en

Encrypt file

Encrypt one or more files locally in your browser with AES-256-GCM and a password. The file(s) and the password never leave your device. No upload.

Password

Your files

    Running locally on your device ...

    0%

    Your files never left your device

      Is my file uploaded?

      No. Everything runs in your browser - your file never leaves your device. How this is verifiable

      No upload100% local
      Your content stays with youno third-party access
      Servers in GermanyGDPR by design
      Independently auditedTLS A+ · HTTP headers A+

      Some files should only be seen by people who know the password: a contract, an ID scan, a spreadsheet of private numbers. This tool encrypts one or more files with AES-256 in GCM mode and wraps each of them in its own .gxenc file that, without your password, is nothing but random noise.

      Your password is turned into a key via PBKDF2 with 250,000 rounds; every file gets a fresh random salt and a fresh initialisation vector, even when you drop several files in one go. GCM mode also appends an authentication tag, so a file that was altered or corrupted afterwards is honestly rejected on decryption instead of producing half-broken garbage.

      The crucial point: the entire encryption runs on your browser’s native Web Crypto interface, with no server and no library from a foreign CDN. If you drop several files at once, the one password you enter applies to ALL files in that run - if individual files need a different password, encrypt them in a separate run. Choose a strong, unique password and share it over a different channel than the file. There is no back door: a lost password cannot be recovered by anyone, not even us.

      Specifications

      Specifications
      Output formatGXENC
      Batch processingYes
      ProcessingLocally in your browser (JavaScript)
      File uploadNone

      In 3 steps

      1. Drop one or more files.
      2. Set a password (applies to every file dropped in this run).
      3. Download the encrypted .gxenc file(s).

      Limitations: Protects the content with AES-256-GCM; the original file name and exact size cannot be read from the .gxenc file, though its approximate length can. With several files in one run, the same password applies to all of them - each file still gets its own random salt and initialisation vector. Decryption only works with the same password and only via the matching "Decrypt file" tool - a forgotten password cannot be recovered by anyone.

      FAQ

      Is the file or the password uploaded?

      No. Encryption and password stay entirely local in the browser - which is the whole point of this tool.

      Which method is used?

      AES-256 in GCM mode; the key is derived from your password via PBKDF2 (SHA-256, 250,000 rounds) with a random salt.

      What if I forget the password?

      Then the files can no longer be decrypted. There is no back door and no reset - keep the password safe.

      Which file types can I encrypt?

      Any type at all - the tool treats every file as raw bytes, whether it is an image, PDF, ZIP or spreadsheet.

      How do I decrypt the file again?

      With the "Decrypt file" tool and the same password. The .gxenc file carries everything needed inside it.

      Can I encrypt several files at once?

      Yes. Drop several files in one run; each gets its own .gxenc file with its own salt and initialisation vector. Important: the one password you enter then applies to ALL files in that run.

      Related tools