Client-side, open-source zero-knowledge encryption used by FileShot.io.
This repository contains the browser-based encryption system that powers FileShot’s zero-knowledge upload pipeline. All encryption occurs locally in the user’s browser via the Web Crypto API. FileShot servers never receive passwords, keys, or unencrypted data.
This ensures files stored and shared through FileShot remain unreadable by FileShot, third parties, attackers, or governments.
Zero-knowledge encryption ensures:
- Files are encrypted before they leave the browser.
- Decryption keys never leave the user’s device.
- FileShot servers store only encrypted blobs.
- No one, including FileShot, can decrypt user files.
All cryptographic operations are performed client-side using the Web Crypto API.
- Client-side zero-knowledge encryption.
- No accounts or identity required.
- No analytics, tracking, or fingerprinting.
- Keys and passwords never transmitted.
- Open-source encryption implementation.
- Servers store encrypted data only.
- Uploads up to 15GB per file.
- Secure, shareable links.
- Expiration settings from 1 hour to 30 days.
- Optional password protection.
- Anonymous download information.
- NVMe-backed high-speed infrastructure.
- Optional paid-access downloads.
- Up to 50% commission per download.
- Payments integrated without compromising encryption.
- Edit PDFs.
- Merge PDFs.
- Split PDFs.
- Compress PDFs.
- Convert PDFs to and from images.
- Video to MP4.
- Audio to MP3.
- Image format conversion (PNG, JPG, WebP, AVIF).
- Document conversion (PDF ↔ DOCX, TXT → PDF, etc.).
- Archive conversion (ZIP, TAR, 7Z when supported).
- Create ZIP, TAR, and 7Z archives.
- Extract ZIP, RAR, TAR, GZ, and 7Z.
- Image compression.
- Video compression.
- General file compression.
- File metadata inspection.
- SHA-256 hash generation.
- Secure local file deletion.
- Zero-knowledge encryption pipeline.
- Secure link signing.
- Client-side metadata handling.
- Private, self-hosted infrastructure.
- Modern high-performance UI.
- Web Crypto API for all cryptographic operations.
- Open
demo.html. - Select a file and encrypt it.
- Download the encrypted output.
- Decrypt using the same password.
<script src="zero-knowledge.js"></script>
<script>
const fileInput = document.getElementById('fileInput');
const file = fileInput.files[0];
const password = 'your-secure-password';
const result = await window.zeroKnowledgeEncrypt(file, password);
const decrypted = await window.zeroKnowledgeDecrypt(
encryptedBlob,
password,
originalFileName,
originalFileType
);
</script>- Key Derivation – A random salt is generated; a key is derived using PBKDF2 (100,000 iterations, SHA-256).
- Encryption – AES-256-GCM encrypts the file with a 12-byte IV.
- Upload – Only the encrypted blob is transmitted.
- Storage – Servers store encrypted blobs and encrypted metadata only.
- Download & Decryption – Recipients decrypt files entirely in-browser using the shared password.
- AES-256-GCM.
- PBKDF2 (SHA-256, 100,000 iterations).
- 16-byte salt.
- 12-byte IV for GCM.
- 256-bit keys.
fileshot-zke/
├── zero-knowledge.js
├── demo.html
├── README.md
└── LICENSE
- Encrypt and decrypt files.
- Validate metadata.
- Verify incorrect passwords fail.
Encrypts a file client-side.
Returns:
{
encryptedBlob: Blob,
metadata: {
originalName: string,
originalSize: number,
originalType: string,
encryptedSize: number
}
}Decrypts encrypted data client-side.
Returns: A Blob containing the decrypted file.
- Use strong, unique passwords.
- Share passwords securely.
- Lost passwords cannot be recovered.
- Keep browsers and systems up to date.
- Use HTTPS in production.
Users can verify:
- Client code matches this repository.
- Encryption runs entirely in the browser.
- No keys or plaintext leave the client.
Verification page: https://fileshot.io/verify-encryption.html
- Chrome 37+
- Firefox 34+
- Safari 11+
- Edge 12+
- Opera 24+
Report vulnerabilities privately to:
MIT License.
