault. Each URL and title is encrypted with AES-256-GCM (key derived with PBKDF2-SHA256,
  600,000 iterations), held in memory only. No account, no server, no sync, no tracking — everything stays in your Firefox profile.

  **Features**

  • **Decoy (duress) password** — a second password that opens a separate, innocuous set of bookmarks. If forced to unlock, hand over the decoy while your
  real entries stay encrypted. Plausible deniability of content, not a hidden volume.

  • **Auto-expiring entries** — set an expiry date or a maximum number of opens; the record is deleted on the next unlock. An app-enforced auto-tidy, not
  guaranteed unrecoverable destruction.

  • **Scheduled reveal** — keep an entry hidden until a date you pick. A display rule, not a cryptographic seal.

  • **Serverless encrypted sharing** — turn a link into a self-contained encrypted code and QR. The recipient needs both the code and a separate passphrase,
  sent through a different channel. Nothing touches any server.

  • **Encrypted backup** — export the whole vault to a file encrypted under a passphrase you choose, and restore it on a fresh install or new device. The
  backup never contains plaintext.

  • **Display ciphers** (Morse/Binary/Caesar/Atbash) — cosmetic only; AES-256-GCM is the real protection.

  • **Auto-lock** after a configurable inactivity timeout (default 5 minutes).

  • Available in **7 languages**.

 There is no password recovery — if you forget your master password, the data cannot be decrypted. The expiry and scheduled-reveal features are app-level
  conveniences, not a replacement for full-disk encryption.