Encrypt File Without Uploading

AES-256-GCM encryption, entirely in your browser. Your file never leaves your device โ€” no upload, no server, no cloud. Works offline once the page loads.

AES-256-GCM encryption
Zero server contact
PBKDF2 key derivation
Works offline
๐Ÿ”’
Drop any file here or click to browse
๐Ÿ“„
Remember your passphrase. AES-256-GCM is designed to be unbreakable without the correct key. If you lose the passphrase, the file cannot be recovered โ€” not by this tool, not by anyone.

How it works

All cryptography runs inside your browser using the Web Crypto API โ€” a native, hardware-accelerated cryptography engine built into every modern browser. Nothing is sent over the network.

Key derivation (PBKDF2) Passphrase โ†’ PBKDF2-SHA-256 (310,000 iterations, random 16-byte salt) โ†’ 256-bit AES key
Encryption (AES-256-GCM) Random 12-byte IV + authenticated encryption โ†’ ciphertext + 16-byte authentication tag
Output format (.enc) salt(16) + iv(12) + ciphertext + tag(16) packed into a binary blob
Integrity guarantee GCM's authentication tag detects any tampering. A wrong passphrase or a modified file will fail with an explicit error โ€” never silently produce garbage output.

The original filename is stored in the encrypted payload so that decryption restores the exact original name. The .enc file you download is a self-contained binary blob โ€” send it anywhere, decrypt it on any device using this same page.

Frequently asked questions

Is my file really never uploaded anywhere?
Yes. The page uses only the browser's built-in Web Crypto API and the FileReader API. There are no network calls after the page finishes loading โ€” you can verify this in your browser's Network tab (DevTools โ†’ Network). If you are particularly cautious, save the page (Ctrl+S / โŒ˜S), disconnect from the internet, and use the saved copy offline. It will work identically.
How strong is AES-256-GCM encryption?
AES-256 is used by governments, banks, and security agencies worldwide to protect classified information. With a 256-bit key, a brute-force attack against the key itself is computationally infeasible even for nation-state adversaries. The GCM (Galois/Counter Mode) variant additionally provides authenticated encryption โ€” meaning any corruption or tampering of the ciphertext is detected and rejected. The practical security of the encrypted file depends almost entirely on the strength of your passphrase. Use at least 12 characters mixing letters, numbers, and symbols, or a random passphrase of 4+ words.
Can I decrypt the .enc file on a different computer or operating system?
Yes. The output is a plain binary file with a well-defined layout: a 16-byte PBKDF2 salt, a 12-byte AES-GCM IV, ciphertext, and a 16-byte GCM authentication tag โ€” all standard values. Bring your passphrase and open this same page in any modern browser (Chrome, Firefox, Safari, Edge) on any OS. You can also decrypt programmatically: the format is compatible with any AES-256-GCM + PBKDF2-SHA-256 library (e.g. Python's cryptography package, Node.js crypto, OpenSSL).
What is the maximum file size I can encrypt?
The limit is the available RAM in your browser tab, because the entire file must be loaded into memory. In practice, files up to several hundred megabytes work fine on modern hardware. Files approaching or exceeding 1 GB may trigger memory pressure in the tab. For very large files, consider splitting them before encrypting, or use a desktop tool like VeraCrypt or GPG for multi-gigabyte archives.
What if the decryption returns an error?
AES-256-GCM will always produce an explicit failure (rather than garbage output) if the passphrase is wrong, the file was modified after encryption, or the file is corrupted. Check that: (1) you are using the exact same passphrase โ€” it is case-sensitive; (2) the .enc file was transferred without corruption (some email systems may re-encode binary attachments); (3) you are using an .enc file produced by this tool rather than a different encryption program with its own format.