All encryption happens in your browser. Your files never leave your device.

VaultKey

A browser-based file encryption tool that keeps your data private. Encrypt and decrypt files locally using zero-knowledge encryption — no files or passwords ever leave your device.

👨‍💻
Developer

Created by

Ujjwal Raghuvanshi

Building practical security tools for everyday use

Connect

EmailGitHubLinkedIn

© 2025 VaultKey. Built with React and Web Crypto API

Zero-knowledge encryption•Client-side only
VaultKey

How VaultKey Works

Understanding the security and encryption behind VaultKey

Zero-Knowledge Architecture

VaultKey operates entirely in your browser. Your files and passwords never leave your device. We cannot access, view, or recover your encrypted files or passwords.

Your privacy is guaranteed: All encryption and decryption happens locally in your browser using JavaScript. No data is sent to any server.
Encryption Technology

AES-256-GCM Encryption

We use AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode), the same encryption standard used by governments and financial institutions worldwide.

PBKDF2 Key Derivation

Your password is converted into a cryptographic key using PBKDF2-SHA256 with 250,000 iterations, making brute-force attacks computationally infeasible.

Random Salt & IV

Each encryption uses a unique random salt (16 bytes) and initialization vector (12 bytes), ensuring that encrypting the same file twice produces different outputs.

Password Best Practices
  • •
    Use at least 12 characters

    Longer passwords are exponentially harder to crack. VaultKey requires a minimum of 12 characters.

  • •
    Mix character types

    Combine uppercase, lowercase, numbers, and special characters for maximum strength

  • •
    Avoid common words and patterns

    Don't use dictionary words, names, dates, or predictable patterns. VaultKey analyzes password strength in real-time.

  • •
    Store passwords securely

    Use a password manager or write it down and store it in a physically secure location

Warning: If you lose your password, your encrypted files cannot be recovered. There is no password reset or recovery mechanism.
No Server Uploads

Unlike cloud-based encryption services, VaultKey never uploads your files to any server. All processing happens locally in your browser using the Web Crypto API.

What this means for you:

  • ✓ Complete privacy - no one can intercept your files
  • ✓ Works offline - no internet connection required after loading
  • ✓ Large file support - encrypt files up to 500MB
  • ✓ No account required - use VaultKey anonymously
Encrypted File Format

VaultKey uses a custom file format with a header that contains all the information needed for decryption (except the password). The file extension is .enc by default, or .dat in stealth mode.

File structure (Version 1):
• Magic bytes: "VK" (2 bytes) - File identifier
• Version: 0x01 (1 byte) - Format version
• Salt: 16 bytes - For key derivation
• IV: 12 bytes - Initialization vector
• Filename length: 4 bytes - Size of encrypted name
• Encrypted filename - Original file name
• Encrypted file data - Your file content
The encrypted filename and file data are authenticated with AES-GCM, preventing tampering. Any modification to the file will cause decryption to fail.
Additional Features

Backup Copy Option

Optionally create a plaintext backup of your original file alongside the encrypted version. This backup is saved with a .backup extension.

Stealth Mode

Stealth mode uses the .dat extension instead of .enc and hides the original file extension, making encrypted files less conspicuous.

File Size Limit

VaultKey supports files up to 500MB to ensure reliable browser performance. This covers most document, image, and video files.