A secure, serverless, browser-based utility for encrypting and decrypting files on any computer.
PortaCrypt is a zero-installation, drag-and-drop file encryption tool designed for maximum portability and security. It runs entirely within a web browser, meaning you can carry it on a thumb drive and use it on any modern Windows, macOS, or Linux computer without needing to install any software. All cryptographic operations happen locally on your machine, ensuring your files and passwords are never sent over the internet.
- 🚀 Truly Portable: Runs from a single
index.htmlfile on a thumb drive. No installation or special software is required. - 💻 Cross-Platform: Works on any operating system with a modern web browser (Chrome, Firefox, Edge, Safari).
- 🔒 Strong Encryption: Utilizes the industry-standard AES-256-GCM algorithm via the browser's native Web Crypto API for authenticated encryption.
- 🔑 Secure Key Derivation: Passwords are never used directly. A strong cryptographic key is derived using PBKDF2 with 100,000 iterations to protect against brute-force attacks.
- 📁 Multi-File & Folder Support: Encrypt or decrypt multiple files or entire folders at once. The output is conveniently bundled into a single
.ziparchive. - 🌐 Serverless & Offline-Capable: No server is involved. All processing is done on the client-side. After the first use (which caches the UI libraries), it can function completely offline.
- ✨ Simple Interface: A clean, modern, drag-and-drop interface makes the tool intuitive and easy to use for everyone.
PortaCrypt is designed to be as simple as possible.
- Save the File: Store the
index.htmlfile on a portable storage device like a thumb drive. - Open on Any Computer: Plug the thumb drive into any computer and double-click the
index.htmlfile. It will open in the default web browser. - To Encrypt Files:
- Ensure the Encrypt mode is selected.
- Drag and drop your files/folder onto the upload area, or use the "Select File(s)" / "Select Folder" buttons.
- Enter a strong password (minimum 8 characters).
- Click the Encrypt & Download button.
- A
.encfile (or a.ziparchive containing multiple.encfiles) will be downloaded to your computer.
- To Decrypt Files:
- Select the Decrypt mode.
- Select the
.encfile(s) you wish to decrypt. - Enter the exact same password used for encryption.
- Click the Decrypt & Download button.
- Your original, decrypted file(s) will be downloaded.
This tool adheres to modern, robust cryptographic standards to ensure the integrity and confidentiality of your data.
- Encryption Algorithm: AES-256-GCM (Galois/Counter Mode). This is an authenticated encryption (AEAD) cipher, which means it protects against both eavesdropping (confidentiality) and tampering (integrity).
- Key Derivation Function: PBKDF2-SHA256.
- Iterations: 100,000
- Salt: A random 16-byte salt is generated for every encryption, ensuring that encrypting the same file with the same password results in a different output each time.
- Initialization Vector (IV): A random 12-byte IV is generated for every encryption, as recommended for AES-GCM.
- Engine: All cryptographic operations are performed by the browser's built-in and highly vetted Web Crypto API.
The output .enc files are structured in a specific way to be compatible with the original Python version and to contain all necessary data for decryption:
[ 16-byte SALT | 12-byte IV | 16-byte AUTH_TAG | ENCRYPTED_DATA ]
- Frontend: Plain HTML5, JavaScript (ES6+), and Tailwind CSS for styling.
- File Archiving: The JSZip library is used to create
.ziparchives directly in the browser when handling multiple files.
Your security is the primary design consideration.
- Client-Side Only: No files, passwords, or metadata ever leave your computer. The application logic runs entirely within your browser's secure sandbox.
- No Data Retention: The application does not store or remember any files or passwords after you close the browser tab.
- Password is Key: The security of your encrypted file is entirely dependent on the strength of your password. If you forget your password, there is absolutely no way to recover the file. This is a feature, not a bug.
This project was originally a Python-based web application using the Flask framework. It was re-engineered into a standalone client-side tool for the following reasons:
- Enhanced Portability: The Python version required the host machine to have a Python interpreter and specific libraries installed. The new JavaScript version runs on any machine with a modern web browser, fulfilling the goal of a true "run from a thumb drive" utility.
- Improved Security Posture: By eliminating the server backend, we remove an entire class of potential vulnerabilities. There is no server to attack or misconfigure.
- Simplicity: A single file is easier to manage, share, and verify than a multi-file project with server dependencies.
This tool is provided "as is" without warranty of any kind. Always keep a backup of your original, unencrypted files. The user is solely responsible for remembering their password and for the security of the data they encrypt.