Encrypt / How it works

How it works

No hand-waving. Here is precisely what happens when you use each tool, which parts run on your device, and — just as important — what encryption does and doesn't protect you from.

Where the work happens

Every cryptographic operation on this site runs in your browser through the Web Crypto API, the same vetted engine your browser uses for HTTPS. Your passphrase, your keys, and your plaintext are handled entirely on your device. The server's only job is to serve these pages and — for one-time secrets — to hold a blob of ciphertext it has no way to read.

Passphrase encryption (Text & File)

When you lock something with a passphrase:

Because the salt and nonce are random every time, encrypting the same text twice yields two completely different blocks. There is no decryption backdoor and no passphrase recovery: if you lose the passphrase, the data is gone.

One-time secrets

This is the only tool that talks to the server, and it's built so the server stays blind:

A dump of our storage would reveal nothing but opaque bytes. The trade-off: anyone who has the full link can read the secret, so treat the link like the secret itself.

Key exchange (public keys)

The Keys tool uses ECDH on curve P-256. You publish a public key; a sender's browser generates a throwaway (ephemeral) keypair, performs an ECDH agreement with your public key to derive a one-off AES-256-GCM key, encrypts, and sends you the ciphertext plus the ephemeral public key. Only your private key can re-derive that AES key. This is the same ephemeral-static pattern used by tools like age.

What this protects — and what it doesn't

It protects: data sitting on someone else's server, files in a shared drive, a secret in transit through channels you don't control, a note you want read once. If the ciphertext leaks, it's useless without the key.

It does not protect against:

Lawful use

Strong encryption is ordinary, legal, and protective — it's what keeps banking, messaging, and medical records safe. These tools exist to protect real people's privacy. They are not a shield for anything unlawful, and we'll cooperate with valid legal process to the (deliberately minimal) extent our design even allows.