Encrypt/decrypt data exclusively on the client side. Do not transmit any data in cleartext to the server, as well as no keys. All client code must be open and auditable. No other way.

I agree with OnYourLips in my program, I received an md5 hash from the password, from this hash I received a hash using a different algorithm (slow and crypto-resistant), from the received hash I did the hash function N more times (so that the whole process takes at least 1 second) and only the result of this all used as a decryption key with 512 bit RSA. The speed of generating a "heavy" key gives free protection against enumeration, because this process will simply take a lot of time if you have to spend a whole second of computing power on 1 key. Now I'm afraid to forget the password :) I'm sure that if I forget to restore the data, it will definitely not work :)

but at the same time, reliable data storage systems and personnel - remember that absolutely all hacks are the result of hackers working with real people who somehow have the data of interest! If this is data that the user himself stores on his equipment and in his location, then security depends only on his actions with this data in accordance with your instructions. in case of violation, he is the user himself (or maybe he needs it) !!!