Encrypt a File in Your Browser
SecretPNG encrypts files entirely inside your browser, so the file you protect never travels to a server. Your password is run through PBKDF2-HMAC-SHA-256 with 600,000 iterations to derive an AES-256-GCM key, and the output is a portable encrypted file you can store or send anywhere. There is no account to create and nothing to install.
The actual tool runs in our ad-free secure workspace — nothing on this page processes your file.
Open Encrypt a File →What this tool does
- Encrypts one or more files with AES-256-GCM using a key derived from your password via PBKDF2-HMAC-SHA-256 (600,000 iterations).
- Generates a unique random salt for every file, so the same password never produces the same key twice.
- Processes files in chunks with authenticated encryption, so tampering or truncation is detected at decryption time.
- Writes output in the open, documented .svault container format — you are not locked into this site to get your data back.
- Optionally creates a one-time 160-bit recovery key you can store separately in case you forget the password.
- Works offline once the page has loaded, because no server is involved in the encryption itself.
Your privacy on this tool
Stays on your device
- The file you select is read and encrypted entirely in your browser's memory.
- Your password never leaves the page — key derivation happens on your device.
- The encrypted result is saved directly to your computer; no copy is transmitted or retained anywhere.
- No analytics event contains your file contents, file names, or password.
Reaches our server: nothing
This tool makes no upload. Your content is processed entirely in your browser.
How to use it
- Click through to the encryption tool at /app/encrypt-file.
- Drag in the file (or files) you want to protect, or browse to select them.
- Choose a strong password — the built-in strength meter will flag weak choices.
- Optionally generate a one-time recovery key and store it somewhere separate from the password.
- Start encryption and wait for the progress bar; large files are processed in chunks.
- Download the resulting .svault file and verify you can decrypt it before deleting the original.
Common uses
- Encrypting tax returns or financial statements before attaching them to an email.
- Protecting a scan of your passport or ID before storing it in a cloud drive you do not fully trust.
- Securing client deliverables that must cross an untrusted network or USB stick.
- Locking medical records before sharing them with a family member over a messaging app.
- Adding a layer of encryption to backups stored with a third-party provider.
Supported formats
- Any file type as input
- Output: SecretPNG vault (.svault)
Works in current versions of Chrome, Edge, Firefox, and Safari on desktop and mobile — any browser with the Web Crypto API.
Limitations & security notes
Limitations
- If you lose both the password and the optional recovery key, the file is permanently unrecoverable — there is no reset or backdoor.
- The recipient needs the decryption tool (or any implementation of the open .svault format) plus the password; it is not a self-opening file.
- Encryption protects the file contents, not your device — malware on your computer could capture the password as you type it.
- Very large files depend on your device's memory and disk; the tool chunks its work, but a low-end phone may struggle with multi-gigabyte inputs.
- SecretPNG is in beta and has not been independently audited yet.
Security notes
- AES-256-GCM provides authenticated encryption: if anyone flips a single bit of the ciphertext, decryption fails loudly instead of returning corrupted data.
- PBKDF2 with 600,000 iterations makes password guessing expensive, but it cannot rescue a genuinely weak password — use a long passphrase.
- Each file gets its own random salt, which prevents precomputed (rainbow-table) attacks and keeps identical files from producing identical ciphertext.
- The .svault format is documented publicly, so your data is not held hostage by this tool's continued existence.
- Send the password through a different channel than the file itself — never in the same email.
Frequently asked questions
- Is my file uploaded to a server?
- No. The file is read and encrypted inside your browser using the Web Crypto API. You can open your browser's network inspector during encryption and confirm no file data is transmitted. The encrypted output is saved straight to your device.
- What encryption does this actually use?
- AES-256-GCM for the encryption itself, with your key derived from your password using PBKDF2-HMAC-SHA-256 at 600,000 iterations and a unique random salt per file. GCM is an authenticated mode, meaning tampering is detected rather than silently accepted.
- What happens if I forget my password?
- If you created the optional one-time recovery key and still have it, you can decrypt with that. If you have neither the password nor the recovery key, the file cannot be recovered — by you, by us, or by anyone else. That is a deliberate property of the design, so store your password carefully.
- Can the recipient open the file without SecretPNG?
- The output uses the open, documented .svault container format, so any software that implements the specification can decrypt it. In practice most recipients will use the free decryption tool on this site, which also runs entirely in their browser.
- Is this safe enough for genuinely sensitive documents?
- The cryptography is standard and conservative: AES-256-GCM and PBKDF2 are widely deployed, well-studied primitives. That said, SecretPNG is in beta and has not been independently audited, so if your threat model is severe — legal discovery, nation-state attention — use an audited offline tool instead and treat this as a convenience layer.
- Does encrypting a file hide its name or size?
- The single-file tool encrypts contents; the output file's size still roughly reflects the input size, and you choose the output filename yourself. If you need filenames hidden too, use the encrypted vault tool, which encrypts names and folder structure inside the container.
Related tools
Last reviewed: 2026-07-14Open Encrypt a File
SecretPNG is in beta and has not been independently audited. Security status.