Passphrases are case sensitive, for example the sender might have encrypted all in lower case but inadvertently texted you the Passphrase making the first letter a capital, check with the sender of message if your passphrase is rejected.

We use AES 256 Symmetric encryption from the OpenPGP.js library, All encryption / decryption happens in the browser, not on the server; this is the definition of "end to end encryption", Your Passphrase or Password is never transmitted to the server.

A AES 256 hash of your Passphrase is transmitted to the server and compared with a stored hash to verify your access to the encrypted file. Once you are authenticated, the encrypted file is retrieved and shown in the browser. The hash is a one way process, it cannot be reversed to obtain the Passphrase. Because we don't store your Passphrase / password we cannot help if you forget it.

Encrypted files are stored using amazon S3 and are inaccessible without a key.
A temporary key is created to obtain the file useing the latest recommended method - Amazon S3 Signature Version 4 Authentication to protect your files, which are always encrypted by the sender in the browser before sending.
For example the web url of the file you want to decrypt is stored here: https://kodamail4.s3.amazonaws.com/
.txt
without the correct authentication you will receive an 'Access Denied' message.