PBKDF2 with 120,000 SHA-256 iterations and a random 128-bit salt
🔒
Encryption
AES-256-GCM with a random 96-bit IV — authenticated encryption, tamper-proof
💻
100% offline
All crypto runs in your browser using the native Web Crypto API. Nothing is uploaded.
About File Encryption
File Encryption tool encrypts and decrypts files in your browser using AES-256-GCM, the same authenticated encryption standard used by TLS, Signal, and government-grade security systems. The encryption key is derived from your passphrase using PBKDF2 with 100,000 iterations, making brute-force attacks impractical. All cryptographic operations run locally — your files and passphrase never leave your device.
How it Works
1Select the file you want to encrypt and enter a strong passphrase.
2PBKDF2 derives a 256-bit AES key from your passphrase using a random salt.
3AES-256-GCM encrypts the file data and generates an authentication tag to detect tampering.
4The encrypted file (with salt, IV, and ciphertext) is downloaded. To decrypt, upload the .enc file and enter the same passphrase.
Frequently Asked Questions
Is AES-256-GCM actually secure?
Yes. AES-256-GCM is an authenticated encryption scheme that provides both confidentiality (nobody can read the data without the key) and integrity (any tampering with the ciphertext is detected). It is approved by NIST, used in TLS 1.3, and considered secure against all known classical attacks including those by nation-state adversaries.
What happens if I forget my passphrase?
There is no recovery mechanism. Encrypted files cannot be decrypted without the original passphrase. This is a fundamental property of strong encryption — keep your passphrase in a password manager or other secure location.
Can I encrypt any file type?
Yes. The tool treats every file as binary data and encrypts the raw bytes regardless of format — documents, images, archives, executables, everything. The decrypted file is byte-for-byte identical to the original.
Does the encrypted file contain any metadata about the original file?
The encrypted output contains the PBKDF2 salt, AES-GCM IV (initialisation vector), and authentication tag needed for decryption, plus the ciphertext. The original filename is preserved in the download name (with .enc appended). No other metadata is included.