File Encryptor — AES-256, No Upload
Encrypt any file with AES-GCM 256-bit encryption. Password-protected. Your files never leave your browser.
AES-GCM 256-bit
Bank and military-grade encryption. Unbreakable with current computing power.
PBKDF2 Key Derivation
200,000 iterations of SHA-256 makes password guessing computationally infeasible.
Encrypt & Decrypt
Encrypt any file type. Decrypt .enc files with the original password.
How the encryption works
The tool uses the browser's built-in Web Crypto API — no third-party encryption library is involved. Here's exactly what happens when you encrypt a file:
- 1
Random salt generated
A random 16-byte salt is generated using crypto.getRandomValues(). This ensures the same password produces a different key every time.
- 2
Key derived with PBKDF2
Your password and the salt are fed into PBKDF2 with 200,000 SHA-256 iterations to produce a 256-bit AES key.
- 3
Random IV generated
A random 12-byte initialization vector is generated for AES-GCM mode.
- 4
File encrypted
AES-GCM encrypts the file bytes using the derived key and IV. GCM mode also creates an authentication tag that detects tampering.
- 5
Output written
Salt + IV + ciphertext are concatenated into a single .enc file. The salt and IV are not secret — only the password is.
No password recovery exists — store it safely
There is no backdoor, no master key, and no recovery mechanism. If you forget the password, the file is unrecoverable. Use a password manager or write the password somewhere secure before encrypting important files.
Frequently asked questions
How strong is AES-GCM 256-bit encryption?
AES-GCM 256-bit is the encryption standard used by banks, governments, and the military. Brute-forcing a 256-bit key would take longer than the age of the universe with any foreseeable computing power. The GCM mode also provides authentication — it detects if the encrypted file has been tampered with.
What is PBKDF2 and why does it matter?
PBKDF2 (Password-Based Key Derivation Function 2) converts your password into a cryptographic key by running it through 200,000 iterations of SHA-256 hashing. This makes brute-force and dictionary attacks extremely slow — an attacker testing one million passwords per second would take centuries to crack a 12-character password.
What happens if I forget my password?
There is no password recovery. The encrypted file cannot be decrypted without the exact password. There is no backdoor, no recovery key, and no way for us to help — we never see your file or password. Store your password safely before encrypting important files.
What file types can I encrypt?
Any file type — documents, images, ZIP archives, videos, databases, anything. The encryptor treats the file as raw bytes and encrypts the entire contents regardless of format.
Are my files uploaded to a server?
No. Encryption uses the browser's built-in Web Crypto API which runs entirely on your device. Neither the file nor the password is ever transmitted over the internet.
What is the .enc file format?
The encrypted file is a binary blob containing a random 16-byte salt, a random 12-byte IV (initialization vector), and the AES-GCM ciphertext — all concatenated together. Only this tool (or any AES-GCM 256-bit implementation using the same key derivation) can decrypt it with the correct password.