Photo Locker — Encrypt & Password Protect Photos Online

Lock your photos behind a password using AES-256-GCM encryption — entirely in your browser. Nothing is uploaded. Your files never leave your device.

AES-256-GCM PBKDF2 · 200,000 iterations Zero uploads Works offline
📷
Click to browse or drag & drop photos here
JPEG, PNG, GIF, WebP, HEIC, BMP — multiple files OK

    How it works

    1. Pick your photos — Select one or more image files from your device. They stay in your browser memory only.
    2. Set a password — A 256-bit encryption key is derived from your password using PBKDF2-SHA-256 with a random 16-byte salt and 200,000 iterations.
    3. Encrypt — Each photo is encrypted with AES-256-GCM using a unique random 12-byte IV. The ciphertext, filename, MIME type, salt, and IV are bundled into a single .vault file (JSON envelope with base64-encoded data).
    4. Save the .vault file — Download it to your device, USB drive, or cloud storage. Without the password, the contents are unreadable.
    5. Decrypt anytime — Open the Unlock tab, load your .vault file, enter the password, and your photos are decrypted and displayed in-browser. Download individual photos or all at once.

    Frequently asked questions

    Are my photos uploaded to any server?
    No — never. This tool runs 100% in your browser using the built-in Web Crypto API. Your photos and password are processed locally in JavaScript and never transmitted over the network. You can even run it offline by saving this page. The tool has no back-end whatsoever.
    What encryption does Photo Locker use, and is it secure?
    AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode) is used for each photo. The key is derived from your password using PBKDF2-SHA-256 with a random 128-bit salt and 200,000 iterations — meaning brute-forcing a strong password is computationally infeasible. GCM mode also provides authenticated encryption: any tampering with the vault file will cause decryption to fail rather than produce corrupt output silently.
    What happens if I forget my password?
    There is no password recovery. By design, only someone who knows the password can decrypt the vault. The encryption is strong enough that there is no back door. Write your password down and store it securely — for example in a password manager.
    What file types can I lock?
    Any image file your browser can read — JPEG, PNG, GIF, WebP, HEIC, BMP, TIFF, SVG, and more. The vault stores the original filename and MIME type, so decrypted files are restored with the correct format and extension.
    How big can my photos be, and how many can I include?
    There is no hard limit enforced by this tool — it is bounded only by your device's available RAM, since all processing happens in memory. In practice, hundreds of photos or several gigabytes works fine on a modern device. For very large collections, encrypting in batches is recommended.