How does EasySend encryption work?

When you enable encryption on EasySend, your files are encrypted directly in your browser before they are uploaded. The server only receives encrypted data that it cannot decrypt. This approach is called zero-knowledge encryption because the service has zero knowledge of your file contents.

The Encryption Process

1. You set a password when uploading files with encryption enabled.
2. Your browser derives an encryption key from the password using PBKDF2 with 100,000 iterations and a random salt.
3. Each file is encrypted using AES-256-GCM, a military-grade encryption standard used by governments and financial institutions worldwide.
4. The encrypted data is uploaded to the server. The password and encryption key never leave your device.
5. When the recipient downloads, they enter the password in their browser. The key is derived again locally and the file is decrypted on their device.

What Is AES-256-GCM?

AES-256-GCM is the Advanced Encryption Standard with a 256-bit key in Galois/Counter Mode. It provides both confidentiality (nobody can read the data without the key) and integrity (any tampering with the encrypted data is detected). AES-256 is approved by the U.S. National Security Agency for protecting classified information up to the Top Secret level.

What Is Zero-Knowledge?

Zero-knowledge means that EasySend cannot access your unencrypted files at any point. The encryption key exists only in your browser and the recipient's browser. If the server were compromised, an attacker would obtain only encrypted ciphertext that is computationally infeasible to decrypt without the password. Even EasySend staff cannot view encrypted file contents.

Encryption vs Password Protection

EasySend offers two separate security features that can be used independently or together:

• Password protection adds a server-side access gate. The password is hashed with bcrypt and verified on the server. This prevents unauthorized access but the server can still see the files.
• End-to-end encryption encrypts the actual file data. Even with server access, the files cannot be read without the password.

For maximum security, enable both encryption and password protection. Use a strong password with at least 12 characters including numbers and symbols.

Browser Compatibility

EasySend encryption uses the Web Crypto API, which is supported in all modern browsers including Chrome, Firefox, Safari and Edge. No browser extensions or plugins are required. The encryption runs entirely in JavaScript using native browser cryptography functions that are hardware-accelerated on most devices.