Skip to content

← All tools

File Encryptor

Password-protect any file with AES-256-GCM encryption, entirely in your browser. Unlike services that encrypt a file after you upload it, here the file and password never leave your device. Encrypt to a .enc file to share, and decrypt it back with the same password.

New to this? Read the file encryptor guide →

The file is encrypted with AES-256-GCM and a key derived from your password with PBKDF2-SHA-256 (250,000 iterations), entirely in your browser using the Web Crypto API. Nothing is uploaded — unlike services that "encrypt" a file after you upload it, here the file and password never leave your device. To decrypt, you need this tool (or the format) and the password.

How to use the file encryptor

  1. Choose (or drag in) the file you want to protect and enter a strong password.
  2. Press Encrypt to download a .enc file. Send that file however you like; share the password separately, through a different channel.
  3. To recover the original, load the .enc file, enter the same password and press Decrypt — the original file (and its name) are restored.

How the encryption works

Your password is stretched into a 256-bit key with PBKDF2 (250,000 SHA-256 iterations and a random salt), which makes brute-forcing the password far slower. The file — and its original filename — are then encrypted with AES-256-GCM, an authenticated cipher: if the password is wrong or the file has been tampered with, decryption fails cleanly rather than returning garbage. The output is the salt, the random nonce and the ciphertext, so the same password on the same file still produces a fresh, unique result each time.

Sharing safely

Encryption is only as strong as the password and how you share it. Use a long, random passphrase, and never send the password alongside the file — put the file in email and the password in a text message, or use the password generator plus a separate channel. For the wider picture on sharing secrets, see how to share a password securely.

Frequently asked questions

Is my file uploaded to encrypt it?

No. The file is encrypted in your browser with the Web Crypto API — it never leaves your device. You can disconnect from the network after the page loads and encryption still works. That is the key difference from services that encrypt a file only after you upload it.

What encryption does it use?

AES-256-GCM, an authenticated cipher, with a 256-bit key derived from your password using PBKDF2-SHA-256 and 250,000 iterations plus a random salt. The original filename is encrypted too, and a random nonce means the same file encrypts differently each time.

What happens if I forget the password?

The file is unrecoverable — there is no backdoor or reset, which is what makes the encryption meaningful. Store the password in a password manager, and share it separately from the encrypted file.

How big a file can I encrypt?

It works entirely in memory, so practical size is limited by the RAM on your device — great for documents, archives and keys, less suited to multi-gigabyte media.

Related reading

Related tools