File Encryptor
Password-based AES-256-GCM encryption of any file. Fully local.
How to Use
- Drop the file you want to encrypt or decrypt.
- Enter a strong passphrase — long, random, memorable. Use a password manager if you can.
- Click Encrypt to produce a .enc file, or drop a .enc file and click Decrypt.
- Download the encrypted output and store it safely.
- To decrypt later, drop the .enc file and enter the same passphrase.
- Forgotten passphrase = permanently lost data. There is no recovery and no backdoor.
Security notes
Frequently Asked Questions
What encryption algorithm does this use?
<strong>PBKDF2-SHA-256</strong> with 250,000 iterations to derive a 256-bit key from your passphrase, then <strong>AES-256-GCM</strong> with a random 12-byte nonce for authenticated encryption. Both are well-vetted modern primitives implemented in browser-native Web Crypto API. The key derivation is intentionally slow to make brute-forcing weak passphrases harder.
What's the file format?
Magic header <code>UBX1</code> (4 bytes) + 16-byte salt + 12-byte IV + ciphertext + 16-byte authentication tag. Total overhead: 48 bytes plus the original file size. Files are tagged so any tampering or corruption is detected on decrypt — you'll get an error rather than silent garbage output.
What if I forget the passphrase?
<strong>Unrecoverable.</strong> AES-256-GCM with a strong key derivation has no shortcut — brute force is the only attack, and a 12+ character random passphrase takes longer than the age of the universe to crack with current technology. Use a password manager to store passphrases for important encrypted files. There is no recovery mechanism by design — backdoors would compromise the security guarantee.
How strong does my passphrase need to be?
Long is more important than complex. A passphrase of four random words from a large dictionary (e.g., 'correct horse battery staple') has more entropy than 'P@ssw0rd123!'. For sensitive files, aim for 12+ characters of mixed types or 5+ random words. Use a password manager to generate and store. Avoid quotes, song lyrics, or anything personal — those are the first things attackers try.
Is browser encryption as secure as desktop tools?
Yes — Web Crypto API uses the same primitives as OpenSSL, libsodium, and other audited libraries. The implementations are part of the browser, vetted by Google/Mozilla/Apple security teams. The remaining concerns are platform-level (a compromised browser, malicious extension, or compromised OS can defeat any in-browser encryption). For maximum security on critical secrets, use offline tools on a clean machine.
Should I use this for legal/compliance encryption?
For incidental privacy (encrypting backups before cloud upload, sharing files outside email), yes. For HIPAA, GDPR, FedRAMP, or similar formal compliance, you may need to use specifically-certified tools and go through formal security review. The cryptography here is solid; the question is whether your compliance regime requires audited specific software.
Common Use Cases
Encrypted cloud backups
Encrypt sensitive files before uploading to Dropbox, Google Drive, or any cloud — your provider gets a useless ciphertext blob.
Secure file sharing
Email or share an encrypted file freely; communicate the passphrase via a separate channel (Signal, voice).
Travel data protection
Encrypt sensitive documents before crossing borders — a customs officer can't compel a passphrase you don't recall under stress.
Long-term archival
Encrypt master copies of business records, family photos, or legal documents before storing in long-term cold storage.
Personal vault
Keep an encrypted blob of passwords, recovery keys, or sensitive notes — not as good as a password manager but useful as a backup.
Whistleblower protection
Reporters and sources can exchange encrypted documents with a one-time passphrase shared through a side channel.
Last updated: