Encrypt / FAQ

Questions & answers

Does anything I encrypt get uploaded?

No. Text and file encryption happen entirely in your browser. The only feature that sends anything is the one-time secret — and it uploads only ciphertext the server can't read, never your key or plaintext.

Can you recover my passphrase or decrypt something for me?

No, and that's the point. We never receive your passphrase or keys, so there's nothing on our end to recover from. If you lose the passphrase or a private key, the data it protected can't be opened by anyone — including us.

How strong is the encryption?

Passphrase locking uses AES-256-GCM with PBKDF2 key stretching (250,000 iterations of SHA-256). Public-key messages use ECDH on curve P-256 into AES-256-GCM. These are standard, widely-audited primitives — the same class of cryptography behind HTTPS and password managers. The full method is on the How it works page.

How is a one-time secret different from just encrypting text?

Convenience and self-destruction. With a one-time secret there's no separate passphrase to deliver — the link is the secret — and it deletes itself after it's read, so it doesn't linger in an inbox or chat history. Use passphrase encryption when you want the recipient to keep the data; use a one-time secret to hand something over and have it disappear.

Could a link preview or chat app burn my secret before it's read?

No. Opening a one-time-secret link doesn't reveal anything automatically — the recipient has to click "Reveal the secret" first. Automated link unfurlers never take that step, so the secret survives for the human.

What's the largest file I can encrypt?

The tool works in your browser's memory, so very large files can strain the tab. It's built for documents, keys, and archives — roughly up to 80 MB. For big media, encrypt an archive of it, or use full-disk / file-container tools designed for that scale.

Does the recipient need an account, or this site, to decrypt?

No account, ever. To open passphrase or public-key output they'll use the matching tool here, but the container formats are documented on the How-it-works page, so nothing is locked to us. A one-time-secret link decrypts itself when opened.

Can I use this to hide illegal activity?

No. Encryption here exists to protect ordinary people's privacy and security. It isn't a shield for anything unlawful, and misuse isn't welcome. Our design keeps us from seeing your content — which also means we can't and won't manufacture it, but we cooperate with valid legal process to the minimal extent our architecture allows.

Is this related to the rest of Domainless?

Yes — it's part of the same privacy toolkit as the VPN, private search, and data removal. Encryption hides the content of what you store and send; those tools cover the connection, your searches, and your exposure. Together they're the point of J&G Studios: privacy tools run by a person, not sold by a broker.