Frontend key generation
Your encryption key pair is created before the backend sees any registration payload.
SecureEnv derives a master key from your master password in the browser, encrypts your private encryption key locally with AES-256-GCM, and sends only safe registration data to the backend.
The backend will receive only: `email`, login `password`, `publicEncryptionKey`, `encryptedPrivateEncryptionKey`, and `userSalt`. It will not receive your `masterPassword`, derived `masterKey`, or plaintext private key.