I'm sad that Passopolis/Mitro hasn't gotten more love after the Mitro team open sourced it, and We Are Wizards took it over. Mitro was great before Twitter acquired the team behind it. Sadly, Passopolis has never bothered to get the Android client working again. I looked at building it myself, but the toolchain is ancient by Android standards..
Mitro uses Google's Keyczar on the server and Keyczar JS implementation on the browser.
Master key is a 128-bit AES key derived using PBKDF2 (SHA-1; 50000 iterations; 16 salt bytes)
RSA with 2048-bit keys using OAEP-SHA1 (separate signing and encryption keys)
AES with 128-bit keys in CBC mode with PKCS5 padding
All encrypted data includes a MAC (HMAC-SHA1)