🛝Toolio
All tools

🔐 File Encryptor (AES-256)

Password-protect any file with military-grade AES-256-GCM encryption — 100% in your browser, nothing uploaded, nothing stored.

🗄️
Drop any file to encrypt, or click to browse
🔒 AES-256-GCM with PBKDF2 (200k iterations), 100% in your browser. Lose the password = the file is unrecoverable.

About

This tool uses the browser's native Web Crypto API to encrypt or decrypt files with AES-256-GCM, the same standard used by governments and security professionals. Your password is never stored; instead, it is stretched into a 256-bit key using PBKDF2 with SHA-256 and 200,000 iterations, making brute-force attacks extremely slow. Each encrypted file embeds a unique random salt and IV alongside the ciphertext under a recognizable magic header, so the tool can detect and decrypt it automatically. Because all cryptographic operations happen locally in JavaScript, your original file never leaves your device. The only protection for your data is the password you choose — if it is lost, there is no recovery path.

How to use

  1. Select Encrypt or Decrypt mode, then drop your file onto the upload area or click to browse.
  2. Enter a strong password. For encryption, confirm it a second time to avoid typos.
  3. Click Encrypt (or Decrypt). The Web Crypto API derives a key via PBKDF2 and runs AES-256-GCM entirely in your browser.
  4. Download the output file. Encrypted files carry a magic header so they are recognized automatically on decryption.
  5. Store your password safely — there is no reset, no recovery, and no backdoor if the password is lost.

FAQ

Is AES-256-GCM actually secure?
Yes. AES-256-GCM is an authenticated encryption standard approved by NIST and used worldwide by governments and industry to protect classified data. No practical attack exists against it when used with a unique IV, which this tool enforces.
What happens if I lose my password?
Your file is permanently unrecoverable. AES-256-GCM provides no backdoor, and the 200,000-iteration PBKDF2 key derivation makes brute-force practically impossible for any strong password. Keep a secure backup of your password.
Does my file get uploaded to a server?
No. All encryption and decryption runs in your browser via the Web Crypto API. Your file bytes never leave your device, and nothing is stored after you close the tab.
What file types can I encrypt?
Any file — documents, images, archives, videos, executables, or any binary. The tool treats every file as raw bytes, so the format does not matter.
Why does encryption take a few seconds before processing starts?
PBKDF2 deliberately runs 200,000 SHA-256 iterations to derive your key. This intentional slowdown makes automated password-guessing attacks expensive even if the encrypted file is obtained by an attacker.