Decrypt an Encrypted File
Received an encrypted .svault file, or coming back to one you protected earlier? This tool decrypts it entirely in your browser — the encrypted file, your password, and the decrypted result all stay on your device. Every chunk is integrity-checked before anything is written out, so a tampered or truncated file fails safely instead of producing silent corruption.
The actual tool runs in our ad-free secure workspace — nothing on this page processes your file.
Open Decrypt a File →What this tool does
- Decrypts files in the open .svault container format using your password or a one-time recovery key.
- Verifies the authenticated-encryption tag on every chunk, so tampering or truncation is detected before you get any output.
- Derives the decryption key locally with PBKDF2-HMAC-SHA-256 (600,000 iterations) — the password never leaves the page.
- Streams large files chunk by chunk instead of loading everything into memory at once.
- Tells you clearly whether a failure was a wrong password or a damaged file, so you know what to fix.
Your privacy on this tool
Stays on your device
- The encrypted file is opened and processed entirely in your browser.
- Your password or recovery key is used only for local key derivation and is never transmitted.
- The decrypted output is written straight to your device — we never see it.
Reaches our server: nothing
This tool makes no upload. Your content is processed entirely in your browser.
How to use it
- Open the decryption tool at /app/decrypt-file.
- Drop in the .svault file you want to unlock.
- Enter the password, or switch to recovery-key mode if you saved one.
- Start decryption — integrity checks run automatically as each chunk is processed.
- Save the decrypted file to your device and confirm it opens as expected.
Common uses
- Opening an encrypted document a colleague sent you along with a password shared over the phone.
- Restoring files from an encrypted backup you made before a laptop wipe or migration.
- Recovering access with a recovery key after forgetting the original password.
- Checking that an encrypted archive is intact and decryptable before you delete the plaintext originals.
Supported formats
- SecretPNG vault (.svault)
Runs in any modern browser with the Web Crypto API, including current Chrome, Edge, Firefox, and Safari.
Limitations & security notes
Limitations
- Only the SecretPNG .svault format is supported — this tool cannot open encrypted ZIPs, PGP files, or other vendors' formats.
- Without the correct password or the recovery key, decryption is impossible; there is no recovery service or backdoor.
- A file that fails its integrity check cannot be partially recovered — authenticated encryption is deliberately all-or-nothing per chunk.
- SecretPNG is in beta and not yet independently audited.
Security notes
- Integrity verification is not optional: every chunk carries an authentication tag, and decryption stops the moment one fails.
- A wrong password and a corrupted file are reported differently, so you will not waste time retyping a password against a damaged download.
- Decrypt sensitive files on a device you trust — the weakest link is usually the computer, not the cryptography.
- After decrypting, remember the plaintext copy on disk is unprotected; re-encrypt or delete it when you are done.
Frequently asked questions
- Can you decrypt my file if I lost the password?
- No. Decryption happens on your device with a key derived from your password or recovery key; we never hold either, and we never hold your file. If both the password and the recovery key are gone, the data is permanently unrecoverable. This is the honest trade-off of end-user encryption.
- What is a recovery key and where would I find mine?
- When a file is encrypted with SecretPNG, the person encrypting can optionally generate a one-time 160-bit recovery key — a long code meant to be stored separately from the password. If you were given one, it unlocks the file just like the password does. If none was generated, only the password works.
- Why does decryption fail with 'file damaged or modified'?
- Every chunk of a .svault file is protected by an authentication tag. That error means the ciphertext no longer matches its tags — the file was truncated in transit, corrupted on disk, or deliberately altered. Re-download or re-transfer the file and try again; the check exists precisely so you never trust corrupted output.
- Does the decrypted file get uploaded anywhere?
- No. The encrypted input, the key derivation, and the decrypted output all stay in your browser. Nothing about the file — contents, name, or even the fact that you decrypted it — is sent to our servers.
- Can I decrypt on my phone?
- Yes, any modern mobile browser works. Very large files are the main constraint — decryption streams in chunks to keep memory use flat, but saving multi-gigabyte outputs can still be awkward on some mobile operating systems.
Related tools
Was this tool helpful?
Last reviewed: 2026-07-14Open Decrypt a File
SecretPNG is in beta and has not been independently audited. Security status.