How it works
encrypt.lu encrypts your files in the browser. Your password and keys never leave your device — we never see your files or keys.
Add your files
Drop files or choose them. You can add multiple files; they are packed into one encrypted bundle.
What would you like to do?
Choose whether you want to save an encrypted file on your device or create a shareable link.
How should we protect it?
Use a password or a random key. We derive the encryption key in your browser (Argon2id).
Encrypt in your browser
Encryption runs in your browser (XChaCha20-Poly1305). Nothing is sent to our server.
Result: Download your .enc file. Keep it and your password or key safe.
Configure the link
Choose how long the secure link is valid and how much time the recipient has to download the file. Click Advanced options to optionally protect the link with a password.
Encrypt in your browser
Encryption runs in your browser. We only store the encrypted blob; you get a time-limited link to share.
Result: Get a shareable link. The server only stores the encrypted file — not your password or key.
Client-side only
All encryption and key derivation occur entirely in your browser. Our server never receives your password, encryption key, or plaintext data.
When creating a secure link, the server only stores and serves the encrypted file.
How the secure link works
The decryption key is placed in the URL fragment — the portion after #.
The fragment is never sent to the server as part of HTTP requests. Only your browser processes it. As a result, the server never has access to the decryption key.
If you choose to protect the link with a password, the encryption key is first encrypted (wrapped) using that password. The wrapped key is then placed in the fragment. Only someone with the password can unwrap the key and decrypt the file.
Example:
- Note ID
- Created by the server when the encrypted file is uploaded. It identifies the file so the server can retrieve and serve it. The server sees this part of the URL.
- Fragment
- The portion after #. It contains the decryption key (or password-wrapped key). The fragment is never transmitted to the server.
How strong is the encryption?
We use Libsodium, a modern and widely deployed cryptographic library.
For encryption, we use XChaCha20-Poly1305, an authenticated encryption scheme based on the ChaCha20 stream cipher and Poly1305 message authentication. It provides confidentiality and integrity — encrypted data cannot be read or modified without detection.
We use 256-bit symmetric keys. This provides a high security margin against classical attacks and remains strong even under realistic post-quantum threat models (where symmetric security is reduced but not broken).
For password-based encryption, we use Argon2id, a memory-hard key derivation function designed to resist brute-force and hardware-accelerated attacks.
These primitives are widely studied, actively maintained, and considered state-of-the-art for symmetric encryption.
Limitations
The relay server (or anyone in possession of the encrypted .enc file) can observe ciphertext size and transfer timing.
Metadata — including original filename, exact file size, and chunk size — is encrypted. The metadata frame is padded to prevent leaking filename length.
File size remains partially observable to chunk-level precision. The final data chunk is zero-padded before encryption, preventing exact plaintext length leakage, but total ciphertext size still reveals approximate file size.